Monday, October 31, 2022

A Peek Inside the Earnings4u Managed Malware Distribution Service - An Analysis

Dear blog readers,

I've decided to offer an in-depth inside peek inside the Earnings4u managed malware distribution service circa 2010 with the idea to raise awareness on the ease of use and the actual trend where novice and experienced botnet masters can easily acquire the necessary seed population in terms of purchasing access to malware infected hosts which could be further used to spread their malicious software campaigns including spam and phishing campaigns.

With managed affiliate-network based revenue sharing schemes continuing to proliferate it shouldn't be surprising that more cybercriminals are actually looking for ways to monetize access to their acquired through blackhat SEO including various other rogue and fraudulent techniques traffic including users who would be interested in offering managed and centralized ways for spreading other cybercriminal's malicious releases in a systematic and efficient way leading to today's modern cybercrime ecosystem reality where both novice and experienced cybercriminals rely on rogue and malicious affiliate-network based revenue sharing schemes for both revenue generation and the spreading of malicious software.

Sample screenshots include:






Stay tuned!

A Peek Inside a Russian Web-Based Managed Spam Service - An Analysis

With spam continuing to proliferate globally that also includes the use of spam for serving malicious software largely populating a variety of botnets on a daily basis including the ever-growing use of client-side exploits for the purpose of affecting hundreds of thousands of users on a daily basis I've decided to take a peek inside a Russian-based managed spam service that let's users launch massive and widespread spam campaigns in a DIY (do-it-yourself) fashion.

 Sample screenshots include:





Stay tuned!

Profiling a Russia-Based Bulletproof Hosting Provider - An Analysis







It should be clearly noted that in today's modern cybercrime ecosystem which is largely driven by the existence of bulletproof hosting providers which basically either ignore abuse notifications or on purposely launch rogue and fraudulent online hosting operations using their own resources or in combination with cloud-based service providers who unknowingly participate in such type of fraudulent and rogue bulletproof hosting schemes including actual malicious software spam and botnet C&C hosting we've continuing to observe an increase in the overall volume of these providers where we're also witnessing their use by both novice and experienced cybercriminals where the ultimate goal would be to increase the average time it takes for vendors organizations and researchers to take offline their rogue fraudulent and malicious campaigns.

In this post I'll discuss several of the high-profile bulletproof hosting providers that were active circa 2010 and I'll provide some actionable intelligence on the infrastructure behind them with the idea to assist everyone in their cyber attack and cyber campaign attribution efforts.
Sample screenshots include:





Related bulletproof hosting providers that were active back in 2010 include:
hxxp://securehost.com
hxxp://ccihosting.com
hxxp://wrzhost.com
hxxp://underhost.com
hxxp://shinjiru.com
hxxp://offshorehosting.com
hxxp://offshoreracks.com
hxxp://hostimizer.com
hxxp://zentek-international.com
hxxp://anonhoster.com
hxxp://webcare360.com
hxxp://altushost.com
hxxp://anonymoushosting.org
hxxp://nodmca.nl
hxxp://goip.com
hxxp://serverslease.net
hxxp://e-investhost.com
hxxp://eukhost.com
hxxp://adulthosting.com
hxxp://webhostingchoice.com
hxxp://adulthostingservers.com
hxxp://hostsearch.com
hxxp://adult-host.ru
hxxp://layeredlink.ru
hxxp://xlhost.ru
hxxp://park-web.ru
hxxp://web750.com
hxxp://cirtexhosting.com
hxxp://wlw.su
hxxp://warez-host.com
hxxp://abuzhost.ru
hxxp://peterhost.ru
hxxp://fastvps.ru

Stay tuned!

Do You Want to Become Guest Blogger or Post a Guest Post Here?

Dear blog readers,

Are you interested in becoming a Guest Blogger or post a Guest Post on the topic of cybercrime research OSINT threat intelligence gathering malicious software and botnet research including anything related to information security in terms of a Guest Post or to actually becoming a full-time Guest Blogger at my personal blog?

Drop me a line at dancho.danchev@hush.com to discuss.

Stay tuned! 

