Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

In the overwhelming sea of information, access to timely, insightful and independent open-source intelligence (OSINT) analyses is crucial for maintaining the necessary situational awareness to stay on the top of emerging security threats. This blog covers trends and fads, tactics and strategies, intersecting with third-party research, speculations and real-time CYBERINT assessments, all packed with sarcastic attitude

Monday, September 11, 2023

My Projects

Dear blog readers,

Got time?

Check out some of my projects:

- STIX/STIX2 OpenCTI Threat Intelligence and IoCs (Indicators of Compromise) Feed

- Cybercrime Maltego Graph Hacker Database v1.0

- Cybercrime Forum Data Set 2023

- Offensive Warfare 2.0 - Central Clearing House for Threat Intelligence

- OSINT Marketplace

Stay tuned!

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Saturday, September 09, 2023

Who Wants to Chat Privately With Me?

Who wants to chat privately with me? I'm using OMEMO. My XMPP ID: ddanchev@conversations.im and this is my OTR danchodanchev@xmpp.jp

Dancho Danchev

Friday, September 08, 2023

The Conti Ransomware Gang and the Trickbot Cybercrime Enterprise XMPP's and Jabber Account IDs

The power of OSINT and real-time OSINT which has been my methodology since December, 2005 when I originally launched this blog? Check out the following analysis courtesy of me which details in-depth who's behind the Conti Ransomware Gang and the Trickbot cybercrime enterprise using exclusively and entirely public sources of information in combination with my real-time OSINT methodology hence the results.

Sample XMPP and Jabber account IDs include:

LiamNeeson@jabber.ru

arb_reserved@ubuntu-jabber.de

battletoad@jabbim.sk

begemot_sun@jabber.ru

crazy_digger@jabber.ru

gfh6776@jabb.im

ivanalert@jabber.ru

landslide@jabb.im

new_henry@jabber.cz

scopehope@jabb.im

ugly@1jabber.com

valerius2k@jabber.ru

vdx17@jabber.ru

337788@exploit.im

asteradminn@sure.im

benalen@exploit.im

bio@yax.im

crunch@exploit.im

daiverjm@exploit.im

dmanager@exploit.im

fuckUSAhahaha@exploit.im

fuckusa@exploit.im

gfh6776@jabb.im

goldcoin@exploit.im

jackiedugn@exploit.im

landslide@jabb.im

martiniden123@exploit.im

mr_loki@exploit.im

posi_tron@exploit.im

pravdazanami@exploit.im

rob0660@conversations.im

scopehope@jabb.im

soulst@exploit.im

time_t@exploit.im

trqa23rt@exploit.im

volhvb@exploit.im

yastreb@exploit.im

SamCodeSign@xmpp.jp

alieelu@xmpp.jp

baton@xmpp.jp

batono@xmpp.jp

benalien@xmpp.jp

cosm123@xmpp.jp

graddds@xmpp.jp

guliver@xmpp.sh

liamliam@xmpp.jp

ohmygod728@xmpp.jp

It gets even better with the recent OFAC sanctions that also mention several interesting email address accounts:

volhvb@mail.ru

volhvb@live.ru

volhvb@yandex.ru

volhvb@gmail.com

rfonin@gmail.com

mfonin@jabber.ru

tsarev89@gmail.com

megaprof@gmail.com

refflex@gmail.com

It gets even more interesting when we dig a little bit deeper and find related domain registrations associated with these email address accounts.

For instance we have hxxp://baikal-tour.su which is a travel agency and hxxp://kurochkina.com which is Ekaterina Kurochkina who is a fashion photographer currently known as Valentina Ushenina currently a training instructor at the PortDeBras company where we have the same domains registered by a known individual on the Conti Ransomware Gang's sanctions list (megaprof@gmail.com).

We also have a Google Play application (hxxp://play.google.com/store/apps/details?id=com.WSCards.RSP&&gl=US) that also points to (hxxp://finters.su) which stands for an international sports organization.

Personally identifiable information on Valentina Ushenina include:

Skype: valentinatigra

hxxp://vk.com/id3151577

Email: kyrochkina.sug@mail.ru; tkanikurik@yahoo.com

Sample photos of Valentina Ushenina include:

All known domains known to have been registered by megaprof@gmail.com include:

hxxp://artfreegallery.us

hxxp://artfreegallery.com

hxxp://kurochkina.com

hxxp://s23.su

hxxp://baikal-tour.su

hxxp://finters.su

All known domains known to have been registered by tsarev89@gmail.com include:

hxxp://art-deko.biz

hxxp://serpwomanhealth.info

hxxp://avtofortuna.info

hxxp://knigodvor.info

hxxp://alkommet.com

hxxp://art-deko.info

Stay tuned!

Dancho Danchev

Monday, September 04, 2023

Yavor Kolev

Is it a King or it Gypsy? No, it's Yavor Kolev. Gypsy Kings to the bottom of your brain's out.

Stay tuned!

Dancho Danchev

A Psychological Profile of Nicolay Sabchev/Nikolay Subchev Troyan, Bulgarian, A Wannabe Psychedelic Trance DJ - Part of the "Local Diships Gang" - From the Awesome But I Smell Like Dipshit Department - An Analysis

This is from the "I sincerely apologies for this post but you robbed beated and home molested me and stole $85,000 with your savages friends from your and my hometown Troyan, Bulgaria without anyone knowing that also includes the police" department post.

Does it smell like dipships in Bulgaria or does it smells like dipshits in Bulgaria? Appreciate my rhetoric. It does but exactly where it does - in the toilet.

T-Shirt - $1

Haircut - $1

Equipment - $1

Sample photos:

Total amount owed during the years for existence that's so cool that cannot be appreciated due to logical and low life unappreciated existence where even nature cannot help you to "get high" - $0. How come?

That's life.

Dancho Danchev

Wednesday, August 30, 2023

About to Get Featured In a Popular Cyber Security Magazine

Dear folks. I'm about to get featured in a very prestigious cyber security magazine in a very prestigious edition. Unfortunately as I'm slowly transitioning into becoming an independent contractor again where most and the best of my research comes from I'm practically broke and I might need your assistance here. Anyone up to assist and support me here? Drop me a line and I'll explain - dancho.danchev@hush.com

Stay tuned!

Dancho Danchev

Sunday, August 27, 2023

Who's Behind the Conti Ransomware Gang?

Re-defining the basics of real-time OSINT?

Here's how it's done. Obtain quick access to a recently leaked internal communication courtesy of a major ransomware gang. Quickly attempt to data mine it looking for personally identifiable email address accounts and URLs then automatically visit these URLs and produce and publish high quality analysis on who's behind the Conti Ransomware Gang.

Here's the analysis: