Wednesday, January 03, 2024

Who's Behind the Conti Ransomware Gang? - Part Two

In a series of blog posts I exposed the "The Top Management of the Conti Ransomware Group's Fashion and Charity Brands" including "Who's Behind the Conti Ransomware Gang" where I also offered an in-depth peek inside "The Conti Ransomware Gang and the Trickbot Cybercrime Enterprise XMPP's and Jabber Account IDs" where I also successfully applied for the Rewards for Justice program "Applying for the Rewards for Justice on the Conti Ransomware Gang Program" where I also published never-published or discussed before "New Images Courtesy of the Conti Ransomware Gang" including my Rewards for Justice Conti Ransomware Gang research compilation "Dancho Danchev's Rewards for Justice Conti Ransomware Gang Research and Analysis Compilation" which you can grab from here including my first Twitter Space on how I tracked down the Conti Ransomware Gang "My First Twitter Space on How I Tracked Down The Conti Ransomware Gang Using Real-Time OSINT" including to expose "Exposing Bentley and Liam From The Conti/Trickbot Malware Gang" including to publish never-published or discussed before Conti Ransomware Gang videos and images courtesy of the "The Conti Ransomware Gang" including to publish an additional set of never-published or released videos courtesy of the Conti Ransomware Gang "The Conti Ransomware Gang - Videos - Part Two" including to elaborate on some of my research in my "Rewards for Justice - Dancho Danchev" including to publish an additional set of "The Conti Ransomware Gang's OSINT Artifacts" including to also provide "A Compilation of Conti Ransomware Gang BitCoin Transaction IDs - An OSINT Analysis" including "A Compilation of Known Conti Ransomware Malicious Domains - An OSINT Analysis" including "A Compilation of Known Conti Ransomware Themed Malicious and Fraudulent MD5s - An OSINT Analysis" including "Exposing the Fashion Brands of the Conti Ransomware Group" including "Exposing the Trickbot Malware Gang - An OSINT Analysis" including "Exposing the Conti Ransomware Gang - An OSINT Analysis" including "A Compilation of Known Conti Ransomware Gang Malicious Executable Download Locations - An OSINT Analysis" including "Exposing the Conti Ransomware Gang - An OSINT Analysis" including "Rewards for Justice - Dancho Danchev" including "How to Take Down the Conti Ransomware Gang - A Practical And Relevant Case Study on Taking Down Cybercriminal Infrastructure - A Practical Example".

In this post I'll do a last round of elaboration into all the research efforts I've been putting into identifying core members of the Conti Ransomware Gang using their recently leaked internal communication publicly including to use exclusively OSINT for the purpose of successfully identifying key and core members of what appears to be a diversified cybercrime gang that has a pretty interesting way of distributing their fraudulently obtained income in the context of sponsoring and participating in fashion shows and other educational and music sponsorship efforts and campaigns on the Russian market supposedly using the stolen income that they've obtained using their ransomware tactics and techniques.

What I came up was the following a private teaching school a rap and hip-hop music label where we got some of the core Conti Ransomware Gang members doing their advertising creative and brochures next to doing their hardcore "upcoming" ransomware brand releases including several fashion and clothing brands where we once again have core members of the Conti Ransomware Gang doing their advertising and brochure creative.

The primary goal behind this post and analysis would be to elaborate as to the diverse nature of the members of the Conti Ransomware Gang in the context of having them involved in fashion music and teaching schools business and charitable initiatives in Russia supposedly using the stolen income which they obtained using their ransomware operation online.

It's also worth pointing out that this entire analysis including the OSINT analysis and the OSINT research and enrichment analysis is entirely based on the Conti Ransomware Gang's internal leaked communication and is done exclusively by me with some quite positive and confirmed results already.