Dancho Danchev's Vlog - Psychedelic Reality Session - YouTube Video - An Analysis

Dear blog readers,

I've decided to share with everyone one of my most recent YouTube videos which is basically a "Psychedelic Reality" short mix with the idea to say big thanks to everyone for following me and that I'll continue to post high-quality research and posts here.

Enjoy!


Stay tuned!

Dancho Danchev - Official Come Back - YouTube Video - An Analysis

Dear blog readers,

I've decided to share with everyone an official Come Back video with the idea to signal the fact that I'm indeed back online doing research and that I wanted to say big thanks to everyone for following me.

Enjoy!



Stay tuned!

Dancho Danchev SecondEye Solutions - YouTube Maltego Demonstration - An Analysis

Dear blog readers,

I've decided to share with everyone my SecondEye Solutions Maltego training video with everyone with the idea to assist everyone in their cyber attack and cyber campaign attribution efforts.

Enjoy!



Stay tuned!

Dancho Danchev InFraud Organization - YouTube Maltego Demonstration - An Analysis

Dear blog readers,

I've decided to share with everyone my InFraud organization analysis Maltego training video with the idea to assist everyone in their cyber attack and cyber campaign attribution efforts.

Enjoy!




Stay tuned!

Dancho Danchev Speaks! - YouTube Video Presentation - An Analysis

Dear blog readers,

I've decided to share with everyone my "Dancho Danchev - Speaks!" introduction video where I did my best to elaborate more on my experience and expertise in the field throughout the years.

Enjoy! 



Stay tuned!

Dancho Danchev's "Exposing the Koobface Botnet" - YouTube Video Presentation - An Analysis

Dear blog readers,

I've decided to share with everyone my Keynote at CyberCamp 2016 on tracking down and monitoring the Koobface botnet.

Go through the related posts here

Enjoy!


Stay tuned!

Saturday, October 29, 2022

Thank You For Following Me!

Dear blog readers,

I wanted to take the time and effort and say big thanks to everyone who's been following my work throughout the years and continues to do so. Full video here. My RSS feed here.


Stay tuned!

Exposing A E-Shop for Selling Access to Compromised PCs - An Analysis

NOTE:

I took these screenshots in 2009.

Dear blog readers,

I've decided to share with everyone some screenshots of a E-Shop for selling access to compromised PCs.

Largely thanks to a variety of built-in botnet management and control features today's modern botnet masters are fully capable of renting or offering access to malware-infected hosts which could be used for a variety of purposes which include the hosting of rogue and malicious content including the actual use of these hosts to further spread malicious software largely thanks to a variety of segmentation features currently available in a variety of high-profile malicious software and botnet releases.

Sample screenshots include:














Stay tuned!

Exposing a Compilation of Stolen Credit Cards Selling Domains - An Analysis

Dear blog readers,

I've decided to share with everyone a currently active portfolio of E-Shops selling access to stolen credit cards including the necessary technical information to assist everyone in their cyber attack and cyber campaign attribution efforts. 
Sample screenshot includes:


Sample domains known to have been involved in the campaign include:

hxxp://ccgetmoney.com
hxxp://cvvshop.in
hxxp://cvvshop39.com
hxxp://evilshop.org
hxxp://shopccdumps.com
hxxp://trackgenerator.com
hxxp://validforver.com
hxxp://zunostores.com
hxxp://novlops.com
hxxp://pawnsh0p.com
hxxp://privatecvv.com
hxxp://privateshop1.com
hxxp://privateshop2.com
hxxp://selldumpsshop.com
hxxp://allmybins.com
hxxp://anyccard.com
hxxp://bases-valid.com
hxxp://batch-conf.com
hxxp://yalelodge.com
hxxp://vietnamworm.com
hxxp://freshcvv.com
hxxp://good-cvv.com
hxxp://dumpschecker.com
hxxp://jshop-pro.com
hxxp://dumpscvv2.com
hxxp://trdbz.com
hxxp://cyberxsh0p.net
hxxp://validmarket.biz
hxxp://cvvhack.com
hxxp://bulkcvv.com

Sample personally identifiable email address accounts known to have been involved in the campaign include:
greg2022@mail.ru
philmahre1989@gmail.com

Sample screenshots include:











