Profiling a Currently Active Personal Email Address Portfolio of Members of Iran's Ashiyane Digital Security Team - An OSINT Analysis

Dear blog readers,

I've decided to share with everyone a currently active personal email portfolio belonging to members of Iran's  Ashiyane Digital Security Team with the idea to assist everyone in their cyber attack or cyber threat actor attribution campaigns.

Sample currently active personal emails known to belong to members of Iran's Ashiyane Digital Security Team:

m0stagim@gmail[.]com

mtn97[.]hacker@yahoo[.]com

si13nt_si13nt@yahoo[.]com

midia595@yahoo[.]com

Dead[.]Zone@att[.]net

n0_sec@yahoo[.]it

MagicC0d3r@gmail[.]com

Faghat_be_khatere_to6000@yahoo[.]com

raminshahkar73@yahoo[.]com

nitr0jen26@asia[.]com

Lord[.]private@ymail[.]com

mehdy007@hotmail[.]fr

plus[.]ashiyane@gmail[.]com

pashe_kosh9@yahoo[.]com

omid[.]ghaffarinia@gmail[.]com

Pashekosh8@gmail[.]com

pashe_kosh8@yahoo[.]com

Sun[.]Army@Asia[.]com

sajjad13and11@yahoo[.]com

sajjad13and11@yahoo[.]com

Faridmahdavi90@yahoo[.]com

omid[.]ghaffarinia@alum[.]sharif[.]edu

Nitrojen26@Yahoo[.]Com

h-skeepy@att[.]net

datacoders25@gmail[.]com

ica_r00t@yahoo[.]com

nic[.]ir@live[.]com

arta_ir313@yahoo[.]com

h[.]sk33py@y7mail[.]com

Mazhar_FashisT@yahoo[.]com

Mazhar[.]Fashist@gmail[.]com

support@multivpn[.]info

l_l_darkl0rd_l_l@yahoo[.]com

Xhacker42@yahoo[.]com

datacoders25@gmail[.]com

Mr[.]Skitt3r@att[.]net

xpr_program@yahoo[.]com

Skitt3r@yahoo[.]com

4rM4n@att[.]net

V30sharp@yahoo[.]com

hellboy[.]blackhat@yahoo[.]com

hosseinxpr@gmail[.]com

Fire[.]Mafia@yahoo[.]com

mr[.]xp[.]20@gmail[.]com

l2odon@yahoo[.]com

eparsdata@gmail[.]com

parshost1@gmail[.]com

mr[.]xp[.]20@gmail[.]com

w0rm[.]c0d3r[.]blackhat@gmail[.]com

l3lackhat@yahoo[.]Com

l3lackhat[.]ir@gmail[.]com

ZER0CoOL_H@yahoo[.]com

n3td3vil[.]nopotm@gmail[.]com

0xsecure[.]network@gmail[.]com

ashkan_wanted@yahoo[.]com

kinglet@hackermail[.]com

cyb3rg0df4th3r@yahoo[.]com

smart[.]noise@yahoo[.]com

D3lt4_l0rd@yahOO[.]com

bl4ck_l0rd@yahoo[.]com

Delta[.]Secure@Gmail[.]Com

ashiyane[.]center@gmail[.]com

L0rd@dr[.]com

Cru3l[.]b0y@gmail[.]com

ashiyane[.]center@gmail[.]com

iranweb@socal[.]rr[.]com

behrooz_ice@yahoo[.]com

Delta[.]Secure@gmail[.]Com

nima[.]salehi@yahoo[.]com

behrooz_ice@yahoo[.]com

behrooz[.]kamalian@yahoo[.]com

behrooz[.]kamalian@gmail[.]com

unique2world@gmail[.]com

hossein19123@yahoo[.]com

pr0grammer[.]ashiyane@gmail[.]com

Milad_a[.]kh22@yahoo[.]com

ashiyane_org@yahoo[.]com

Sha2ow@hackermail[.]com

Prince[.]H4ck@gmail[.]com

goldhat@hackermail[.]com

mr_det3ct0r@yahoo[.]com

keyoube@yahoo[.]com

bbc@irsecteam[.]org

v[.]elmi67@yahoo[.]com

skychat_vhd@yahoo[.]com

mr[.]shahram@irsecteam[.]org

alimp5@sepnata-team[.]org

ali0511@irsecteam[.]org

turkish_boy73@yahoo[.]com

dangel2[.]team@gmail[.]com

xehsan902@gmail[.]com

saeidperak@yahoo[.]com

silentxhacker@yahoo[.]com

v[.]elmi67@yahoo[.]com

babolhost@gmail[.]com

Stay tuned!