Sample Conti Ransomware Gang image obtained using public sources based on the gang's internal leaked communication for a cover of a Russian Rap and Hip-Hop Artist and his album "Personality" apparently produced by the Conti Ransomware Gang's team members responsible for the advertising creative development for the gang

Based on my research and analysis the photo obtained using public sources based on the gang's internal leaked communication for a cover of a Russian Rap and Hip-Hop Artist and his album "Personality" belongs to the Russian rap and hip-hop artist known as Linkvill where we have members of the Conti Ransomware Gang producing their logos and advertising creative part of their portfolio.

Personally identifiable information for Evgeny Samsonov also known as Linkvill:

hxxp://vk.com/eugene_linkvill
hxxp://vk.com/artist/linkvill
hxxp://vk.com/linkvill_poetry
hxxp://www.youtube.com/channel/UC9fVu7UVgxBaCRz7RJD7DeQ

Sample personal photos of Evgeny Samsonov also known as Linkvill:























It also appears that Evgeny Samsonov also known as Linkvill whose album cover "Personality" was obtained using public sources and appears to be produced by members of the Conti Ransomware Gang who are responsible for creating the gang's advertising creative is also part of the Plastika Sound Boutique Ekaterinburg where we also have a second image courtesy of members of the Conti Ransomware Gang mentioning the Plastika music label.

Sample personally identifiable information for Plastika Sound Boutique Ekaterinburg:

hxxp://vk.com/plastika.space
hxxp://plastika.space
Address: улица Кирова, 9, Екатеринбург

Part of Plastika Sound Boutique Ekaterinburg are:

- Nikita Zharinov - born on 10th of January 2002
- Ice Costa - hxxp://vk.com/icecosta
- Alexey Plyushkin - born on 11th of April 1994


It gets even more interesting when we research a second image courtesy of the Conti Ransomware Gang which was once again obtained from their recently leaked internal communication.

Sample Conti Ransomware Gang image obtained using public sources based on the gang's internal leaked communication for a cover of a Russian Rap and Hip-Hop Artist Ice Costa apparently produced by the Conti Ransomware Gang's team members responsible for the advertising creative development for the gang

The image appears to be a second album cover once again produced by team members of the Conti Ransomware Gang responsible for advertising logos and advertising creative development this time by Ice Costa who is also a Russian rap and hip-hop artist who is also part of the Plastika Sound Boutique Ekaterinburg.

Sample photos of Ice Costa (hxxp://www.youtube.com/channel/UCJQmq6UIEYlDnrNSOzZC6dQ):

The original Ice Costa album cover which is greatly similar to the one produced by members of the Conti Ransomware Gang obtained using OSINT







Sample photos of Nikita Zharinov who is among the original founders of the Plastika Sound Boutique Ekaterinburg:




Sample photos of Alexey Plyushkin who is among the original founders of the Plastika Sound Boutique Ekaterinburg:


It appears that based on my OSINT analysis Alexey Plyushkin is the author of the original cover for Ice Costa's album which can be also found in Conti Ransomware Gang's internal leaked communication which means that he supposedly knows the actual team member of the Conti Ransomware gang that produced the advertising creative who also produced Evgeny Samsonov's (Linkvill) album cover.

Next we got three related images once again courtesy of the Conti Ransomware Gang's internal leaked communication this time for "Global School" teaching enterprise and for the Youla Land dance lessons school in Russia.

Sample photos include:



Sample personally identifiable information:

hxxp://school-global.ru

hxxp://youladance.ru

Sample photos:


Next we've got yet another photo of team members of the Conti Ransomware Gang once again based on their internal leaked communication mentioning Morenehost which is a well known bulletproof hosting provider.

Sample personally identifiable information:

Телефон: +373 775 96666
E-mail: info@morene.host
Skype: morene.host
Jabber: morene@jabber.morene.host
ICQ: 700812649 / 702647156
Telegram: @hostmorene
Viber: +373 775 96666
WhatsApp: +373 775 96666
Онлайн-чат: https://morene.host

No comments:

Post a Comment