Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: 02/22/24

Thursday, February 22, 2024

Dancho Danchev's Law Enforcement and OSINT Operation "Uncle George" - A 2024 Update

What leads us to conclude while and when data mining publicly accessible forum communities used by cybercriminals?

It's their digital footprint which often comes invaluable when doing research such as for instance the following user IDs.

Sample personally identifiable XMPP/Jabber and email address accounts obtained by data mining a publicly accessible cybercrime-friendly forum community:

112233[.]exploit.im
1ntersect[.]mail.ru
365pills[.]richim.org
492962059[.]xmpp.ru
6262217[.]qip.ru
6262217[.]xmpp.jp
a10ne[.]exploit.im
activemoney[.]jabba.biz
adm[.]likeboss.biz
admin[.]multi-vpn.biz
administrator[.]d-2018.com
adv_supp[.]creep.im
advertisement[.]cryptomus.com
affiliate[.]Pharmaexpressrx.com
affiliate_support[.]clicklead.ru
affiliates[.]affmy.com
affiliates[.]faphouse.com
affsupp[.]jabber.ru
ager[.]paytechnique.com
aleksa[.]azinomoney.com
alex_popup[.]mail.ru
alexander.margulis[.]fxclub.org
alphacrew[.]protonmail.com
amusing[.]jabber.me
andls[.]rambler.ru
andy.g[.]pharmcash.net
andy[.]tjabb.com
angel4you21[.]qip.ru
annie[.]7bitpartners.com
arbitrage[.]webmoney.ru
arrish[.]jabber.ru
av[.]profitpixels.com
avd[.]247camsupport.com
big.t[.]exploit.im
big.t[.]thesecure.biz
bigtomas[.]sj.ms
brightmean[.]xmpp.jp
brightmean008[.]gmail.com
business[.]prime4pay.com
case[.]tacolo.co
commercialsites[.]react.org
consult[.]1jabber.com
contact[.]mondiad.com
contacts[.]byoffers.com
corsair[.]onlinesup.com
crewprime[.]protonmail.com
cryptoscanone[.]gmail.com
D007D007[.]gmail.com
dasjfkhsd[.]yandex.ru
Den.evilin[.]gmail.com
drbucks.support.2[.]jabber.no
educashion[.]jabber.ru
edu-money[.]jabber.ru
edu-profit[.]jabber.ru
edward[.]bourgaffiliateprogram.com
edward[.]im.solname.com
elchip[.]lryq.com
elen[.]imonetizeit.com
eugenia[.]adtrafico.com
evasupport[.]jabber.org
exfan.org[.]gmail.com
FinanceCPA[.]yandex.ru
forfind[.]xmpp.ru
hello[.]ipgate.io
help[.]coinshop24.org
hiddmark[.]gmail.com
hola[.]lospollos.com
hola[.]tacolo.co
info[.]edu-money.com
info[.]ezmob.com
info[.]hidmark.com
info[.]hidmark.ru
info[.]proxy-solutions.net
info[.]smmpanelus.com
info[.]softservice.org
info[.]tapgerine.com
ipillcash[.]jabber.ru
ipillcash[.]protonmail.com
john[.]tjabb.com
kate[.]bizprofits.com
kekc[.]im.solname.com
kristy[.]bongacash.com
krok[.]jabber.ru
lapochkalena13[.]gmail.com
leha78job[.]gmail.com
liza[.]bestseospace.com
liza[.]bourgaffiliateprogram.com
liza[.]im.solname.com
lucky-max[.]xmpp.jp
luna[.]traffcore.com
mailienteam[.]yahoo.com
markexchanger[.]xmpp.ru
