Since 2021 as a part of an in-house research and capability building project we’ve been collecting tons of publicly accessible only cybercrime forum information data where we aimed at building the actual volume for this project which currently amounts to 1.5TB of actionable intelligence on current and historical cybercrime and cybercriminal activity where we aim to provide an in-depth analysis in an upcoming set of white papers on the topic of the current and global and current and emerging state of cybercrime globally including to provide as much qualitative and quantitative including in-depth and relevant technical details on their malicious and fraudulent activity online where our primary goal would be to assist fellow researchers vendors and organizations including Law Enforcement on its way to improve their situational awareness in the field and to build their analysis capabilities by providing them with an in-depth overview including the big picture and all the relevant connect the dots research and analysis in our upcoming set of white papers.
In this analysis I'll discuss in-depth a IRC botnet that I came across using the original 1.5TB of actionable intelligence data set that I've been working on since 2021.
Sample personally identifiable email address account known to have been involved in the campaign includes:
breng_me_do[.]live.nl
Sample domains:
hxxp://mboost.su
hxxp://verify-security-settings.su
hxxp://kei.su
hxxp://paypalobjects-com-nl-secure-verify-cmdflowsession.net
hxxp://x1x2.su
Related domains:
hxxp://e2b3.org
hxxp://c1d2.org
hxxp://x1ua.org
hxxp://r00n.org - Email: trainerlouise[.]yahoo.com
hxxp://n0ur.org
hxxp://m4r4.org
Related MD5s known to have phoned back to these domains include:
978f87f1cdbd13b571a8b0fec4cfd1a1
cfb69f9061e28c74f2d617a67d3e19ad
69be9bb725115c880d500c02046e2f42
74a62a2e9de0952559e5609c6a126661
f980d6c065cd50d0e0e835141d080770
150498a047c1b6af4e347a0a9919d580
581f13653c95d8868c38e88cc5edec3f
Relate domains known to have been registered using trainerlouise[.]yahoo.com:
hxxp://jossven.com
hxxp://0dayx.com
hxxp://alm7.net
hxxp://marcandpatrick.net
hxxp://retk03.com
hxxp://xixbh.net
hxxp://0n3mmm.com
hxxp://drwhox.com
hxxp://myserversconfig.com
hxxp://yamimo.com
hxxp://caninebaby.com
hxxp://002mom.com
hxxp://rania-style.com
hxxp://001mom.com
hxxp://8rb.su
hxxp://lebanonbt.info - Email: sullt4n[.]hotmail.com
hxxp://honeycat.org
hxxp://thismynew1.info
hxxp://artiho.com
hxxp://003mom.com
hxxp://idolmovies.com
hxxp://sandbland.com - Email: jackycohen202[.]yahoo.com
hxxp://googleure.com
hxxp://retk01.com
hxxp://sult4n.net
hxxp://mom002.net - Email: perezoza1[.]gmail.com
hxxp://photobeat.su - Email: mingtian8132[.]qq.com
hxxp://elnytydma.com
hxxp://wipmania.net
hxxp://yongyuan2.com
hxxp://smellypussy.info
hxxp://xludakx.com
hxxp://tassweq.com
hxxp://rimpac0.com
hxxp://t7v4d.com
hxxp://haztuwebsite.com
hxxp://ksaxchat.net
hxxp://elperro23.net
hxxp://rwt234.com
Related domains known to have been registered using sullt4n[.]hotmail.com:
hxxp://l33t-milf.info
hxxp://x1x4x0.net
hxxp://alm7.net
hxxp://saudi.su
hxxp://l33t-ppl.info
Related MD5s known to have phoned back to these domains:
340acbbd837832cc42466a81357021dc
d8ef3cdc01c913766936fb030c82e0ea
866b03e6b586e9a021aafed06fa6d917
d42b2512ce22ee8ef61049821d14e83a
be347d137978487c3063c1801794ba46
13addecefb590192d4f537506af563b5
686a6b93bf39d770c750582aba9600a3
a8e4ac094b856e4fa4db55735c64736f
ad4f1412fc78ada25c9757ffa7a29ab3
bbfab98efe673911164de671542cb2ef
Related MD5s known to have phoned back to these domains include:
c74db600c2158d921bfd44eb3b5a1b35
a2fe5e31cb05073dadfe2d8c91f14bbc
1d05fba397bce9ebbb4684235e6b75b2
4150cc172ac27014796972a713717dcc
9ca0a2f6dffef2730a94ed79ef97aea9
942bc3399887085a7b6f771e5e5918e1
b617bb6abbe1995a97688e4cc74f7875
31175b6d020ff6cd98a870cee472172b
fe429f28fbdbd863a4b70a1a97bc11db
cba3813f2f3e1bd8ebe81b8d816639e1
f75909083afc394e3a30580ed6bbd538
55e676a6cb4e1a8b647a112c30ae3d0b
ceb6d8764e43cae795de32bd56c38489
15f2e12d309d143c2fb25d7040cd184a
e43bf58277a31894052b637ac70b658a
8cf9f96ff33a81bcd39d173356fc1adf
419a9ab98c26646d365aec564f1c3c51
a9d421a233108de81dbefc19623043a6
b6098ec3625f30bae42869b5d34b0273
ace5df390f8dcfd0defd286aba25a66e
1a24570afc2a0cd8f422fbf17352af6f
61cf47b9e315441ce20bb92665891103
5f3befb6f6749f58ba3b54041bde28d7
7bb27134f61163400306e2ac45b6e92b
76eeed5e103f690c555b0e88a536163f
388b23a3ae3f64837df0b0c95f20e731
cc13d2e7da89391428d078ef486978b2
2f086d52737f8f6b0d4333089aae5d49
934ff0dccf44a9dc662604050d1496a3
832d5a45883cf8e24f24113dfd5cce30
69795f0e15ce52303ef134cb527146d2
8ad16e64d26ae7eb976ab4137fd82b47
5e3ab30b83f661e3c9a9e03367505dff
b9d86885cec94ffdefe9a271d363e051
989c562db7edf397d512e28c5df41489
bbfab98efe673911164de671542cb2ef
be347d137978487c3063c1801794ba46
68636da56c83715de2290164bcf756b0
e8f92cafa9789d3579ceb11e5c01dab1
a8e4ac094b856e4fa4db55735c64736f
ad4f1412fc78ada25c9757ffa7a29ab3
bcea574ab3b77340f9547064b382f4e5
6e6a849a6d50223435b0bf8520616cc7
1ac0f0ed620167316005eed04188df52
d65a94fb3af688779a1341825e25eed1
6b32910a30125c548c502470b2735011
c5fcd41c4b226f09d3ae2964c62efb3a
347ab96164badd2a304ee1cb7acb86ce
d1b1ed1b4225834211d7a0511a572771
3fa93942d2e4bbbbea31940cbe689934
524b0ef1e7e4dfe2ad8c9fcb39760e02
fe4ba5c4b12f8d65417132dccca96614
No comments:
Post a Comment