The Conti Ransomware Gang and the Trickbot Cybercrime Enterprise XMPP's and Jabber Account IDs

The power of OSINT and real-time OSINT which has been my methodology since December, 2005 when I originally launched this blog? Check out the following analysis courtesy of me which details in-depth who's behind the Conti Ransomware Gang and the Trickbot cybercrime enterprise using exclusively and entirely public sources of information in combination with my real-time OSINT methodology hence the results.

Sample XMPP and Jabber account IDs include:

LiamNeeson@jabber.ru

arb_reserved@ubuntu-jabber.de

battletoad@jabbim.sk

begemot_sun@jabber.ru

crazy_digger@jabber.ru

gfh6776@jabb.im

ivanalert@jabber.ru

landslide@jabb.im

new_henry@jabber.cz

scopehope@jabb.im

ugly@1jabber.com

valerius2k@jabber.ru

vdx17@jabber.ru

337788@exploit.im

asteradminn@sure.im

benalen@exploit.im

bio@yax.im

crunch@exploit.im

daiverjm@exploit.im

dmanager@exploit.im

fuckUSAhahaha@exploit.im

fuckusa@exploit.im

gfh6776@jabb.im

goldcoin@exploit.im

jackiedugn@exploit.im

landslide@jabb.im

martiniden123@exploit.im

mr_loki@exploit.im

posi_tron@exploit.im

pravdazanami@exploit.im

rob0660@conversations.im

scopehope@jabb.im

soulst@exploit.im

time_t@exploit.im

trqa23rt@exploit.im

volhvb@exploit.im

yastreb@exploit.im

SamCodeSign@xmpp.jp

alieelu@xmpp.jp

baton@xmpp.jp

batono@xmpp.jp

benalien@xmpp.jp

cosm123@xmpp.jp

graddds@xmpp.jp

guliver@xmpp.sh

liamliam@xmpp.jp

ohmygod728@xmpp.jp

It gets even better with the recent OFAC sanctions that also mention several interesting email address accounts:

volhvb@mail.ru

volhvb@live.ru

volhvb@yandex.ru

volhvb@gmail.com

rfonin@gmail.com

mfonin@jabber.ru

tsarev89@gmail.com

megaprof@gmail.com

refflex@gmail.com

It gets even more interesting when we dig a little bit deeper and find related domain registrations associated with these email address accounts.

For instance we have hxxp://baikal-tour.su which is a travel agency and hxxp://kurochkina.com which is Ekaterina Kurochkina who is a fashion photographer currently known as Valentina Ushenina currently a training instructor at the PortDeBras company where we have the same domains registered by a known individual on the Conti Ransomware Gang's sanctions list (megaprof@gmail.com).

We also have a Google Play application (hxxp://play.google.com/store/apps/details?id=com.WSCards.RSP&&gl=US) that also points to (hxxp://finters.su) which stands for an international sports organization.

Personally identifiable information on Valentina Ushenina include:

Skype: valentinatigra

hxxp://vk.com/id3151577

Email: kyrochkina.sug@mail.ru; tkanikurik@yahoo.com

Sample photos of Valentina Ushenina include:

All known domains known to have been registered by megaprof@gmail.com include:

hxxp://artfreegallery.us

hxxp://artfreegallery.com

hxxp://kurochkina.com

hxxp://s23.su

hxxp://baikal-tour.su

hxxp://finters.su

All known domains known to have been registered by tsarev89@gmail.com include:

hxxp://art-deko.biz

hxxp://serpwomanhealth.info

hxxp://avtofortuna.info

hxxp://knigodvor.info

hxxp://alkommet.com

hxxp://art-deko.info

Stay tuned!