Sample Personally Identifiable XMPP/Jabber Accounts of the Gozi/Ursnif Malware Gang Team Members

Digging a little bit deeper into my ongoing research into various personally identifiable information such as for instance email address accounts and XMPP/Jabber account IDs belonging to cybercriminals I've decided to share a compilation of XMPP/Jabber account IDs known to belong to the Gozi/Ursnif malware gang team members with the idea to assist researchers vendors and organizations including U.S Law Enforcement on its way to properly track down monitor and prosecute the cybercriminals behind these campaigns.

Sample XMPP/Jabber account IDs known to have been involved in the campaign include:

newjabber@jabbim.com

cash@allinione.com

slark@jix.im

sypress@wwh.so

soft-rdp@xmpp.jp

merchant.official@xabber.de

merchant.official@jabbim.com

driesdtt@in.koderoot.net

npaplav000k@strong.pm

npaplav000k@xmpp.jp

cashsir@xmpp.jp

luke@allinione.com

nsky@allinione.com

adm@allinione.com

mrgreen@allinione.com

tech@jabber.belnet.be

jsminamr@openmailbox.org

mrlapis@exploit.im

airman@jabber.ru

neshpiter@jabbim.com

joke@blah.im

westup@codingteam.net

big@myempire.me

z@allinione.com

cuclusclan@allinione.com

mrgr@im.osmose-am.net

maracana777@exploit.im

daydate@im.apinc.org

scratch@jabber.belnet.be

cubon@thesecure.biz

mate@creep.im

nauthstuff@exploit.im

dozer@jabb.im

luke@suchat.org

mainqmac@jabber.cz

nadmin@pro-fi.net

nspacetex@jabber.cz

supp01@jabberx.biz

supp08@xmpp.jp

supp17@exploit.im

supp37@cock.li

puusycat@jabber.ru

info@albfrrame.com

nsupport_miloff@exploit.im

nmilano1@default.rs

aizoo-adv@thesecure.biz

tmtforlifeqazbey@xmpp.jp

greenman@jabber.belnet.be

mikluchamaklai@jabb.im

chromehearts@jabber.ru