Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Exposing the Darkode Forum Bust and the Associated Individuals Behind It - Or How I Almost Got Kidnapped?

Saturday, October 30, 2021

Exposing the Darkode Forum Bust and the Associated Individuals Behind It - Or How I Almost Got Kidnapped? - An OSINT Analysis

I've decided to share with everyone an in-depth analysis and assessment using public sources that basically exposes key members of the Darkode forum community who actually ordered a hitman for me for the price of $10,000 back in 2010 prior to my illegal arrest and kidnapping attempt.

In this post I'll provide actionable intelligence on their online whereabouts with the idea to assist U.S Law Enforcement on its way to track down monitor and prosecute the cybercriminals behind these campaigns.

Sample Darkode forum domains active at the time:

hxxp://darkode.com - briankrebson@gmail.com

hxxp://darkode.pro

hxxp://darkode.com

hxxp://darkode.me

hxxp://darkode.cc

hxxp://darkode.su - Email: ctouma2@gmail.com

Sample names of key members of the Darkode forum community:

Johan Anders Gudmunds

Morgan C Culbertson

Eric L Crocker

Naveed Ahmed

Phillip R Fleitz

Dewayne Watts

Murtaza Saifuddin

Daniel Placek

Matjaz Skorjanc

Florencio Carro Ruiz

Mentor Leniqi

Rory Stephen Guidry - k@exploit.im

Sample personally identifiable information on key members of the Darkode forum community:

hotcoffeecup@jaim.at

s3x@neko.im

Arcore@jabber.org

sana@thesecure.biz

silic0n@jabber.org

split@thesecure.biz

ihack@thesecure.biz

systro@jabber.org

mafioso@xmpp.jp

zer0day@xmpp.jp

c4rl0s@jabber.ru

ipwn@cih.ms

h0tsh0t@jodo.im

jumbie@jabber.ru

off-sho.re@jabber.vc

x0x@jabba.biz

bestkrypt@rkquery.de bestkrypt - Email: annabellablibgs@hotmail.com - Email: apetrovskiy@evermail.org

elzig@exploit.im

na@exploit.im

m3gatr0n@jabber.ru

nassef@thesecure.biz

teardrop@swissjabber.ch

gamoonty@xmpp.jp

mojitka@jabber.org

the_bond@jabber.org

rzor@jabber.org

x47@xmpp.jp

mrborisb@xmpp.jp borisb

RG.JR9@thesecure.biz

zigma@jabber.org

propack@neko.im

dilibau@qip.ru

r3vproxy@jabber.org

synthetic@exploit.im

ling0@jabber.ru

Including the following C&C domains that were registered at the time:

upaskitv1.org - Email: jgou.veia@gmail.com

xylibox.biz

krebsonsecurity.biz

upaskitversion1.biz

stevenk.biz

briankrebs.biz

upaskit1.biz

researchsecurity.biz

securityresearch.biz

amatrosov.biz

Related C&C server domains that are known to have been registered at the time:

upasdomination.ru

exposedbotnets.ru

researchsecurity.biz

Related C&C server domains known to have been registered at the time:

hfgfr56745fg.com - 80.82.66.204

Sample personal photos of key members of the Darkode forum community that were basically responsible for ordering a hitman to look for me for the price of $10,000 and actively communicated between each other during my disappearance and kidnapping attempt:

Stay tuned!

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Saturday, October 30, 2021

Exposing the Darkode Forum Bust and the Associated Individuals Behind It - Or How I Almost Got Kidnapped? - An OSINT Analysis

No comments:

Post a Comment