Friday, October 29, 2021

Deep from the Trenches in Bulgaria! - Part Five

define:moronic

Thanks, but, no thanks.


Sample document courtesy of my homeland Bulgaria courtesy of Bulgarian Law Enforcement who kidnapped and home molested me and basically robbed me of $85,000 five years later after my illegal arrest and kidnapping attempt circa 2010:



Stay tuned!

- No comments:
Tags: , , , , ,

Profiling a Currently Active Brian Krebs Themed Online E-Shop for Stolen Credit Cards - An OSINT Analysis

I've recently came across to a pretty interesting Brian Krebs themed E-Shop for stolen credit cards information and I've decided to share with everyone actionable intelligence with the idea to assist everyone with their cyber attack attribution campaigns.

Sample related malicious domains known to have been involved in the campaign: 

hxxp://briankrebs.at

hxxp://briankrebs.cm


Stay tuned!

- No comments:
Tags: , , , , ,

Profiling the Omerta Cybercrime-Friendly Forum Community - An OSINT Analysis

In this post I've decided to share with everyone actionable intelligence regarding the infamous cybercrime-friendly forum community known as Omerta with the idea to assist everyone with their cyber attack attribution campaigns. 


Related personal emails known to have been involved in the campaign:

omerta.sup@gmail.com

suppa.sale@gmail.com


Sample related Omerta cybercrime-friendly forum domains known to have participated in the campaign:

hxxp://omerta.cc

hxxp://omerta.wf

hxxp://omerta.ws

hxxp://omerta.mn

hxxp://omerta.cx

hxxp://omerta.ms

hxxp://omerta.vc

hxxp://omertadns.biz

hxxp://cc101.biz

hxxp://omerta.vc

hxxp://omerta.mn

hxxp://monodsp.xyz

hxxp://gipertorrent.com

hxxp://securetheborder.us

hxxp://autorsite.com

hxxp://rtk.expert

hxxp://seoptex.com

hxxp://buybestdumps.biz

hxxp://buy-dumps-online.com

hxxp://7ap.biz

hxxp://buy-dumps-online.com

hxxp://mediation-plus-coaching.com

hxxp://2tracks.biz

hxxp://bestdumps.biz


Stay tuned!

- No comments:
Tags: , , , , , ,

Exposing "Moses Staff" Data Leaks Gang - An OSINT Analysis

I've recently came across to a currently active data leaks campaign launched by a newly formed hacking and data leaks group and I've decided to share with everyone an in-depth technical and relevant OSINT analysis with the idea to assist everyone with their cyber attack attribution campaigns.

Sample related domains known to have been involved in the campaign:

https://moses-staff.se

http://mosesstaffm7hptp.onion

https://t.me/Moses_staff_se

https://twitter.com/moses_staff_se


Sample related IPs known to have been involved in the campaign:

185.206.180.138

95.169.196.52





Stay tuned!

- No comments:
Tags: , , , , ,

Massive "Facebook Appeal" Themed Phishing Campaign Uses Google's Firebase Spotted in the Wild - An OSINT Analysis

I just came across to a currently active phishing campaign that's using Google's Firebase as a hosting infrastructure for the purpose of enticing users into falling victim into a rogue and fake "Facebook Appeal" themed phishing campaign.

You can check out my initial analysis at my official Dark Web Onion here as my initial post got censored by Google as it violates its Terms of Service.


Sample malicious and rogue phishing domains known to have been involved in the campaign:


hxxp://publicaccount-facebook-46956.web.app

hxxp://publicappeal-348239237392.web.app

hxxp://publicappeal-9344858302239.web.app

hxxp://publicappeal-facebook.web.app

hxxp://publicappeal-form-fb-copyright102872.web.app

hxxp://publicappeal-form-fb-copyright104352.web.app

hxxp://publicappeal-form-fb-copyright119275.web.app

hxxp://publicappeal-form-fb-copyright126776.web.app

hxxp://publicappeal-form-fb-copyright171651.web.app

hxxp://publicappeal-form-fb-copyright18251.web.app

hxxp://publicappeal-form-fb-copyright18258.web.app

hxxp://publicappeal-form-fb-copyright18274.web.app

hxxp://publicappeal-form-fb-copyright18275.web.app

hxxp://publicappeal-form-fb-copyright182755.web.app

hxxp://publicappeal-form-fb-copyright18721.web.app

hxxp://publicappeal-form-fb-copyright187265.web.app

hxxp://publicappeal-form-fb-copyright187285.web.app

hxxp://publicappeal-form-fb-copyright18762.web.app

hxxp://publicappeal-form-fb-copyright19285.web.app

hxxp://publicappeal-form-fb-copyright19827.web.app

hxxp://publicappeal-form-fb-copyright981725.web.app

hxxp://publicappeal-form-page-unpublish1897.web.app

hxxp://publicappeal-from-fb-copyright12352.web.app

hxxp://publicappeal-from-fb-copyright12857.web.app

hxxp://publicappeal-page-unpublish-1827589.web.app

hxxp://publicappeal-page-unpublish1107276.web.app

hxxp://publicappeal-page-unpublish118172861.web.app

hxxp://publicappeal-page-unpublish18275.web.app

hxxp://publicappeal-page-unpublish182758.web.app

hxxp://publicappeal-page-unpublish1827586.web.app

hxxp://publicappeal-page-unpublish1827588.web.app

hxxp://publicappeal-page-unpublish182759.web.app

hxxp://publicappeal-page-unpublish18278652.web.app

hxxp://publicappeal-page-unpublish1827890.web.app

hxxp://publicappeal-page-unpublish187-36ac4.web.app

hxxp://publicappeal-page-unpublish187265.web.app

hxxp://publicappeal-page-unpublish18769.web.app

hxxp://publicappeal-page-unpublish1906392.web.app

hxxp://publicbusiness-appeal-form-129862.web.app

hxxp://publicbusiness-appeal-form125921.web.app

hxxp://publicfacebookappeal110631.web.app

hxxp://publicfb-appeal-form-29997.web.app

hxxp://publicfb-appeal-form-70f46.web.app

hxxp://publicfb-appeal-form-791bd.web.app

hxxp://publicfb-appeal-form-8276f.web.app

hxxp://publichouse-h3.web.app

hxxp://publicpage-appeal-unpublish1253631.web.app

hxxp://publicproject-8595314475285305009.web.app

hxxp://publicrestriction-appeal-business128.web.app

hxxp://publicreview2024545897534.web.app


Stay tuned!

- No comments:
Tags: , , , , , , ,

From China With "Love" - Exposing the HKLeaks Propaganda Campaign - An OSINT Analysis

I've recently came across to a currently active information warfare operation propaganda campaign courtesy of China that somehow aims to successfully identify protesters using a variety of "leak" based Web sites.

In this analysis I'll provide actionable intelligence on the whereabouts of the individuals behind these campaigns and offer an in-depth technical discussion on their online whereabouts.

Based on a variety of publicly accessible sources including the use of  WhoisXML API's WHOIS database I've managed to find the following domains which are known to have been involved in the campaign including one personally identifiable email address which could lead to possible cyber campaign attribution campaigns.


Sample domains known to have been involved in the HKLeaks information warfare propaganda campaign:


hxxp://hkleaks.pk

hxxp://hkleaks.ru

hxxp://hkleaks.pk

hxxp://hkleaks.tj

hxxp://hkleaks.ml - Email: spiker@elude.in

hxxp://hkleaks.af

hxxp://hkleaks.cc

hxxp://hkleaks.pw

hxxp://hkleaks.kz

hxxp://hkleaks.kg


Sample email address accounts known to have been involved in the campaign:


hkleaks@yandex.com

hongkongmob@163.com

Hongkongmob@protonmail.com

hongkongmob@yandex.com

Sample responding IPs known to have been involved in the campaign:

185.178.208.132
185.178.208.152
96.126.123.244
194.58.112.174
45.33.18.44
45.33.23.183
72.14.178.174
186.2.163.203
45.33.20.235
72.14.185.43
173.255.194.134
45.79.19.196
186.2.163.140
45.56.79.23
186.2.163.60
186.2.163.7
45.33.2.79
186.2.163.210
198.58.118.167
185.53.177.31
45.33.30.197
186.2.163.216

Sample related photos from the HKLeaks information warfare online propaganda campaign:




Stay tuned!

- No comments:
Tags: , , , , ,
Subscribe to: Posts (Atom)