Continue reading →

Exposing Behrooz Kamalian's Ashiyane ICT Company - An OSINT Analysis

Dear blog readers,

I've decided to share with everyone some practical and actionable threat intelligence information regarding members of the Ashiyane Digital Security Team also known as Behrooz Kamalian's Ashiyane ICT Company for the purpose of assisting everyone in their cyber attack and cyber attack attribution campaigns.

Name: Behrooz Kamalian

Postal address:

Tajrish Sq, Fana Khosro St,Amir Salam Alley,No 22, Ashiyane ICT Company

Phone number: 22727284-5

Fax number: 22727283

email: nima.salehi@yahoo.com

Technical Handle: nic36928h37

Name: Behrooz Kamalian

email: nima.salehi@yahoo.com

Domain Name: ashiyane.ir

Legal Holder: Behrooz Kamalian

Postal address:

Unit 28, Floor Seven, 36 Building , Daneshvar alley, Jamalzadeh St. , Enghelab Sq.

Tehran, IR

1336925748

Phone number: +98.2166935551

Fax number: +98.2166930577

Admin Contact: nic36928h37

Technical Contact: nic36928h37

Domain Name Server1: ns1.ashiyane.org

Domain Name Server2: ns2.ashiyane.org

Request Date: 29 December 2005

Last Verification: 21 September 2006

Reseller: Govah Tadbir Rayaneh

Postal address:

Unir 1 , 1th Floor , No.376 , North Bahar St .

Phone number: +98 21 88849956-7

Fax number: +98 21 88307682

email: info@tadbir.ir

Continue reading →

Exposing a Currently Active Domain Portfolio Managed and Operated by Members of the Ashiyane Digital Security Team - An OSINT Analysis

Note: This OSINT analysis has been originally published at my current employer's Web site - https://whoisxmlapi.com where I'm currently acting as a DNS Threat Researcher since January, 2021.

We’ve decided to take a closer look at the current and historical domain portfolio managed and operated by members of Iran’s Ashiyane Digital Security Team using Maltego in combination with WhoisXML API’s integration for the purpose of providing actionable threat intelligence including to assist fellow researchers vendors and organization on their way to track down and monitor the Internet connected infrastructure of key members of Iran’s Ashiyane Digital Security Team for the purpose of monitoring it and attempting to take it offline.

In this article we’ll provide actionable intelligence on some of the currently active domains managed run and operated by Iran’s Ashiyane Digital Security Team with the idea to assist fellow researchers vendors and organizations on their way to track down and monitor the infrastructure managed run and operated by Iran’s Ashiyane Digital Security Team.

A list of currently active domain portfolio known to be managed and operated by members of Iran’s Ashiyane Digital Security Team:

life-guard[.]ir

sepahan-trans[.]ir

kashanit[.]ir

websazangroup[.]ir

namvarnameybastan[.]ir

ashiyane-ads[.]com

tamamkar-chalous[.]ir

padidehafagh[.]com

padideafagh[.]com

bahmanshahreza[.]com

vatanpaydar[.]com

pkpersian[.]net

xn--wgba3di6y7p[.]com

jonoobhost[.]net

mahmoudbahmani[.]ir

piremehr[.]ir

shahrepars[.]ir

3diamond[.]ir

mhdcard[.]com

ashiyanecrm[.]com

tabta2[.]com

ashiyane-bot[.]ir

projejob[.]ir

rizone[.]ir

iedb[.]ir

unmobile[.]ir

razmaraa[.]ir

tabrizigold[.]ir

galleryfirozeh[.]ir

foroozanborj[.]ir

unicornart[.]ir

rahnamayeiran[.]ir

iranhack[.]ir

shomalbeauty[.]ir

andishehig[.]ir

meelk[.]ir

tamamkar-sari[.]ir

namehybastan[.]ir

chemiiran[.]ir

A list of currently active domain portfolio known to have been registered managed and operated by members of Iran’s Ashiyane Digital Security Team:

