The power of OSINT and real-time OSINT which has been my methodology since December, 2005 when I originally launched this blog? Check out the following analysis courtesy of me which details in-depth who's behind the Conti Ransomware Gang and the Trickbot cybercrime enterprise using exclusively and entirely public sources of information in combination with my real-time OSINT methodology hence the results.
LiamNeeson@jabber.ru
arb_reserved@ubuntu-jabber.de
battletoad@jabbim.sk
begemot_sun@jabber.ru
crazy_digger@jabber.ru
gfh6776@jabb.im
ivanalert@jabber.ru
landslide@jabb.im
new_henry@jabber.cz
scopehope@jabb.im
ugly@1jabber.com
valerius2k@jabber.ru
vdx17@jabber.ru
337788@exploit.im
asteradminn@sure.im
benalen@exploit.im
bio@yax.im
crunch@exploit.im
daiverjm@exploit.im
dmanager@exploit.im
fuckUSAhahaha@exploit.im
fuckusa@exploit.im
gfh6776@jabb.im
goldcoin@exploit.im
jackiedugn@exploit.im
landslide@jabb.im
martiniden123@exploit.im
mr_loki@exploit.im
posi_tron@exploit.im
pravdazanami@exploit.im
rob0660@conversations.im
scopehope@jabb.im
soulst@exploit.im
time_t@exploit.im
trqa23rt@exploit.im
volhvb@exploit.im
yastreb@exploit.im
SamCodeSign@xmpp.jp
alieelu@xmpp.jp
baton@xmpp.jp
batono@xmpp.jp
benalien@xmpp.jp
cosm123@xmpp.jp
graddds@xmpp.jp
guliver@xmpp.sh
liamliam@xmpp.jpohmygod728@xmpp.jp
It gets even better with the recent OFAC sanctions that also mention several interesting email address accounts:
volhvb@mail.ru
volhvb@live.ru
volhvb@yandex.ru
volhvb@gmail.com
rfonin@gmail.com
mfonin@jabber.ru
tsarev89@gmail.com
megaprof@gmail.com
refflex@gmail.com
It gets even more interesting when we dig a little bit deeper and find related domain registrations associated with these email address accounts.
For instance we have hxxp://baikal-tour.su which is a travel agency and hxxp://kurochkina.com which is Ekaterina Kurochkina who is a fashion photographer currently known as Valentina Ushenina currently a training instructor at the PortDeBras company where we have the same domains registered by a known individual on the Conti Ransomware Gang's sanctions list (megaprof@gmail.com).
We also have a Google Play application (hxxp://play.google.com/store/apps/details?id=com.WSCards.RSP&&gl=US) that also points to (hxxp://finters.su) which stands for an international sports organization.
Personally identifiable information on Valentina Ushenina include:
Skype: valentinatigra
hxxp://vk.com/id3151577
Email: kyrochkina.sug@mail.ru; tkanikurik@yahoo.com
Sample photos of Valentina Ushenina include:
All known domains known to have been registered by megaprof@gmail.com include:
hxxp://artfreegallery.us
hxxp://artfreegallery.com
hxxp://kurochkina.com
hxxp://s23.su
hxxp://baikal-tour.su
hxxp://finters.su
All known domains known to have been registered by tsarev89@gmail.com include:
hxxp://art-deko.biz
hxxp://serpwomanhealth.info
hxxp://avtofortuna.info
hxxp://knigodvor.info
hxxp://alkommet.com
hxxp://art-deko.info
No comments:
Post a Comment