melanie[.]bourgaffiliateprogram.com
melanie[.]im.solname.com
mikle[.]ipca-security.com
mmp[.]jabber.at
moneypartner[.]protonmail.com
mraffbiz[.]jabber.ru
mudilo[.]xmpp.ru
mxdor12[.]mail.ru
n1oise[.]mail.ru
nicegram[.]appvillis.com
npharma-security[.]opsecsecurity.com
optimizations[.]i.ua
order[.]shahan.pro
palumbo.eu11[.]gmail.com
partners[.]edu-revenue.com
partners[.]newretropartners.com
partners[.]runetki.com
paysover[.]proton.me
paywayrx[.]protonmail.com
pc_techsupport[.]jabber.ru
pharma-security[.]opsecsecurity.com
pharmempire[.]jabbim.com
plugins[.]wordpress.org
poleveter707[.]gmail.com
psi[.]brandshield.com
psi-2022[.]brandshield.com
robystudio[.]gmail.com
romochka.volkov.91[.]inbox.ru
ru.traf.suda[.]gmail.com
rxsupport[.]jabbim.com
s1[.]hotsecure.biz
s2[.]hotsecure.biz
segaldseo[.]gmail.com
senderproject[.]ya.ru
seodmitriyc[.]gmail.com
seolink.orders[.]gmail.com
seomen[.]jabber.at
sergey.gnadm[.]gmail.com
sharon[.]now.cn
shevjul[.]gmail.com
smm20401[.]yandex.ru
stas.b[.]affstream.com
storebucks[.]yandex.ru
support[.]7offers.ru
support[.]adnitro.pro
support[.]adspower.net
support[.]adtrafico.com
support[.]advanced.name
support[.]advertise.ru
support[.]affiliate.top
support[.]alientarget.su
support[.]azinomoney.com
support[.]bestchange.com
support[.]clicklq.com
support[.]cryptoexchanger.org
support[.]cryptomus.com
support[.]educashion.net
support[.]edu-money.com
support[.]edu-profit.com
support[.]enot.io
support[.]essaypartner.com
support[.]evadav.com
support[.]freechange.cc
support[.]gamblingcraft.com
support[.]help24x7.me
support[.]jabber-a.com
support[.]jabbis.com
support[.]justproxy.biz
support[.]kadam.net
support[.]keitaro.io
support[.]medconvert.com
support[.]media-kings.com
support[.]mirexpay.com
support[.]multi-vpn.biz
support[.]oxyproxy.pro
support[.]partnersdbbet.com
support[.]paysale.net
support[.]payv.com
support[.]pelicanprogram.com
support[.]proxy5.ru
support[.]ProxyWins.com
support[.]smmchat.com
support[.]srv24.net
support[.]tacolo.co
support[.]the-smartlink.com
support[.]traffcore.com
support[.]trafficstore.pro
support[.]yochange.com
t3leads[.]jabber.org
tacoloco_team[.]outlook.com
tanya[.]adtrafico.com
tes[.]react.org
titanseo[.]gmail.com
trollsgrot[.]gmail.com
tv7892[.]gmail.com
usec[.]jabber.vg
vad42833[.]gmail.com
vanessa[.]bestseospace.com
vanessa[.]bourgaffiliateprogram.com
vanessa[.]im.solname.com
vasilshop[.]xmpp.jp
vasyashop1[.]gmail.com
vera-simfoniya[.]mail.ru
vittelor86[.]gmail.com
voyeur.traffic[.]gmail.com
webkazna[.]jabb3r.org
webkazna[.]xmpm.pw
webkazna_1[.]xmpp.jp
webkazna2[.]exploit.im
welcomepartnershelp[.]gmail.com
write8004[.]gmail.com
xwab[.]bk.ru
ZakazatBanner[.]yandex.ru
zombi[.]jaberrx.com

Related:

DetectiveAgencyOfficial[.]proton.me
dumpstv[.]exploit.im
elliotsnitzer[.]hotmail.com
fasol[.]isgeek.info
fl3008830[.]gmail.com
hackcore[.]thesecure.biz
ideal_docs[.]exploit.im
info[.]betelnut.ie
jabber[.]jabber.com
jeosenco[.]gmail.com
joshuakrudy[.]gmail.com
Kerlim[.]jabb3r.de
Liamdaves[.]protonmail.com
lucifer6[.]exploit.im
Mrgenji[.]jabber.calyxinstitute.org
mulamoose[.]xmpp.jp
n7269[.]xmpp.jp
neizvestnost74[.]exploit.im
nelliotsnitzer[.]hotmail.com
ninfo[.]betelnut.ie
njoshuakrudy[.]gmail.com
nmulamoose[.]xmpp.jp
noneflone[.]jabb.im
nPauldugan[.]proton.me
ntsar[.]thesecure.biz
ntylerlewis40[.]yahoo.com
oliviam[.]5222.de
oneflone[.]jabb.im
Pauldugan[.]proton.me
peachesncreme_77[.]yahoo.com
peterwt50[.]yahoo.com
procrd[.]exploit.im
procrd[.]gajim.org
REDLINEVIP[.]protonmail.com
sclassadmin[.]exploit.im
siebermr[.]gmail.com
support[.]abcproxy.com
support[.]anonrdp.com
t.cases750[.]gmail.com
tsar[.]thesecure.biz
tylerlewis40[.]yahoo.com
vasilshop[.]xmpp.jp
vasyashop1[.]gmail.com
zedpoint[.]tutanota.com
zedpoint[.]vipole.com

Related:

CConscience[.]xmpp.jp
evil_angel[.]xmpp.jp
lafontain3[.]xmpp.jp
zipshop[.]xmpp.jp
crave[.]jabber.cz
dedmakarr[.]jabber.ru
jabberadrastos[.]sj.ms
johnsnowisalive4[.]jabber.hot-chilli.net
lawton_supp_en[.]public-jabber.me
lawton_supp_ru[.]public-jabber.me
banality[.]creep.im
banalitybiz[.]exploit.im
cardvilla[.]exploit.im
Ego[.]creep.im
reallibrarian[.]exploit.im
zipshop[.]exploit.im

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Assessing the Current State of Cyber and Cyber Military Deception Concepts Online - Part Two

So here it goes.

This is the second part. Check out part one here. If it's going to be a cyber warfare doctrine make sure that China and Russian didn't copy it acting as copycats basically positioning themselves over a decade ago in military and cyberspace operations thinking. If that's the case then I'll do my best to elaborate more on my understanding and the actual practice of cyber deception and cyber military deception in cyberspace.

Some of the key principles that I'll outline in the second part of this series of blog posts include:

As I've already mentioned the process and the practice of misperception it should be also clearly noted and emphasized on that the basic concept of misperception of individuals and organizations in cyberspace launched and operated by an information operation can be basically on purposely proposed by an information operation or the individual or an organization that's managing it.

Yet another highly relevant concept in terms of cyber deception and cyber military deception has to do with in a context of hiding the real and actual information or a fact for the purpose of building an information operation around this idea and actual process which also has to do with.

- Hiding the Real

This is a fairly interesting concept where the primary concept would have to do with with a bit a sensitive topic the concealment of an individual an item or an organization's own characteristics or a pattern be a pattern of behavior or a pattern of activity which could also mean and include the introduction of new characteristics or pattern of behavior or its on purpose or operation-based exclusion of certain characteristics where the ultimate goal would be to raise uncertainty or work in a classified or sensitive fashion.

- Showing the False

This is a very important concept where the primary purpose would be to disinform on the true state of an adversary's or an individual or an organization's true understanding of a specific concept where the ultimate goal would be to disinform a specific individual or an organization including possibly to introduce a new concept or practice also known as showing the false which could also reach a pattern based behavior both in the context of an individual or an organization's behavior.

- Pre-defined target response reaction

The primary goal here would be to create a mechanism where a specific party could expect a specific party's response in a specific way or a manner where the ultimate response could be both classified or sensitive and whether the actual response could be both surprising or hiding the real or showing the false.

- Pre-defined perception determination

Believe it or not this doesn't necessary require an expert or a specialist in the field as believe it or not it would undermine the very concept behind this practice which has to do with on purposely positioning yourself as knowledge based party in a specific situation where the ultimate response would be by something that you know or perceive to know as an expert or a specialist or as a position in the field.

- Hide or Show assets decionary model

A bit of an interesting practice that greatly reminds me a moment in time when you could really "IM me a Strike Order" where the ones who would ultimately know and understand the adversary could have a could to properly respond and strike back in a professional and specific manner.

Stay tuned!

Dancho Danchev