websazanco[.]ir

rahnamayeiran[.]ir

maz-laa[.]ir

esnikan[.]ir

foroozanborj[.]ir

royall-shop[.]ir

ashiyane[.]ir

chemiiran[.]ir

account-yahoo[.]com

arshiasanat-babol[.]ir

ashiyane-ads[.]com

jahandarco[.]ir

momtazbarbari[.]ir

pouyaandishan-mazand[.]ir

shomalbeauty[.]ir

tractorsazi[.]com

aleyaasin[.]com

farsmarket[.]com

englishdl[.]com

zproje[.]ir

projejob[.]ir

songdownload[.]ir

ashiyanesms[.]com

ihybrid[.]us

drsjalili[.]com

ashiyane[.]org

ashiyanecrm[.]com

ashiyanehost[.]com

ashiyanex[.]com

rasht-samacollege[.]ir

instapacks[.]ir

bahmanshahreza[.]com

shaahreza[.]com

shahrezanews[.]com

taktaweb[.]net

javannovin[.]com

padidehafagh[.]com

padideafagh[.]com

sahebnews[.]com

nasiri[.]info

taktaweb[.]org

bamemar[.]com

talakesht[.]com

sepahan-trans[.]ir

opencart5[.]ir

rasulsh[.]ir

kashanit[.]ir

facebooktu[.]com

life-guard[.]ir

pr0grammers[.]ir

lammer[.]ir

sepahantrans[.]ir

facecode[.]ir

iranhack[.]org

aryanenergy[.]org

khsmt-sabzevar[.]com

orveh[.]com

tipec[.]org

iranhack[.]ir

shantya3d[.]ir

razmaraa[.]ir

soroshland[.]ir

galleryfirozeh[.]ir

unicornart[.]ir

shahrepars[.]ir

3diamond[.]ir

ashiyane-bot[.]ir

mahmoudbahmani[.]ir

piremehr[.]ir

dcligner[.]com

tabta2[.]com

chipiran[.]org

ashiyanebot[.]ir

bnls[.]ir

lamroid[.]com

persiandutyfree[.]com

iran3erver[.]com

hivacom[.]com

irantwitter[.]com

persian-pasargad[.]com

chatafg[.]com

kasraprofile[.]com

gharnict[.]com

minachoob[.]com

gigmeg[.]com

shoka-chat[.]com

serajmehr[.]com

asrarweb[.]com

niazezamuneh[.]com

sana-mobile[.]com

rizone[.]ir

iedb[.]ir

unmobile[.]ir

progmans[.]com

design84u[.]com

istgah-salavati[.]com

iranhack[.]net

shantya3d[.]com

kamelannews[.]com

rangeshab[.]com

dihim[.]com

hdphysics[.]com

cgsolar[.]net

vahidelmi[.]ir

maincoretechnology[.]com

bastanteam[.]com

vvfa[.]com

Irsecteam[.]org

We’ll continue to monitor for new domain registrations courtesy of Iran’s Ashiyane Digital Security Team and we’ll post updates as soon as new developments take place.

Stay tuned!

Continue reading →

Two High-Profile OSINT and Technical Collection Analysis Reports on Iran's Hacking Scene and the Ashiyane Digital Security Team - Available for Free!

Dear blog readers,

It's a pleasure and an honor to let you know that I've just made two of my most important and high-profile studies on Iran's Hacking Scene and Iran's Hacking Ecosystem including a high-profile and never-published before SNA (Social Network Analysis) of Iran's Hacking Scene using Maltego publicly accessible with the idea to get more people to read them and actually act upon them potentially assisting the U.S Intelligence Community and U.S Law Enforcement on its way to track down the prosecute the cybercriminals behind these campaigns.

I've decided to share direct download copies of the two reports with the idea to assist you and your team including possibly a vendor or an organization on its way to catch up with what Iran's Hacking Scene has been up to including the infamous Ashiyane Digital Security Team in the context of offering an in-depth and never-published before OSINT analysis on Iran's Hacking Scene including an in-depth and comprehensive SNA (Social Network Analysis) graph of Iran's Hacking Scene using Maltego.

• Consider going through the following post to go through an OSINT analysis on the FBI's Most Wanted Iran-based cybercriminals including actionable intelligence and in-depth OSINT analysis including a SNA (Social Network Analysis) graph of Sun Army Team Members, ITSec Team Members, and the Mersad Co. company.

An excerpt from the first report which you can grab from here:

"In this report I’ll provide in-depth analysis of the Iranian Hacking Scene and potentially its use of offensive and defensive cyber warfare practices including possible capability measurement and estimation in terms of technical capabilities and offer in-depth technical and qualitative analysis of some of the key factors that actually drive the Iranian Hacking Scene including in-depth Technical Collection material and OSINT gathered artifacts to assist in the process of acting upon the growing threat posed by Iranian Hackers and the Ashiyane Digital Security Team internationally with the idea to empower decision-makers and the Industry including third-party stakeholders with the necessary analysis to act upon and take measures against in terms of offensive and defensive cyber warfare operations and actual Law Enforcement tracking down and prosecution including never-published and released before personally identifiable information on the Ashiyane Digital Security Team including its key members including a never-published before Social Network Analysis Graph of Iran’s Hacking Scene and Iran’s Hacking Underground."

An excerpt from the second report which you can grab from here:

"This qualitative analysis (45 pages) seeks to assess the Computer Network Operations (CNO) of Islamic Republic of Iran, through the prism of the adversary’s understanding of Tactics, Techniques and Procedures (TTP), a structured and geopolitically relevant, enriched OSINT assessment of their operations, consisting of interpreted hacking literature, videos, and, custom made hacking tools, extensive SNA (Social Network Analysis) of the country’s Hacking Ecosystem, real-life personalization of the key individuals behind the groups (personally identifiable photos, personal emails, phone numbers, Blogs, Web Sites, Social Networking accounts etc.). It’s purpose is to ultimately empower decision/policy makers, as well as intelligence analysts, with recommendations for countering Islamic Republic of Iran’s growing understanding and application of CNO tactics and strategies."

• Overview and In-Depth Analysis of Iran’s Most Popular Hacking Groups
• Personally Identifiable Information and Enriched OSINT Analysis
• Iran Hacking Group’s Team Members Personal Photos
• Iran Hacking Team’s Personal Group Photos
• Personal and Group-Published Hacking and Security Tools
• Analysis of Iran’s Cyber Academic Sector
• Social Network Analysis Maltego Graph

Iran-based Hacking Groups and Team covered and discussed in-depth:

• Overview and In-Depth Analysis of Iran’s Most Popular Hacking Groups
• Personally Identifiable Information and Enriched OSINT Analysis
• Iran Hacking Group’s Team Members Personal Photos
• Iran Hacking Team’s Personal Group Photos
• Personal and Group-Published Hacking and Security Tools
• Analysis of Iran’s Cyber Academic Sector
• Social Network Analysis Maltego Graph

Enjoy!

Continue reading →

New Report - "A Qualitative and Technical Collection OSINT-Enriched Analysis of the Iranian Hacking Scene Through the Prism of the Infamous Ashiyane Digital Security Team" - Grab a Copy Today!

Dear blog readers,

It's a pleasure and an honor to let you know of a recently released commercially available report on Iran's Hacking Scene entitled - "A Qualitative and Technical Collection OSINT-Enriched Analysis of the Iranian Hacking Scene Through the Prism of the Infamous Ashiyane Digital Security Team" which is priced at $500 for unlimited distribution copies within your Team and Organization and can obtained from here.

An excerpt:

"In a cybercrime ecosystem dominated by fraudulent releases and nation-state actors including possible high-profile “sock-puppets” and cyber proxies type of rogue and potentially superficially engineered cyber warfare tensions it should be clearly noted that a modern OSINT and virtual HUMINT actionable threat intelligence analysis of major and prominent cyber actors should take place for the purpose of setting up the foundations for a successful cyber actor monitoring including possible offensive and couter-offensive tactics techniques and procedures for the purpose of profiling and acting upon the gathered and monitored intelligence should take place through the automated and systematic Technical Collection and OSINT enrichment of the gathered data for the purpose of empowering the necessary decision-makers and third-parties with the necessary data information and knowledge including hands-on tactical and strategic intelligence to work with and act upon."

Another excerpt:

"In this report I'll provide in-depth analysis of the Iranian Hacking Scene and potentially its use of offensive and defensive cyber warfare practices including possible capability measurement and estimation in terms of technical capabilities and offer in-depth technical and qualitative analysis of some of the key factors that actually drive the Iranian Hacking Scene including in-depth Technical Collection material and OSINT gathered artifacts to assist in the process of acting upon the growing threat posed by Iranian Hackers and the Ashiyane Digital Security Team internationally with the idea to empower decision-makers and the Industry including third-party stakeholders with the necessary analysis to act upon and take measures against in terms of offensive and defensive cyber warfare operations and actual Law Enforcement tracking down and prosecution including never-published and released before personally identifiable information on the Ashiyane Digital Security Team including its key members including a never-published before Social Network Analysis Graph of Iran's Hacking Scene and Iran's Hacking Underground."

Interested in obtaining a copy? Approach me at dancho.danchev@hush.com today and inquire about purchasing it and I'll shortly get back to you with additional details on how to obtain copy of the report.

Stay tuned! Continue reading →