Monday, March 08, 2021
Exposing a Currently Active Portfolio of High-Profile Cybercriminal Email Addresses - Part Six
This summary is not available. Please
click here to view the post.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Saturday, March 06, 2021
Exposing GRU's Involvement in U.S Election Interference - 2016 - An OSINT Analysis
Continuing the "FBI's Most Wanted Cybercriminals" series I've decided to share some of the actionable intelligence that I have on GRU's involvement in the 2016 U.S Election interference with the idea to assist U.S Law Enforcement and the U.S Intelligence Community on its way to track down and prosecute the cybercriminals behind these campaigns.
In this post I'll share actionable intelligence including an in-depth discussion on the tactics techniques and procedures of the cybercriminals behind these campaigns.
Sample personal emails involved in the campaign:
dirbinsaabol@mail.com
hi.mymail@yandex.com
Sample domains known to have been involved in the campaign:
linuxkrnl.net - 193.109.68.87; 191.151.156.205
ns1.carbon2u.com
accounts-qooqle.com
account-gooogle.com
accoounts-google.com
account-yahoo.com
accounts-googlc.com
accoutns-google.com
addmereger.com
akamainet.net
akamaivirusscan.com
apple-icloud-services.com
apple-notification.com
arabianbusinessreport.com
azamtelecom.com
babylonn.com
baengmail.com
boobleg.com
chinainternetservices.com
com-hdkurknfkjdnkrnngujdknhgfr.com
combin-banska-stiavnica.com
cvk-leaks.com
fb-security.com
g00qle.com
global-exchange.net
googlesetting.com
hlbnk.com
homesecuritysystems-sale.com
icloud-localisation.com
imperialc0nsult.com
informationen24.com
interglobalswiss.com
intra-asiarisk.com
invest-sro.com
iphone-onlineshopping.net
kur4.com
lastdmp.com
localisation-apple-icloud.com
localisation-apple-support.com
localisation-mail.com
login-163.com
login-kundenservice.com
magic-exchange.com
mail-apple-icloud.com
mailpho.com
malprosoft.com
medicalalertgroup.com
megafileuploader.com
mfadaily.com
mfapress.com
militaryexponews.com
msoftonline.com
myaccountgoogle.com
myaccountsgoogle.com
mydomainlookup.net
mypmpcert.com
net-a-porter-coupon.com
newiphone-online.net
newiphone-supply.net
newreviewgames.com
nobel-labs.net
nvidiaupdate.com
obamacarerx.net
onlinecsportal.com
pass-google.com
password-google.com
paydaytoday-uk.com
pb-forum.com
planetaryprogeneration.com
regionoline.com
security-notifications.com
service-facebook.com
servicesupdates.com
set121.com
set132.com
set133.com
sicherheitsteam-pp.com
sicherheitsteam-pp.net
skypeupdate.com
smp-cz.com
soft-storage.com
solutionmanualtestbank.com
ssl-icloud.com
team-google.com
techlicenses.com
techlicenses.net
ua-freedom.com
updates-verify.com
us-mg7mail-transferservice.com
us-westmail-undeliversystem.com
us6-yahoo.com
vatlcan.com
wordpressjointventure.com
ya-support.com
yandex-site.com
yepost.com
Sample IPs known to have been involved in the campaign:
23.227.196.217
176.31.112.10
191.101.31.112
191.101.31.6
89.40.181.119
Sample names involved in the campaign:
Mike Long
Ward DeClaur
Daniel Farrell
Jason Scott
Richard Gingrey
Alice Donovan
Den Katenberg
Yuliana Martynova
Karen W. Millen
James McMorgans
Kate S. Milton
Stay tuned!
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Comments (Atom)