Sample responding IPs known to have been involved in the campaign include:
hxxp://92.53.77.40
hxxp://92.223.105.218
hxxp://47.254.213.246
hxxp://49.51.135.48
hxxp://78.155.206.161
hxxp://149.129.136.245
hxxp://47.74.235.179
hxxp://92.38.135.246
hxxp://149.129.136.150
hxxp://149.129.225.92
hxxp://37.60.177.31
hxxp://194.87.103.196
hxxp://185.162.131.59
hxxp://149.129.223.249
hxxp://161.117.7.46
hxxp://46.21.248.49
hxxp://47.91.72.137
hxxp://185.185.69.33
hxxp://119.28.41.158
hxxp://85.193.85.119
hxxp://92.53.66.13
hxxp://47.74.176.216
hxxp://95.163.250.153
hxxp://47.74.236.158
hxxp://95.213.252.108
hxxp://49.51.192.130
hxxp://178.154.240.197
hxxp://172.67.144.190
hxxp://27.102.118.142
hxxp://80.87.97.201
hxxp://149.129.219.23
hxxp://185.158.152.31
hxxp://49.51.35.225
hxxp://35.198.119.28
hxxp://108.177.235.227
hxxp://193.187.128.60
hxxp://47.74.186.197
hxxp://92.53.77.90
hxxp://149.129.215.190
hxxp://47.74.137.231
hxxp://45.149.222.144
hxxp://185.167.98.134
hxxp://104.165.20.149
hxxp://47.52.233.0
hxxp://45.34.127.236
hxxp://95.213.252.3
hxxp://143.110.176.81
hxxp://47.88.156.38
hxxp://46.21.249.114
hxxp://159.65.94.111
hxxp://185.223.163.129
hxxp://185.224.212.24
hxxp://185.162.131.61
hxxp://119.28.137.123
hxxp://49.51.85.205
hxxp://194.116.216.254
hxxp://5.188.89.114
hxxp://5.188.89.22
hxxp://194.87.235.166
hxxp://92.38.135.251
hxxp://172.104.104.241
hxxp://95.213.203.64
hxxp://45.63.40.156
hxxp://149.129.216.197
hxxp://47.88.231.35
hxxp://78.155.207.76
hxxp://138.68.70.125
hxxp://185.142.239.239
hxxp://85.119.150.130

Related domains known to have been involved in the campaign include:

hxxp://stdumps.com
hxxp://shopcvvonline.ru
hxxp://golddumps.net
hxxp://hitbtctrading.com
hxxp://try2swipe.shop
hxxp://dumps-cvv.ru
hxxp://dumps-market-cvv.ru
hxxp://carderunion.ru
hxxp://cvv-carder-shop.ru
hxxp://greatdumps.net
hxxp://cvvunion.su
hxxp://dumps55.com
hxxp://okcoin-exchange.com
hxxp://dumpsmall.com
hxxp://vaildcc.su
hxxp://dumpsmall.name
hxxp://cardingmafia.su
hxxp://freshtools.ru
hxxp://http-mshop-metro-cc-ru-shop-authloading.ru
hxxp://cvv-shop.online
hxxp://dumps4free.ru
hxxp://cvvbuyonline.ru
hxxp://n1shop.net
hxxp://cardersvilla.com
hxxp://stdumps.net
hxxp://validcvv.club
hxxp://sellcvv.shop
hxxp://vaultmarket.name
hxxp://swiped1.ru
hxxp://store-best-dump.ru
hxxp://shop-forum-carder.ru
hxxp://carder007.shop
hxxp://crimenetwork.club
hxxp://cvvonlineshops.com
hxxp://verifiedshop.su
hxxp://onlinecvv.ru
hxxp://shalom.pro
hxxp://dump99.com
hxxp://bestcardersforum.ru
hxxp://smartstripe.ru
hxxp://dumps-cvv-market.ru
hxxp://zzxqsc.cn
hxxp://cardingmaestro.com
hxxp://cykkk.com
hxxp://c4rdforallove.com
hxxp://center-vinyl.ru
hxxp://cvvonlineshop.ru
hxxp://cvvshop39.com
hxxp://pack-relocation.com
hxxp://evilshop.org
hxxp://shopccdumps.com
hxxp://trackgenerator.com
hxxp://validforver.com
hxxp://xakerforum.ru
hxxp://legitvendors.su
hxxp://e-obmen.su
hxxp://cardersvilla.ru
hxxp://kimoyo.net
hxxp://prtship-forum.ru
hxxp://ccguru.su
hxxp://dpscc.ru
hxxp://ccgetmoney.com
hxxp://bulkcvv.com
hxxp://cvvshop.in
hxxp://carders-place.com
hxxp://vault-dumps.com
hxxp://cvv2shop.su
hxxp://cproforum.com
hxxp://vppspy.com
hxxp://binswork.biz
hxxp://valid4you.com
hxxp://realjabba.com
hxxp://cardstorm.ru
hxxp://globalccsource.ru
hxxp://ccshoponline.com
hxxp://rafanji.com
hxxp://tonyblack.ru
hxxp://market-dumps-cvv.ru
hxxp://allcarders.info
hxxp://mgmt.niii.in
hxxp://cvvshop39.ru
hxxp://pp24.su
hxxp://approvedcc.com
hxxp://infraud.ws
hxxp://ios.z6xg.cn
hxxp://fraudsmarket.com
hxxp://verifiedcarder.com
hxxp://validfullz.info
hxxp://store-carder-cvv.ru
hxxp://promarket.ws
hxxp://blackamex.ru
hxxp://shopadmin.ru
hxxp://feshop-one.su
hxxp://dumpscheck.ru
hxxp://card-room.cc
hxxp://ccfullz.su
hxxp://dumpschecker.com
hxxp://swipers.ru
hxxp://101blackcard.com
hxxp://stardumps24.ru
hxxp://dumpscvv2.com
hxxp://hackerimpossible.su
hxxp://verifieddumpsshop.ru
hxxp://track2.su
hxxp://worldcvv.com
hxxp://mafiastore.su
hxxp://trdbz.com
hxxp://jnpsgo.bar
hxxp://cyberxsh0p.net
hxxp://vt-professional.com
hxxp://batch-conf.com
hxxp://brocard1.com
hxxp://yalelodge.com
hxxp://verifiedshop.biz
hxxp://vietnamworm.com
hxxp://mymarket.su
hxxp://cc-best.top
hxxp://verifed-cardershop.top
hxxp://fercoamildhubti.cf
hxxp://onlineq-track.top
hxxp://goldplastic.store
hxxp://infraud.name
hxxp://geobiniri.tk
hxxp://kingscard.su
hxxp://validmarket.biz
hxxp://cvvhack.com
hxxp://sellccvs.ru
hxxp://dumpscvvmarket.ru
hxxp://thugcarders.com
hxxp://valid-shop.com
hxxp://shopvl.net
hxxp://ccplaza.club
hxxp://diamonddumps.com
hxxp://lswjsdcf358.com
hxxp://sellz-market.ru
hxxp://approved1.net
hxxp://legitcarders.com
hxxp://darknetw0rk.ru
hxxp://oroboros.su
hxxp://freshstuff.cc
hxxp://bitkonan.net
hxxp://sellz-market.org
hxxp://crimemarket.su
hxxp://myccroom.ru
hxxp://cvv1.me
hxxp://sounic.cc
hxxp://codesellz.com
hxxp://dcshop.su
hxxp://free-cc-dumps.ru
hxxp://brocard2.com
hxxp://zhilem.com
hxxp://pawnsh0p.com
hxxp://kairui999.com
hxxp://privateshop1.com
hxxp://privatecvv.com
hxxp://just-valid.com
hxxp://selldumpsshop.com
hxxp://allmybins.com
hxxp://anyccard.com
hxxp://zunostores.com
hxxp://novlops.com
hxxp://good-cvv.com
hxxp://jshop-pro.com
hxxp://storecardercvv.ru
hxxp://fe-dumps.ru
hxxp://banalitybiz.com
hxxp://privateshop2.com
hxxp://moneyteam24.ru
hxxp://buyvalidcvv.ru
hxxp://bases-valid.com
hxxp://freshcvv.com
hxxp://greatdump.com
hxxp://www.2bcd.su
hxxp://shop-buying-cvv-online.com
hxxp://cvvshopvalid.info
hxxp://realcvvshop.ru
hxxp://wucshop.com

Stay tuned!