Exposing a Sample Portfolio of Scareware Themed Screenshots - An Analysis

Dear blog readers,

I've decided to share with everyone a portfolio of known scareware themed photos with the idea to raise awareness on what used to be the primary monetization vector within the cybercrime ecosystem circa 2010.

An image is worth a thousand words.

Sample screenshots include:

Stay tuned!

Continue reading →

My Old Twitter Account - Sample Twitter Background Collages Circa 2010 - An Analysis

Dear blog readers,

I wanted to take the time and effort and elaborate more on my old Twitter account circa 2010 in terms of what really happened and how I managed to accumulate approximately 11,000 followers on Twitter in less than three months prior to announcing that I'm joining Twitter on my personal blog.

Also for the record - users interested in obtaining access to my old Twitter account for research and reference purposes including to actually go through it can grab a copy of it from here.

Sample collages which I produced back then for my Twitter background in a typical cybercrime research fashion which I hope that you'll enjoy include:

I wanted to say big thanks to everyone who used to follow me on Twitter back then including everyone who's following me on Twitter up to present day.

Stay tuned!

Continue reading →

Yanluowang's Ransomware Group's Internal Communications Leaked by Russian Threat Actors - An Analysis

Yanluowang's ransomware group has recently had their internal communications leak online prompting various researcher into looking into them and analyzing them. The breach of the gang's internal communications happened courtesy of Russian threat actors who also defaced and left a message on their front page.

The leak's initiative has also released various source code in terms of the decryption tool for the ransomware including the source code of the builder.

Sample screenshots include:

The recent communication leaks are similar to the Conti leaks which I extensively data mined and profiled here.

Related actionable intelligence on the C&C server infrastructure:

hxxp://mtololo.com - 81.19.72.59

hxxp://matrix.mtololo.com - 62.113.100.124

Related domains known to have been involved in the campaign:

hxxp://api.views-24.ru

hxxp://lohicageeg.beget.app

hxxp://fr124.aha.ru

hxxp://aktiver-id.fun

hxxp://aktiver-bankid.website

hxxp://matrix.mtololo.com

Stay tuned!

Continue reading →

A Peek Inside the Earnings4u Managed Malware Distribution Service - An Analysis

Dear blog readers,

I've decided to offer an in-depth inside peek inside the Earnings4u managed malware distribution service circa 2010 with the idea to raise awareness on the ease of use and the actual trend where novice and experienced botnet masters can easily acquire the necessary seed population in terms of purchasing access to malware infected hosts which could be further used to spread their malicious software campaigns including spam and phishing campaigns.

With managed affiliate-network based revenue sharing schemes continuing to proliferate it shouldn't be surprising that more cybercriminals are actually looking for ways to monetize access to their acquired through blackhat SEO including various other rogue and fraudulent techniques traffic including users who would be interested in offering managed and centralized ways for spreading other cybercriminal's malicious releases in a systematic and efficient way leading to today's modern cybercrime ecosystem reality where both novice and experienced cybercriminals rely on rogue and malicious affiliate-network based revenue sharing schemes for both revenue generation and the spreading of malicious software.

Sample screenshots include:

Stay tuned!

Continue reading →

A Peek Inside a Russian Web-Based Managed Spam Service - An Analysis

With spam continuing to proliferate globally that also includes the use of spam for serving malicious software largely populating a variety of botnets on a daily basis including the ever-growing use of client-side exploits for the purpose of affecting hundreds of thousands of users on a daily basis I've decided to take a peek inside a Russian-based managed spam service that let's users launch massive and widespread spam campaigns in a DIY (do-it-yourself) fashion.

 Sample screenshots include:

Stay tuned!

Continue reading →

Profiling a Russia-Based Bulletproof Hosting Provider - An Analysis

It should be clearly noted that in today's modern cybercrime ecosystem which is largely driven by the existence of bulletproof hosting providers which basically either ignore abuse notifications or on purposely launch rogue and fraudulent online hosting operations using their own resources or in combination with cloud-based service providers who unknowingly participate in such type of fraudulent and rogue bulletproof hosting schemes including actual malicious software spam and botnet C&C hosting we've continuing to observe an increase in the overall volume of these providers where we're also witnessing their use by both novice and experienced cybercriminals where the ultimate goal would be to increase the average time it takes for vendors organizations and researchers to take offline their rogue fraudulent and malicious campaigns.

In this post I'll discuss several of the high-profile bulletproof hosting providers that were active circa 2010 and I'll provide some actionable intelligence on the infrastructure behind them with the idea to assist everyone in their cyber attack and cyber campaign attribution efforts.

• Recommended reading - Historical OSINT - How TROYAK-AS Utillized BGP-Over-VPN To Serve The Avalance Botnet

Sample screenshots include:

Related bulletproof hosting providers that were active back in 2010 include:

hxxp://securehost.com

hxxp://ccihosting.com

hxxp://wrzhost.com

hxxp://underhost.com

hxxp://shinjiru.com

hxxp://offshorehosting.com

hxxp://offshoreracks.com

hxxp://hostimizer.com

hxxp://zentek-international.com

hxxp://anonhoster.com

hxxp://webcare360.com

hxxp://altushost.com

hxxp://anonymoushosting.org

hxxp://nodmca.nl

hxxp://goip.com

hxxp://serverslease.net

hxxp://e-investhost.com

hxxp://eukhost.com

hxxp://adulthosting.com

hxxp://webhostingchoice.com

hxxp://adulthostingservers.com

hxxp://hostsearch.com

hxxp://adult-host.ru

hxxp://layeredlink.ru

hxxp://xlhost.ru

hxxp://park-web.ru

hxxp://web750.com

hxxp://cirtexhosting.com

hxxp://wlw.su

hxxp://warez-host.com

hxxp://abuzhost.ru

hxxp://peterhost.ru

hxxp://fastvps.ru

Stay tuned!

Continue reading →

Do You Want to Become Guest Blogger or Post a Guest Post Here?

Dear blog readers,

Are you interested in becoming a Guest Blogger or post a Guest Post on the topic of cybercrime research OSINT threat intelligence gathering malicious software and botnet research including anything related to information security in terms of a Guest Post or to actually becoming a full-time Guest Blogger at my personal blog?

Drop me a line at dancho.danchev@hush.com to discuss.

Stay tuned! 

Continue reading →

Dancho Danchev's Vlog - Psychedelic Reality Session - YouTube Video - An Analysis

Dear blog readers,

I've decided to share with everyone one of my most recent YouTube videos which is basically a "Psychedelic Reality" short mix with the idea to say big thanks to everyone for following me and that I'll continue to post high-quality research and posts here.

Enjoy!

Stay tuned!

Continue reading →

Dancho Danchev - Official Come Back - YouTube Video - An Analysis

Dear blog readers,

I've decided to share with everyone an official Come Back video with the idea to signal the fact that I'm indeed back online doing research and that I wanted to say big thanks to everyone for following me.

Enjoy!

Stay tuned!

Continue reading →

Dancho Danchev SecondEye Solutions - YouTube Maltego Demonstration - An Analysis

Dear blog readers,

I've decided to share with everyone my SecondEye Solutions Maltego training video with everyone with the idea to assist everyone in their cyber attack and cyber campaign attribution efforts.

Enjoy!

Stay tuned!

Continue reading →

Dancho Danchev InFraud Organization - YouTube Maltego Demonstration - An Analysis

Dear blog readers,

I've decided to share with everyone my InFraud organization analysis Maltego training video with the idea to assist everyone in their cyber attack and cyber campaign attribution efforts.

Enjoy!

Stay tuned!

Continue reading →

Dancho Danchev Speaks! - YouTube Video Presentation - An Analysis

Dear blog readers,

I've decided to share with everyone my "Dancho Danchev - Speaks!" introduction video where I did my best to elaborate more on my experience and expertise in the field throughout the years.

Enjoy! 

Stay tuned!

Continue reading →

Dancho Danchev's "Exposing the Koobface Botnet" - YouTube Video Presentation - An Analysis

Dear blog readers,

I've decided to share with everyone my Keynote at CyberCamp 2016 on tracking down and monitoring the Koobface botnet.

Go through the related posts here. 

Enjoy!

Stay tuned! Continue reading →