Friday, February 21, 2025

Exposing the Black Basta Ransomware Group

UPDATED:

Exposing the Black Basta Ransomware Group - Part Two

Exposing the Black Basta Ransomware Group - Part Three

An image is worth a thousand words.

Sample photos:

















































- No comments:

Friday, January 17, 2025

A Peek Inside the Current State of BitCoin Exchanges

Dear blog readers,

In this post I'll provide some actionable intelligence on the current state of active BitCoin Exchanges landscape with the idea to assist everyone on their way to properly attribute a fraudulent or malicious transaction or to dig a little bit deeper inside the infrastructure and financial infrastructure behind these BitCoin Exchanges.

Sample BitCoin Exchanges URLs:

hxxp://bisq.network
hxxp://blockdx.net
hxxp://boltz.exchange
hxxp://changenow.io
hxxp://coinswap.click
hxxp://crp.is
hxxp://exch.cx
hxxp://exchanger.infinity.taxi
hxxp://exolix.com
hxxp://fixedfloat.com
hxxp://godex.io
hxxp://hodlhodl.com
hxxp://letsexchange.io
hxxp://localmonero.co
hxxp://majesticbank.at
hxxp://mandala.exchange
hxxp://peachbitcoin.com
hxxp://sideshift.ai
hxxp://stealthex.io
hxxp://tradeogre.com
hxxp://unstoppableswap.net
hxxp://vexl.it
hxxp://bitswitch.io
hxxp://wizardswap.io
hxxp://xchange.me

Sample known responding IPs:

172.67.172.108
91.195.240.19
51.68.37.66
188.165.1.80
104.21.80.1
104.21.64.1
36.86.63.182
172.67.69.184
188.114.99.236
188.114.96.18
185.178.208.163
3.24.66.78
188.114.98.229
104.26.7.14
188.114.99.229
103.154.123.132
172.67.68.152
188.114.98.224
182.23.79.195
203.119.13.75
203.119.13.76
186.2.163.71
91.215.41.54
176.9.158.211
188.114.98.128
146.112.61.107
188.114.99.192
162.241.216.218
128.242.250.148
208.101.21.43
202.160.130.52
202.160.128.210
146.112.61.106
89.41.182.24
89.41.182.99
193.168.141.179
193.168.141.55
72.52.178.23
13.248.148.254
104.21.58.171
206.189.58.26
167.99.246.105
54.66.176.79
157.245.84.7
188.114.97.4
188.114.96.4
188.114.97.12
95.214.53.250
159.89.122.145
104.21.60.147
172.67.197.200
172.64.86.149
15.235.75.245
104.18.45.100
188.114.97.1
104.31.82.18
192.29.39.98
107.154.236.60
107.154.141.60
172.67.70.100
192.29.39.48
65.8.227.25
13.225.229.65
18.160.144.91
13.35.245.111
13.249.64.117
172.217.12.179
172.217.16.179
198.18.1.141
34.196.254.27
92.242.140.6
185.66.143.187
188.114.96.6
188.114.97.10
188.114.96.14
104.31.83.21
104.21.34.110
188.114.97.14
192.186.250.199
188.114.97.11
18.102.16.191
13.50.141.112
176.9.29.194
104.26.1.187
34.234.52.18
65.0.79.182
173.236.182.137
104.244.46.93
198.18.1.164
108.160.165.211
52.25.92.0
86.35.3.193
50.63.202.31
104.21.112.1
184.168.221.26
50.63.202.19
172.67.134.215
255.255.255.255
23.217.138.108
149.202.88.23
184.168.221.42
45.60.153.115
15.165.119.196
188.114.96.0
15.164.135.176
18.173.233.64
104.26.13.101
188.114.97.20
108.160.170.41
104.21.81.250
188.114.97.6
188.114.97.3
104.21.32.1
172.67.128.64
104.26.7.183
184.168.221.44
172.64.80.1
23.202.231.167

- No comments:

A Peek Inside the Current State of BitCoin Mixers

Dear blog readers,

In this post I'll provide some actionable intelligence on the current state of active BitCoin Mixers landscape with the idea to assist everyone on their way to properly attribute a fraudulent or malicious transaction or to dig a little bit deeper inside the infrastructure and financial infrastructure behind these BitCoin Mixers.

Sample known BitCoin Mixer URLs:

hxxp://anonymixer.com
hxxp://bitmixer.online
hxxp://chipmixer.com
hxxp://coinomize.biz
hxxp://coinomize.co
hxxp://coinomize.is
hxxp://cryptomixer.io
hxxp://gingerwallet.io
hxxp://jambler.io
hxxp://jokermix.to
hxxp://medusamixer.io
hxxp://blindmixer.com
hxxp://mixer.money
hxxp://mixerdream.com
hxxp://mixero.io
hxxp://mixtum.io
hxxp://mixtura.money
hxxp://mixy.money
hxxp://puremixer.io
hxxp://sparrowwallet.com
hxxp://swamplizard.io
hxxp://tengricrypto.com
hxxp://thormixer.io
hxxp://unijoin.io
hxxp://webmixer.io
hxxp://whir.to

Sample known responding IPs:
104.21.14.15
172.67.133.191
136.228.192.103
172.64.101.28
172.64.98.33
104.21.36.129
172.67.158.129
188.114.97.3
188.114.97.1
172.67.142.24
185.205.69.10
135.181.110.78
93.95.231.89
34.102.136.180
172.67.188.123
104.26.3.240
198.177.120.27
104.21.58.174
188.114.99.229
188.114.98.224
104.21.79.112
34.102.155.139
216.246.46.117
172.67.170.136
172.67.172.23
108.167.189.28
162.241.61.115
108.167.189.61
192.185.4.130
188.114.97.0
172.67.180.202
188.114.96.4
104.21.34.115
172.67.160.123
46.101.27.21
108.160.143.236
188.114.96.3
172.67.170.175
104.21.63.126
65.109.166.143
103.224.212.100
93.95.231.80
199.59.243.226
37.120.206.181
172.64.174.24
152.89.162.34
188.114.96.0
46.17.96.4
103.224.212.210
186.2.163.238
101.99.91.215
172.67.154.113
104.21.69.169
185.178.208.78
172.67.210.143
 

188.114.98.229
188.114.97.4
188.114.96.14
172.67.158.73
188.114.97.2
172.67.70.29
188.114.97.14
104.26.5.134
186.2.163.228
23.202.231.167
104.21.96.1
198.54.117.210
188.114.97.22
198.54.117.200
188.114.97.7
149.28.138.23
45.180.20.12
185.86.149.239
218.93.250.18
185.178.208.139
172.67.191.198
188.114.99.224
104.21.43.207
46.28.207.19
104.26.3.196
13.248.151.237
104.21.36.95
172.64.80.1
36.86.63.182
172.64.165.7
23.217.138.112
 

185.178.208.159
172.67.206.39
104.21.16.160
172.67.154.213
104.21.6.88
5.61.48.183
172.67.154.211
104.239.213.7
45.76.91.219
46.101.124.25
23.195.69.112
104.21.6.90
164.92.229.238

Stay tuned.

- No comments:

Profiling the iSpoof Cybercrime Enterprise

Dear blog readers,

In this post I decided to take a look at the hxxp://ispoof.cc cybercrime enterprise in terms of providing actionable intelligence on its Internet connected infrastructure.




Sample known responding IPs:

116.203.61.96
104.26.14.153
172.67.75.247
104.26.15.153
104.21.60.205
172.67.201.73
172.67.150.241
104.21.0.121
104.21.23.23
172.67.208.110
172.64.205.7
172.64.204.7

Related domains known to have been parked at the same IP (116.203.61.96):

hxxp://ivshare4.xyz
hxxp://spoofsystem.co.uk
hxxp://civi-bi.com
hxxp://ispoof.cc

Sample screenshots:




 
Stay tuned.
- No comments:
Subscribe to: Comments (Atom)