Friday, February 05, 2021

FBI Shuts Down Radical Propaganda Online Web Sites - An OSINT Analysis


The U.S Department of Justice in direct cooperation with the FBI has recently shut down a network of propaganda Web sites courtesy of what appears to be the Liberty Front Press network.

In this post I'll provide actionable intelligence on the infrastructure behind the campaign and discuss in-depth the tactics techniques and procedures of the individuals behind it.

hxxp://ababil.org - Email: eric12shia@gmail.com; samirnet2@gmail.com; ababil.org; nassim@ababil.org - 185.51.8.92; 109.234.166.134; 104.28.15.191; 104.28.14.191

Related domains known to have participated in the campaign:

hxxp://ahtribune.com

hxxp://al-ahd.net

hxxp://al-naba.net

hxxp://albabylon.com

hxxp://aleppospace.com

hxxp://alghadeer.tv

hxxp://alharakah.net

hxxp://alhiwaraldini.com

hxxp://awdnews.com

hxxp://criticalstudies.org

hxxp://darinews.com

hxxp://elintelecto.com

hxxp://farhang-press.com

hxxp://harkarmusulunci.org

hxxp://iircenter.net

hxxp://iuvm-sy.net

hxxp://iuvmpixel.com

hxxp://jordan-times.com

hxxp://kelkeen.com

hxxp://kurdrudaw.com

hxxp://mediaadil.com

hxxp://roushd.com

hxxp://rpfront.com

hxxp://siampublic.com

hxxp://studiesaf.com

hxxp://syria-victory.com

hxxp://voiceofwadi.com

hxxp://yemenpress.org

Related domains known to have participated in the campaign:

hxxp://aftruth.com

hxxp://alhadathps.com

hxxp://alhadba.net

hxxp://almejlis.org

hxxp://almultaqaa.com

hxxp://altanzil.net

hxxp://bashiqa.com

hxxp://hindkhabar.com

hxxp://j-babel.com

hxxp://ksastudies.net

hxxp://hxxp://kurdestantimes.com

hxxp://libyaalmokhtar.com

hxxp://maghrebiyon.com

hxxp://masralkenana.com

hxxp://mediaadil.com

hxxp://voiceofwadi.com

Related emails known to have participated in the campaign:

abdullatifmansour@hotmail.com

aminbaik88@gmail.com

m.h.memo1992@gmail.com

walasr5@yahoo.com

moosavi.2010@gmail.com

iuvmdev@gmail.com

moosavi.2010@gmail.com

aminbaik88@gmail.com

jeddoub_21@yahoo.com

Related domains known to have participated in the campaign:

hxxp://adalah.com

hxxp://ababil.org

hxxp://aden-alyoum.com

hxxp://adentimes.net

hxxp://aftruth.com

hxxp://ageofpakistan.com

hxxp://ahtribune.com

hxxp://al-ahd.net

hxxp://al-hadath24.com

hxxp://al-naba.net

hxxp://al-sufia.com

hxxp://albabylon.com

hxxp://aleppospace.com

hxxp://alghadeer.tv

hxxp://alharakah.net

hxxp://alhiwaraldini.com

hxxp://almasirahpress.com

hxxp://almasirahtv.com

hxxp://alnaba.net

hxxp://alsudanalyoum.com

hxxp://altanzil.net

hxxp://atlaniccouncil.org

hxxp://awdnews.com

hxxp://beritadunia.net

hxxp://criticalstudies.org

hxxp://darinews.com

hxxp://elintelecto.com

hxxp://en.alghadeer.tv

hxxp://farhang-press.com

hxxp://gahvare.com

hxxp://getpanel.ir

hxxp://haghighah.com

hxxp://harkarmusulunci.org

hxxp://hindkhabar.com

hxxp://historiadepalestina.com

hxxp://hpiiran.com

hxxp://iircenter.net

hxxp://institutomanquehue.org

hxxp://iraqnewsservice.com

hxxp://irpowerweb.com

hxxp://iuvm-sy.net

hxxp://iuvm.org

hxxp://iuvmdaily.com

hxxp://iuvmdaily.net

hxxp://iuvmpixel.com

hxxp://iuvmpress.com

hxxp://iuvmsy.net

hxxp://iuvmtech.com

hxxp://iuvmtv.com

hxxp://jamekurdi.com

hxxp://jordan-times.com

hxxp://kelkeen.com

hxxp://kurdrudaw.com

hxxp://libertyfrontpress.com

hxxp://libyaalmokhtar.com

hxxp://mediaadil.com

hxxp://nilenetonline.com

hxxp://niletenonline.com

hxxp://nthnews.net

hxxp://pasargad.irandns.com

hxxp://pergiustizia.com

hxxp://puketnews.com

hxxp://qudspal.com

hxxp://raitunisia.com

hxxp://riolattj.com

hxxp://risolattj.com

hxxp://roushd.com

hxxp://rpfront.com

hxxp://rpfront.org

hxxp://rpfront.us

hxxp://sachtimes.com

hxxp://sepehrict.ir

hxxp://siampublic.com

hxxp://studiesaf.com

hxxp://syria-scope.com

hxxp://syria-victory.com

hxxp://theleadersnews.com

hxxp://usjournal.net

hxxp://voiceofwadi.com

hxxp://whatsupic.com

hxxp://yemaniate.net

hxxp://yemenpress.org

Stay tuned!

- No comments:
Tags: , , , ,

Can You Recognize These Guys?

Appreciate my rhetoric. 



Stay tuned!

- No comments:
Tags: , , , , , , ,

Rogue "Malware Spreading Security Researchers" Launch Malicious Social Engineering Campaign Against Legitimate Researchers - OSINT Analysis

Security researchers from Google have recently spotted and properly analyzed a currently circulation malicious software spreading social engineering driven malicious campaign that's actively interacting with legitimate researchers on social media and private channels for the purpose of tricking them into testing a newly discovered zero day flaw which in reality drops malware on the affected hosts and phones back to a C&C server potentially attempting to compromise the researchers in question.

Sample screenshots of the campaign currently in circulation:






Sample malicious MD5s known to have participated in the campaign:
MD5: 7fc2af97b004836c5452922d4491baaa
MD5: 6252cec30f4fb469aefa2233fe7323f8
MD5: 56018500f73e3f6cf179d3b853c27912
MD5: b52e05683b15c6ad56cebea4a5a54990
MD5: 9e9f69ed56482fff18933c5ec8612063
MD5: f5475608c0126582081e29927424f338
MD5: ae17ce1eb59dd82f38efb9666f279044

Stay tuned!
- No comments:
Tags: , , , , , , , , , ,

Dancho Danchev's Blog - Accepting Conference Invitations!

Dear blog readers,

I've recently came across to a high-profile study entitled "Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence" which is actually including my personal blog and is referencing me as a high-profile and valuable source of threat intelligence and cybercrime research and I've decided to touch base with my blog readers in terms of soliciting possible security event and security conference invitations where I can attend and make a presentation on a variety of topics.

Are you possibly somehow interested in having me attend your event and make a presentation on a hot topic? Approach me at dancho.danchev@hush.com

Stay tuned!

- No comments:
Tags: , , , , , , , , , ,
Subscribe to: Posts (Atom)