Monday, June 27, 2022

Exposing an Indian Police Spyware Cyber Operation that Fabricated Evidence on the PCs of Indian Activists - An OSINT Enrichment Analysis

This is what happens when you're cheap. Guess which are the major IoCs (Indicators of Compromise) in this cyber attack campaign featured on Wired.com? Keep reading this OSINT enrichment analysis and find out the actual true Indicators of Compromise.

Sample Gmail accounts known to have been involved in the campaign include:

jagdish.meshraam@gmail.com

drsnehapatil64@gmail.com

sinhamuskaan04@gmail.com

jennifergonzales789@gmail.com

payalshastri79@gmail.com

Sample malicious domains known to have been involved in the campaign:

researchplanet.zapto.org

socialstatistics.zapto.org

duniaenewsportal.ddns.net

Sample domain registrant email address accounts known to have been involved in the campaign include:

harpreet.singh1984@yahoo.com

marlenecharlton@outlook.com

abadaba@eml.cc

REUBEN123@RISEUP.NET

Related malicious domains known to have been involved in the campaign include:

hxxp://greenpeacesite.com

hxxp://new-agency.us

hxxp://chivalkarstone.com

hxxp://newmms.ru

hxxp://gayakwaad.com

hxxp://bbcworld-news.net

hxxp://newsinbbc.com

Sample responding IPs for known malicious domains known to have been involved in the campaign:

208.48.81.179

36.86.63.182

64.15.205.100

64.15.205.101

198.105.254.11

167.160.46.164

208.48.81.134

209.99.40.223

185.205.210.23

5.1.82.106

69.195.129.70

69.195.129.72

104.239.213.7

146.112.61.106

52.4.209.250

141.8.224.134

216.120.146.200

141.8.224.126

192.154.103.67

34.246.254.156

72.52.179.174

199.59.242.153

199.59.243.220

199.59.240.200

75.2.122.238

217.26.70.230

192.64.147.152

103.254.155.203

208.73.211.250

8.5.1.33

91.217.90.201

166.78.106.200

98.124.245.24

146.148.34.125

8.5.1.49

54.210.47.225

109.236.90.147

199.191.50.21

199.59.243.200

185.82.202.155

185.117.66.188

185.117.74.47

185.117.74.28

185.45.193.14

Sample malicious MD5s known to have been involved in the campaign include:

619c707672fc36279f7983f95387e5fdcaff56c58620b23e6dc47dd200add9b7

7533597d2ed0a0e2b981ae1b0d79a37d5343fe790bc3116e036b9b8f3d6b3fe8

22d72a14a1c9837d1c57b9393e88dee4cf21a98eb446008393ac04afa3edc712

5d28df67b12a990af0300120747c8606604c22c6959d31c8706ff8040175414a

18f9e34af21f5b5186e4c6367b86d268fcf0ec41e0879d06bbb9d0ef5c4dc3a2

4dbb14ff2836733b34594956c4234d2a54c04257710dd31a0884b1926d35d7bc

e179f03dd608b090bec933fa62d3714b6deda6c1629eec6bf82f2df55aa22307

e6da12f819a7f50608b1f6a16f1dd6c08c906cd060244cbb1e5b0eb9ab5e75b5

828de55ffbfb1c1b6ffcbb56b838486dbaecc9b41a0d111fcca290978ed05e95

76970287697bb7601970bcd5d5cfa60e1c6558b60046501b885d203eda9c9b44

99131b4fdedbf01721eed38ad685a305140feb73a6d0fb8cc48f1fad3143be92

221dde812ab1c734cd308da2ed8ead6033c6772864d383317fa2526a58e803ae

f6b4f5f05907caf6eaf58109500144d69a798f177f6ac3cb32648fadb304192c

5ede813e52c325fec54d1d8cb9e6b63118f64fce0585c1da4263cbf4a00e1651

4fbb41eefb0e8a99417c855038bd7c89cc3190c07e0d4b4106d8ddbcf2634774

94fa3ff2ef14ae0fcd461c89f90deae5ed6417a238ec5131ef6cb80400de0586

261f13f9e6d08869b41dca972016f177e1cefada9155d806a18f590c3f487a5f

ca2f1df3639a5b5896d98aa70eb68507abf1cea6aba8fe054671cdd0711faf9e

095ec879f323a0a3eceb97013125880d49ac701eef568e3b010fdddb1333941f

11cef331557eb693e718d27b6a7211a98d3982117a03ec1491db8098ea3cec00

16b5c74fb55f52ae0ae4328f65b2bf3bbe3e5ee34268c1d32a247a0a1dfa3186

21d24e08889f75461a7ce6f21fc612a701bca35da1a218cf3cdd6e23f613bb4d

31a3e3aba03b553d0f23f10b06ade30ae053cd667a8cc9660f310705ee471b68

5a4aca57541954195953066a4be96dfb19776ba099d72f8f1d3677581594606e

88b92d985b7d616c93c391731c1e4a6d3c8323fdcbf31cfc4d340e27253913a7

ac4d5d938009fd44b2f7587986862ab2278887a17d32f748278445b625b3efd9

b09ca9d48a0455ed5e02a56aabeb397c41fb63320244719749e0741da72e79c4

b1b6e133aa320669c772ec7e5fd6fbe4cb3edca13ad5351f14df3c1f13939d09

de302a61e5f07b0e65753355d44d22181a2742ac3a92aa058bdcd00cc4dab788

e3dea449bf74434ee1c9cdc04ca68b8f3c9bac357768e07df303433f257d3b9a

ea5f37e1feab670171963aa83b235c772202b2d4bb7289dd45302c3851dbd6f9

Stay tuned!

- No comments:

DDanchev is for Hire! - Who Wants to Hire Me in Europe?

Folks, 

After a decade of fighting bad guys I've decided to finally look for a way to relocate and begin a fresh start in my professional security blogger/cybercrime researcher/OSINT analyst and threat intelligence analyst career path by seeking a permanent position anywhere in Europe from anyone who's interested in directly hiring me and offering relocation and accommodation assistance on a short notice where I can basically relocate and begin the position without a period of three days prior to signing a contract and receiving the necessary relocation and accommodation assistance and let's not forget that someone should meet me at the airport and say hi.

The current situation:

- I'm based in Bulgaria holding a Bulgarian citizenship

- I'm willing to relocate anywhere in Europe for a security blogger/cybercrime researcher/OSINT analyst and threat intelligence analyst position

- I work primary using email which is dancho.danchev@hush.com where you can reach me 24/7 and expect a brief response three hours prior to sending your message

- My CV is available as PDF here and here's my LinkedIn Profile just in case you need it for anything

My requirements:

- I need only a direct hire proposition where you're 100% sure that you're interested in working with me

- I need a contract in advance before I travel on a short notice approximately three days prior to signing the contract

- I need relocation assistance in the form of an airplane ticket including accommodation assistance where I need a place to crash work and live in your country

How to approach me:

Send me an email at dancho.danchev@hush.com and I'll shortly get back to you to discuss

Looking forward to receiving your email. Let's make this happen!

- No comments:

Shots from the Wild West - Sample Compilation of RATs (Remote Access Tools) and Trojan Horses Screenshots - An OSINT Analysis

Dear blog readers,

Find attached a second portfolio of photos obtained while doing my research back in 2010. Enjoy and don't forget to grab a copy of my memoir here including to catch up with my latest research here.




























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Stay tuned!

- No comments:
Subscribe to: Posts (Atom)