Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: 01/05/26

Dear blog readers,

On November 19th 20025 the Silent Ransomware Operator's Dark Web Onion made an interesting posting in what appears to be a compromised Dark Web Onion with a specific post detailing the activities of the Silent Ransomware operators.

I decided to dig a little bit deeper and also provide an enriched analysis.

Here are the leaked details:

Зубков, Владислав Сергеевич
Телефон: 79038429329
Дата рождения: 09.03.1996
Город: Тула, Россия
Инстаграм: vladi_tula
ВК: slaw71

Иванов, Иван Сергеевич
Телефон: 79153700392, 74957113532
Дата рождения: 03.04.1991
Город: Москва, Россия

Унжаков, Василий Андреевич
Телефон: 76534249063
Дата рождения: 22.04.1993
Город: Тула, Россия
Инстаграм: foxstis

Несветаев, Даниил Павлович
Телефон: 79508749805, 79031156929, 79510857967, 79606919091
Дата рождения: 03.01.2000
Город: Курск, Россия
ВК: xvidis

Солдатов, Владимир ВладимировичТелефон: 79514754980, 79124043093
Дата рождения: 21.09.1992
Город: Миасс, Россия
ВК: ВОВА 12345 СОЛДАТОВ

Аверин, Алексей Иванович
Телефон: 79534255483
Дата рождения: 23.01.1996
Город: Тула, Россия
Инстаграм: alexey.averin, averina1exei
ВК: a1exiiu

Фомичёв, Кирилл Алексеевич
Телефон: 79997815534, 79509266372, 79066268794, 79509028210, 79612672856
Дата рождения: 18.12.1996
Город: Тула, Россия
Инстаграм: kirill_fomichev71
ВК: diger71

Primary domain known to have been involved:

hxxp://business-data-leaks.com - Email: tatodavi1997@finefreemail.com

Related domains:

hxxp://ucheck.info

hxxp://arculufi.com

hxxp://business-data-leaks.com

hxxp://layerzeronetworks.net

hxxp://parcelpathways.com

Related domains:

hxxp://blackpass.online

hxxp://blackpass.link

Related domains:

hxxp://blackpass.one
hxxp://blackpass.sale
hxxp://blackpass.im
hxxp://blackpass.lu
hxxp://blackpass.io
hxxp://blackpass.ws
hxxp://blackpass.name
hxxp://blackpass.biz

Stay tuned.

Dear blog readers,

I recently came across to a relatively interesting and novel malware as a service malicious software provider that specialized in Android based malware releases with several releases currently in the works and available commercially within the cybercrime ecosystem with the vendor currently possessing a pretty decent social media presence so I decided to provide some personally identifiable information about their online whereabouts.

Sample domains known to have been involved in the campaign include:

hxxp://craxsrat.com - Email: evlfdev@gmail.com
hxxp://craxsrat.net
hxxp://craxsserver.com
hxxp://craxsrat.com
hxxp://evlfdev.com
hxxp://spysolr.com

Sample contact details:

Session ID:
05e476b08449c214be276c9eee0db24f5d5a2296da86432a122d3102242939fe3d

Jabber ID:
evfldev@draugr.de

Tox ID:
93BEB9028B77008BFE13A46F2B2290A75988036A77D3D6A315FFA986C45F84654FF298AB9031

Sample social media accounts involved in the campaign include:

https://x.com/EvLFDev
https://www.facebook.com/craxsrat
https://t.me/EVLFDEV
https://github.com/EVLF
https://www.youtube.com/@EvLFDev
https://www.facebook.com/spysolr/
https://spysolr.com
https://vimeo.com/user204150405
https://x.com/spysolr
https://t.me/spysolr

Sample video demonstrations:

Related screenshots: