Profiling a Currently Active Portfolio of High-Profile Cybercriminal Jabber and XMPP Accounts Including Email Address Accounts - Part Three
0
This summary is not available. Please
click here to view the post.
Continue reading →
In this post I'll provide actionable intelligence on the infrastructure behind the campaign and discuss in-depth the tactics techniques and procedures of the individuals behind it.
hxxp://ababil.org - Email: eric12shia@gmail.com; samirnet2@gmail.com; ababil.org; nassim@ababil.org - 185.51.8.92; 109.234.166.134; 104.28.15.191; 104.28.14.191
Related domains known to have participated in the campaign:
hxxp://ahtribune.com
hxxp://al-ahd.net
hxxp://al-naba.net
hxxp://albabylon.com
hxxp://aleppospace.com
hxxp://alghadeer.tv
hxxp://alharakah.net
hxxp://alhiwaraldini.com
hxxp://awdnews.com
hxxp://criticalstudies.org
hxxp://darinews.com
hxxp://elintelecto.com
hxxp://farhang-press.com
hxxp://harkarmusulunci.org
hxxp://iircenter.net
hxxp://iuvm-sy.net
hxxp://iuvmpixel.com
hxxp://jordan-times.com
hxxp://kelkeen.com
hxxp://kurdrudaw.com
hxxp://mediaadil.com
hxxp://roushd.com
hxxp://rpfront.com
hxxp://siampublic.com
hxxp://studiesaf.com
hxxp://syria-victory.com
hxxp://voiceofwadi.com
hxxp://yemenpress.org
Related domains known to have participated in the campaign:
hxxp://aftruth.com
hxxp://alhadathps.com
hxxp://alhadba.net
hxxp://almejlis.org
hxxp://almultaqaa.com
hxxp://altanzil.net
hxxp://bashiqa.com
hxxp://hindkhabar.com
hxxp://j-babel.com
hxxp://ksastudies.net
hxxp://hxxp://kurdestantimes.com
hxxp://libyaalmokhtar.com
hxxp://maghrebiyon.com
hxxp://masralkenana.com
hxxp://mediaadil.com
hxxp://voiceofwadi.com
Related emails known to have participated in the campaign:
abdullatifmansour@hotmail.com
aminbaik88@gmail.com
m.h.memo1992@gmail.com
walasr5@yahoo.com
moosavi.2010@gmail.com
iuvmdev@gmail.com
moosavi.2010@gmail.com
aminbaik88@gmail.com
jeddoub_21@yahoo.com
Related domains known to have participated in the campaign:
hxxp://adalah.com
hxxp://ababil.org
hxxp://aden-alyoum.com
hxxp://adentimes.net
hxxp://aftruth.com
hxxp://ageofpakistan.com
hxxp://ahtribune.com
hxxp://al-ahd.net
hxxp://al-hadath24.com
hxxp://al-naba.net
hxxp://al-sufia.com
hxxp://albabylon.com
hxxp://aleppospace.com
hxxp://alghadeer.tv
hxxp://alharakah.net
hxxp://alhiwaraldini.com
hxxp://almasirahpress.com
hxxp://almasirahtv.com
hxxp://alnaba.net
hxxp://alsudanalyoum.com
hxxp://altanzil.net
hxxp://atlaniccouncil.org
hxxp://awdnews.com
hxxp://beritadunia.net
hxxp://criticalstudies.org
hxxp://darinews.com
hxxp://elintelecto.com
hxxp://en.alghadeer.tv
hxxp://farhang-press.com
hxxp://gahvare.com
hxxp://getpanel.ir
hxxp://haghighah.com
hxxp://harkarmusulunci.org
hxxp://hindkhabar.com
hxxp://historiadepalestina.com
hxxp://hpiiran.com
hxxp://iircenter.net
hxxp://institutomanquehue.org
hxxp://iraqnewsservice.com
hxxp://irpowerweb.com
hxxp://iuvm-sy.net
hxxp://iuvm.org
hxxp://iuvmdaily.com
hxxp://iuvmdaily.net
hxxp://iuvmpixel.com
hxxp://iuvmpress.com
hxxp://iuvmsy.net
hxxp://iuvmtech.com
hxxp://iuvmtv.com
hxxp://jamekurdi.com
hxxp://jordan-times.com
hxxp://kelkeen.com
hxxp://kurdrudaw.com
hxxp://libertyfrontpress.com
hxxp://libyaalmokhtar.com
hxxp://mediaadil.com
hxxp://nilenetonline.com
hxxp://niletenonline.com
hxxp://nthnews.net
hxxp://pasargad.irandns.com
hxxp://pergiustizia.com
hxxp://puketnews.com
hxxp://qudspal.com
hxxp://raitunisia.com
hxxp://riolattj.com
hxxp://risolattj.com
hxxp://roushd.com
hxxp://rpfront.com
hxxp://rpfront.org
hxxp://rpfront.us
hxxp://sachtimes.com
hxxp://sepehrict.ir
hxxp://siampublic.com
hxxp://studiesaf.com
hxxp://syria-scope.com
hxxp://syria-victory.com
hxxp://theleadersnews.com
hxxp://usjournal.net
hxxp://voiceofwadi.com
hxxp://whatsupic.com
hxxp://yemaniate.net
hxxp://yemenpress.org
Stay tuned!
Continue reading →
Rogue "Malware Spreading Security Researchers" Launch Malicious Social Engineering Campaign Against Legitimate Researchers - OSINT Analysis
0Security researchers from Google have recently spotted and properly analyzed a currently circulation malicious software spreading social engineering driven malicious campaign that's actively interacting with legitimate researchers on social media and private channels for the purpose of tricking them into testing a newly discovered zero day flaw which in reality drops malware on the affected hosts and phones back to a C&C server potentially attempting to compromise the researchers in question.
Sample screenshots of the campaign currently in circulation:
Sample malicious MD5s known to have participated in the campaign:
MD5: 7fc2af97b004836c5452922d4491baaa
MD5: 6252cec30f4fb469aefa2233fe7323f8
MD5: 56018500f73e3f6cf179d3b853c27912
MD5: b52e05683b15c6ad56cebea4a5a54990
MD5: 9e9f69ed56482fff18933c5ec8612063
MD5: f5475608c0126582081e29927424f338
MD5: ae17ce1eb59dd82f38efb9666f279044
Stay tuned!
Continue reading →
I've recently came across to a high-profile study entitled "Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence" which is actually including my personal blog and is referencing me as a high-profile and valuable source of threat intelligence and cybercrime research and I've decided to touch base with my blog readers in terms of soliciting possible security event and security conference invitations where I can attend and make a presentation on a variety of topics.
Are you possibly somehow interested in having me attend your event and make a presentation on a hot topic? Approach me at dancho.danchev@hush.com
Stay tuned!
Continue reading →
From "The Underground" With Love - A Compilation of Cybercrime Underground Chatter Referencing My Research
0
I've decided to make a quick compilation of underground chatter including references of my research courtesy of high-profile cybercriminals internationally with the idea to raise awareness on their existence and to provoke more researchers to dig even deeper on their way to track down and prosecute the cybercriminals behind these campaigns.
Recommended reading:
- Medium
If an image is worth a thousand words consider going through the following images courtesy of cybercriminals referencing my research:
Stay tuned!
Continue reading →
Dancho Danchev's Keynote at CyberCamp 2016 - "Exposing Koobface - The World's Largest Botnet" - Recommended Watching!
0Dear blog readers,
I wanted to take the time and effort and let everyone know that you can now watch my keynote presentation from CyberCamp 2016 on the topic of "Exposing Koobface - The World's Largest Botnet" and actually get a bigger picture in terms of my research into the workings of the Koobface botnet where I was once the primary source of information on the way it used to work and eventually contributed to its demise by publishing personally identifiable information on one of its botnet masters potentially assisting U.S Law Enforcement on its way to track down and prosecute the cybercriminals behind the campaign.
Stay tuned!
Continue reading →
Welcome to 2021. I've decided to share my primary contact points for 2021 in a separate post with the idea to allow everyone to add me as a contact or actually send me an instant message or an email regarding possible inquiry about some of my research including possible invite-only conference attendance or presentation proposal inquiry including possible part-time or full-time independent contractor based work and agreements.
Here are my primary contact points for 2021:
Primary email: dancho.danchev@hush.com
Email for sensitive projects: ddanchev@cryptogroup.net
Skype: dancho_danchev_
Silent Circle: ddanchev
Signal: +359 87 68 93890
WhatsApp: +359 87 68 93890
Threema: KY622AU5
Including the following social media accounts - Twitter, LinkedIn, Facebook including Medium.
You can also use the following public PGP key for my dancho.danchev@hush.com account in case you're interested in approaching me for a possible participation in a sensitive or classified project:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF/di7UBEADQbxy54QJNZjBYVKeWRxEStiRgliSRlc4Wcb0z781WGu7o56wP
fJ/iRWCuXziFOJcEkv477f1xBdiDkchEkQif4REp+V3XYUsT6ciEBEiJ3gFmiit2
xeieHqsw6b6IdY/X18TeCvQRHBjw5ID6+XHwWiTg4tLZyPr45J7i2HOR5PU+WwdW
fYMZcEWuCKAG9r4PhL3wv9QhCQpwPOeCh9WKj9AQR+dHSfq6TTt1AFkw6GPBvzzZ
tYsnFDEk+fKqfOLxBmhvF+2vOnRZmQyzgL+vkCrZWrofpLrtH1hsbINIiDR4Ap04
VsZrJIMv8162UpGGL3oC0aN5kximlBwtdOS+4tYq5akd10D77M2gMt+Lup1TVktj
tFDg+eGXpKF/sbtYckco3eqUdAj7Dd6e55YTFcJFhN6aLAyFMVBbN3MXhoQmguxT
YTtzevVJtaTeDxshOzsfTZZcvPf9I67g3wIgEgDKut2bAzGeOqchS/j9gw9hA8Ak
mkXoQw1PXoP++mWS2Y98iv616lbKK2i9/9/2WrCUVi6hyu67+AvyuOugA1LlDkuX
saJHB/2j1mBGr/VCe6eFD7nxV1fDfiUtIEwQDPM4bjSQePfLsSkW5bfnp+joODav
ntO8BZ66BhRYEYXQX8vNDLdSRSYyriQssRWdJ3DghKCZkYoKMpP6NqnL/QARAQAB
tChEYW5jaG8gRGFuY2hldiA8ZGFuY2hvLmRhbmNoZXZAaHVzaC5jb20+iQI4BBMB
CAAiBQsJCAcKBxUICgkLAgMEFgECAwIZAQWCX92LtQKeAQKbIwAKCRDYjPpRcde0
B4fJEADM6iCaX2ekmnFe+Z/qEsReGZasEPpmJfTQCSgVXw8FbbkOXaeGxn6TRrEd
AGBl99Xe05AIFjOWEEOWn/hDxeTPurbeHvpDkyGdXD6SgE4/sIFnB9206db6XeWp
rE7uIkSgPNr+YW/3m1/G2N3McS/MYzvkk3NaAx6MVloKDlW/dunE7m92ngfjDGAG
s+lrmniFeeakGfEyPCZw6GneeoDjFKyD3MbKOMWjWVLIQCi4LQ0+Ske0OOETs5MS
reYDXMphn0dWynFSzlYb7m5onmU6C1g6BjBc9HvG+xZpgBiK3JR5GPsKhse+4lS9
aVJKhfQ19zHRYIRycRBPU/zTDG27zvlsGLOBdPmsAaHP5MhOsJo1pTf5lt/INVYf
Dll/Fu84XGseHgno6iEybZDhOMhXBx8LOUbLn6JLh7yurcbTvRhyACMAAJzsAymw
JG/ydFCY9N6hzFo8aSQVW2Km41Lst/1ngJ2ZOIgjnzJSyb4MDZmV8NlI+wfMjdgw
csW9xKuLwfMsB9Km0xm3klYUS0ReZPA+IQmi8gLqNikK+fEDTJsfRZm2LtRHvKZm
Mjx5mFiX/Kv+1nnxp/OFXo9P6L6WwauRWUIF95Ak2+d4F04mbwA2bGaYgvuWyik+
Uo0KfNrKzjaW52MSLdXmwJAsMwMc6i+xwNX359u4jCkoT6CA3bkCDQRf3Yu1ARAA
wB8olWg/sOWnVl9lG1bQOUJaIZR0QUlABMOpzvcZH8CoSfvcTXivDuCCl03+juDX
8BgPMRI9QigOBWnZwBZ0PgLW05SZ8339SOmFBsX0v0wadXj7C7HOcLvwC1XivPVI
LIXHUb+8aCBPurBx3Y3vj+fkmXEUVBO6853u36n+hf3gLM9K/IkNxSTRLIM8WY1r
+vGHtDQgrZk6KAUy81J1Jy+LIMUJV0Y/3HBaLCNXcRZbNNQ1hKq2CTttvOYOmHPV
JvMmPd0PHbsdVj1uU1fTZu52fVzBqvNboo3VA6Lv1/QlGMzIVFImjFOQ0GvJY3i5
jU9d7UEXxWKtJtsDkIxBYC20Ri2NSn8UjWlVNoIp6Y2PsJeosUcJXqMXARQ8jjLA
xKZZQnNsMGxIdKimtUY9dH+4oH8+hmszCnCLDSu6YDFFUWPw57opg2Z2sv0J4Nsp
gw82J9bV5n4gIzBVodoP3WuzHqdoE39QYNe/b9woDw08yYuwYwz6cK5d2s400s4v
ycosJvh6+vDSYWQpzriFPSDFnF2VgWN6AcAK20z575AOkO0u9dTHv8ySJtxrhOux
Z2vfgiZ79QZmj+6AFgNvCD4syRl6pgeD7kIgGGWYf/V0HFdOLw5xVkNxFih8AcwH
cn8Wh9m6ImOsHErfVVRKSbChWG4PxlsWZEHUqTR/V4kAEQEAAYkCHwQYAQgACQWC
X92LtQKbDAAKCRDYjPpRcde0B+fGD/9f0XUQKQXE6dzq6P18UewWmOqgQldmjCrO
2yx1oDtx0zognbmHLHVof509ys27cQFBzgar4WB+xtsorf+L4UdUHIy6D+JWInbH
/ZvoOuvQNubBb+8oAJMcyaoEPWUY7lD89VCNy01R8VTfhOUNhgSs/3nRENqqv8a2
b3FAD9xWYQn2ogKTIZYMkcrb7HiRFM4wfJ43PXqtjrpubXMoL+oSczOSG/mygUgC
6qOdxeNs+siRsCyWuQfWbjBrRg/2hegBS7BHWfMYLK/JWJYRjHcArdTVGVlLPlO9
BWcDm4uU+Lq8skFyy915hUjQnfVVLpnC7kf9mXgmQrRerzbPw1sVVWcZXgaTXTbz
IbY/M3oS569ptzKnsfwRyH1vA6W1K93wV9dmxMeGmR1qojW8gAAFdjKBw4SUfMnX
9hs45KBknc9iFsvnLrHK9MY5Wrzd6Nn9owqQGQBDeKig6RuhaB+kwmSRUJM48/4d
T2MG0aw6YMPAnaiycPjT1R4DreaG9fAWw17Wc1sLfpvrhuUeAXJdLDS5emq3lSPW
pQPVF4Drw8MFK7iAfcaZY56nSl7Xw52O+D4ULNkM+A8vzh66pAw7HCInR8JB5pI5
XIRzoEi2bteAGVwZOCpch09vNf9lqy9ZWQCUacEIg0OLPPwwvacPbRucK0oIcTIG
VKW/gh/SxA==
=RAw5
-----END PGP PUBLIC KEY BLOCK-----
Stay tuned!
Continue reading →
Dancho Danchev's Biography - The Inside Story Behind the Life of ex-Bulgarian Hacker Dancho Danchev - Recommended Reading!
0
I've decided to take the time and effort and say big thanks to everyone who's been following my research since December, 2005 and has been touching base to say "hi" or to offer operational support or to share their "know-how" and opinion about the research that I've been publishing on my personal blog.
I've recently posted a high-profile and recommended reading article at my Medium account which you can check out here. The article is basically a first-person account of my life and experience as an ex-Bulgarian hacker today's World's leading expert in the field of cybercrime research and threat intelligence gathering which you might be interested in reading and actually sharing with your social network including friends and colleagues.
Stay tuned!
Continue reading →
Dancho Danchev's Security Research Compilation at his Medium Account - Official E-Book Compilation
0
Dear blog readers,I wanted to let everyone know that I've just made all of my Medium account articles currently available in multiple offline E-book formats available online for free which you can grab from here.
Topics covered include:
- U.S and U.K Intelligence Community Secret and Top Secret program's elaboration
- Technical Collection articles
- OSINT Analysis
Stay tuned!
Continue reading →
Dear blog readers,I wanted to let everyone know that I've just released an official E-book compilation which is currently available online for free for all the articles that I've been publishing at my personal online E-shop for intelligence deliverables called Unit-123.org which you can grab from here.
Topics include:
- Geopolitical issues in the context of cyber warfare
- Cyber Warfare doctrine principles
- Offensive Cyber Warfare articles and basic principles covered
Stay tuned!
Continue reading →
Subscribe to:
Comments (Atom)
RSS Feed