Sample Photos from My Cyber Security Talks Bulgaria Presentation - An Analysis

Dear blog readers,

I've decided to share some personal photos from my Cyber Security Talks Bulgaria presentation which is quite an outstanding event with quite some interesting and good audience where I had the privilege and meet and socialize with fellow researchers and experts and make an outstanding presentation.

Sample photos include:

Sample presentation slides include:

Stay tuned!

Continue reading →

SmokeLoader Themed Malware Serving Campaign Spotted in the Wild - An Analysis

 Dear blog readers,

I've decided to share with everyone some technical details behind a currently circulating malicious software serving campaign that's dropping a SmokeLoader variant on the targeted host and is using a variety of C&C server domains for communication with the malicious attackers.

Sample screenshots include:

Sample campaign structure:

MD5: ccaf26afe7db068aa11331f6c5af14d8

hxxp://host-file-host6.com - 34.106.70.53

hxxp://host-host-file8.com

Sample related responding IPs known to have been involved in the campaign include:

hxxp://176.124.221.9

hxxp://23.48.95.144

hxxp://45.91.8.70

hxxp://185.144.28.175

hxxp://31.44.185.182

hxxp://8.209.65.68

hxxp://45.134.27.228

hxxp://2.16.165.19

hxxp://185.251.89.108

hxxp://195.186.210.241

Stay tuned!

Continue reading →

Massive Malware Serving Campaign Abuses Portmap A Web Based Port Forwarding Solution - An Analysis

Dear blog readers,

In this post I've decided to further profile a currently circulating malicious software and njRAT malware dropping campaign that's using a popular port forwarding solution as a C&C server with the idea to provide everyone with the necessary situational awareness and technical details regarding the campaign.

Sample campaign C&C and associated domains analysis:

MD5: d8191eee2d99a00cb664d100ffc73b9c

hxxp://enderop44-36084.portmap.host - 193.161.193.99 

URL: hxxp://www.cofo.ga/a/KeyOneA.exe

Botnet C&C: hxxp://cofo.ga - hxxp://52.70.248.161; hxxp://193.161.193.99

Sample screenshots include:

Sample VirusTotal Graph regarding the malicious campaign:

Stay tuned!

Continue reading →

Profiling the Limbo Crimeware Malicious Software Release - An Analysis

NOTE:

These screenshots were obtained in 2009 courtesy of me while doing research.

An image is worth a thousand words.

Sample screenshots include:

Stay tuned!

Continue reading →

Profiling the ZeusEsta Managed ZeuS Crimeware Hosting Service - An Analysis

Dear blog readers,

Back in 2009 I came across to a pretty interesting and easy to use sophisticated ZeuS crimeware managed hosting service which was basically enticing users into becoming customers of a managed ZeuS crimeware service which was basically offering them everything they need to enter the world of cybercrime in specific managed crimeware releases.

Sample URL known to have been involved in the campaign includes:

hxxp://zeuspanel.name - 94.102.56.63

Stay tuned!

Continue reading →

Profiling a Email Password Harvesting Enabled Malicious Software Release - An Analysis

Dear blog readers,

I've decided to share with everyone sample screenshots which I took back in 2010 while doing research in specific the malicious release's capability to eavesdrop on email communications initiated from the hosts of the affected victims part of the botnet with some pretty interesting and sophisticated features where the actual botnet master behind the release has already managed to accumulate some pretty decent stolen and compromised SMTP and POP3 accounting information.

Sample screenshots include:

Stay tuned!

Continue reading →

Exposing a Russia-Based Stolen and Compromised Credit Cards Checking Web Site - An Analysis

Dear blog readers,

I've decided to share with everyone some screenshots which I took from the infamous back in 2010 stolen and compromised credit cards checking service hxxp://ccchkr.com which uses a variety of methods and techniques to check the validity of stolen and compromised credit cards on a mass scale.

Sample screenshots include:

Stay tuned!

Continue reading →

Exposing a Sample Rock Phish Phishing Campaign's Botnet Hosted Infrastructure - An Analysis

Did you know that a huge percentage of Rock Phish related campaigns are known to have been hosted on a fast-fluxed botnet infrastructure where the ultimate goal is to make them impossible to take offline or basically increase the average time it takes for vendors or researchers to attempt to take the domains offline?

In this post I'll share with everyone a sample portfolio of Rock Phish themed screenshots where the ultimate goal is to present my findings in the context of providing actionable intelligence on the fact that on the majority of occasions Rock Phish gang's campaigns continue to be hosted on a fast-fluxed botnet infrastructure.

Sample screenshots include:

Stay tuned!

Continue reading →

Profiling a Sample Scareware Serving Keywords Analysis Twitter Campaign - An Analysis

Dear blog readers,

If an image is worth a thousand words check out the following keywords analysis for what appears to be a scareware serving Twitter campaign which I profiled back in 2010.

Stay tuned!

Continue reading →

Exposing a Rogue Google AdSense Campaign Using Typosquatted Malware Serving Software Releases - An Analysis

Dear blog readers,

I wanted to share with everyone the details including the actual technical details behind a what appears to be a rogue and fraudulent Google AdSense campaign that's using popular software download keywords for the purpose of serving rogue and bogus potentially malicious software to unsuspecting users including the actual domain portfolio behind the campaign.

Sample screenshots include:

Stay tuned!

Continue reading →

Joseph Mlodzianowski Joining Dancho Danchev's Blog as Guest Blogger - Stay tuned!

Hi, everyone,

This is Dancho and I have some big news. Joseph Mlodzianowski (Twitter; LinkedIn) is joining my personal blog as an official Guest Blogger starting as of today so stay tuned for some high-quality security and information security research and articles to be published here courtesy of him.

Joseph's BIO:

"Joseph has a long and distinguished history of leading large teams of project, program Managers, architects, Cybersecurity Engineers and developers in the design, deployment and management of a number of multi-million dollar commercial and DoD projects. A Network, and Cybersecurity infrastructure expert, published author, Course Developer and Trainer; Joseph has many certifications including the Cisco CCIE, CNE, CISSP, ITILv4.  Joseph worked at the Department of Defense, the NSA, CIA and State Department for more then ten years as an operator, and SME, where he performed CNE/CNA functions and later led large teams to architect and build many Data Centers, Critical infrastructure and big data systems, all in pursuit of National Security initiatives.".

Thank you Joseph for the interest and I hope that you'll soon find the chance to begin contributing with high-quality security and information security research articles here.

Stay tuned!

Continue reading →

The Deepest of Them All - A Profile of Yavor Kolev - a Bulgarian Law Enforcement Officer Kidnapper and a Bulgarian Dipshit - An Analysis

Psst - where's approximately of $85,000 of my own money which I earned legally throughout the period 2012-2014? And where approximately 80% of my health based on my health pension records which Bulgaria's DANS gave me?

Ask this guy which I told you about in advance circa 2010. The results? We can't wait to see them when the real Bulgarian Law Enforcement learns about this including the actual illegal detention and restraint courtesy of Bulgarian Law Enforcement officers in my hometown Troyan, Bulgaria who stole my personal ID made a copy and locked me in a cell with no explanation for a period of four months including to lock down my phone with no explanation and no one knowing about this.

• Check out the blog post series here

Psst - Part Two - I don't use phones. Call him here - +359888795021 or send him an invitation here including ICQ - 48495113.

Stay tuned!

Continue reading →