This summary is not available. Please
click here to view the post.
Continue reading →
I wanted to take the time and effort and elaborate more on the so called Guccifer 2.0 enterprise which basically represent a single lone hacker who basically made a high-profile Web site compromise and actually launched a social media account behind it for the purpose of communicating the purpose of attacking and actually making the information publicly accessible online for free.
In this post I'll provide actionable intelligence on the Guccifer 2.0 enterprise which basically represent a single lone hacker that actually distributed a high-profile data leak and build a social media account behind it.
Continue reading →
Sample Personal URLs: https://guccifer2.wordpress.com; https://twitter.com/GUCCIFER_2
Sample personal email: Guccifer20@aol.fr
Sample IPs known to have been involved in the campaign: 95.13.15.34; 95.130.9.198; 212.117.164.35; 95.211.168.139
Sample VPN service provider which was used by the Guccifer 2.0 enterprise:
hxxp://ns1.vpn-service.us - 176.9.89.229 - Email: sec.service@mail.ru
hxxp://ns2.vpn-service.us - 85.17.139.9
hxxp://ns3.vpn-service.us - 212.117.164.35
hxxp://ns1.vpn-service.us - 212.32.234.134
hxxp://ns2.vpn-service.us - 37.48.92.139
hxxp://ns3.vpn-service.us - 193.161.87.105
Sample screenshots of conversation with the Guccifer 2.0 enterprise:
Stay tuned!
Dear blog readers,
I've decided to share some of the actionable intelligence that I have at my disposal regarding the FBI's Most Wanted Iran-based Mabna Hackers which I originally outlined in my second release of the "A Qualitative and Technical Collection OSINT-Enriched Analysis of the Iranian Hacking Scene Through the Prism of the Infamous Ashiyane Digital Security Team" where you can also obtain a copy of the first release entitled "Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran" in terms of catching up in terms of what Iran-based hackers and hacking groups are up to up to present day with the research report basically representing one of the most comprehensive and in-depth publicly accessible report on Iran's hacking scene.
Sample screenshots of Mabna Institute including the associated Web sites where the information is offered:
Sample phishing URLs known to have been involved in the campaign:
ezvpn.mskcc.saea.ga
library.asu.saea.ga
library.lehigh.saea.ga
moodle.ucl.ac.saea.ga
saea.ga
unex.learn.saea.ga
unomaha.on.saea.ga
www.uvic.saea.ga
catalog.lib.usm.edu.seae.tk
elearning.uky.edu.seae.tk
www.aladin.wrlc.org.seae.tk
alexandria.rice.ulibr.ga
cmich.ulibr.ga
columbia.ulibr.ga
edu.edu.libt.cf
ezproxy-authcate.lib.monash.ulibr.ga
login.revproxy.brown.edu.edu.libt.cf
ezproxy-authcate.monash.lib.ulibr.ga
ezproxy-f.deakin.au.ulibr.ga
lib.dundee.ac.uk.ulibr.ga
cas.usherbrooke.ca.cavc.tk
catalog.lib.ksu.edu.cavc.tk
isa.epfl.ch.cavc.tk
login.vcu.edu.cavc.tk
www.med.unc.edu.cavc.tk
cas.iu.edu.cavc.tk
ltuvpn.latrobe.edu.au.reactivation.in
passport.pitt.edu.reactivation.in
edu.login.revproxy.brown.edu.libt.cf
shibboleth.nyu.edu.reactivation.in
login.revproxy.brown.edu.login.revproxy.brown.edu.libt.cf
weblogin.pennkey.upenn.edu.reactivation.in
webmail.reactivation.in
www.ezlibproxy1.ntu.edu.sg.reactivation.in
www.ezpa.library.ualberta.ca.reactivation.in
www.lib.just.edu.jo.reactivation.in
www.passport.pitt.edu.reactivation.in
shib.ncsu.ulibr.cf/
www.shibboleth.nyu.edu.reactivation.in
www.weblogin.pennkey.upenn.edu.reactivation.in
ezlibproxy1.ntu.edu.sg.reactivation.in
login.revproxy.brown.edu.libt.cf
weblogin.umich.edu.lib2.ml
catalog.sju.edu.mncr.tk
ezpa.library.ualberta.ca.reactivation.in
lib.just.edu.jo.reactivation.in
login.ezproxy.lib.purdue.edu.reactivation.in
login.libproxy.temple.shibboleth2.uchicago.ulibr.cf
shib.ncsu.shibboleth2.uchicago.ulibr.cf
shibboleth2.uchicago.shibboleth2.uchicago.ulibr.cf
singlesignon.gwu.shibboleth2.uchicago.ulibr.cf
webauth.ox.ac.uk.shibboleth2.uchicago.ulibr.cf
edu.libt.cf
login.libproxy.temple.ulibr.cf
shib.ncsu.ulibr.cf
singlesignon.gwu.ulibr.cf
webauth.ox.ac.uk.ulibr.cf
library.cornell.ulibr.ga
login.ezproxy.gsu.ulibr.ga
shibboleth2.uchicago.ulibr.cf
login.library.nyu.ulibr.ga
mail.ulibr.ga
webcat.lib.unc.ulibr.ga
www.ulibr.ga
www.alexandria.rice.ulibr.ga
www.cmich.ulibr.ga
www.columbia.ulibr.ga
www.ezproxy-authcate.lib.monash.ulibr.ga
www.ezproxy-authcate.monash.lib.ulibr.ga
www.ezproxy-f.deakin.au.ulibr.ga
www.lib.dundee.ac.uk.ulibr.ga
www.library.cornell.ulibr.ga
www.login.ezproxy.gsu.ulibr.ga
www.login.library.nyu.ulibr.ga
auth.berkeley.edu.libna.ml
sso.lib.uts.edu.au.libna.ml
bb.uvm.edu.cvre.tk
cline.lib.nau.edu.cvre.tk
illiad.lib.binghamton.edu.cvre.tk
libcat.smu.edu.cvre.tk
login.brandeis.edu.cvre.tk
msim.cvre.tk
libcat.library.qut.nsae.ml
www.webcat.lib.unc.ulibr.ga
Sample domains known to have been involved in the campaign:
mlibo.ml
blibo.ga
azll.cf
azlll.cf
lzll.cf
jlll.cf
elll.cf
lllib.cf
tsll.cf
ulll.tk
tlll.cf
libt.ga
libk.ga
libf.ga
libe.ga
liba.gq
libver.ml
ntll.tk
ills.cf
vtll.cf
clll.tk
stll.tk
llii.xyz
lill.pro
eduv.icu
univ.red
unir.cf
unir.gq
unisv.xyz
unir.ml
unin.icu
unie.ml
unip.gq
unie.ga
unip.cf
nimc.ga
nimc.ml
savantaz.cf
unie.gq
unip.ga
unip.ml
unir.ga
untc.me
jhbn.me
unts.me
uncr.me
lib-service.com
unvc.me
untf.me
nimc.cf
anvc.me
ebookfafa.com
nicn.gq
untc.ir
librarylog.in
llli.nl
lllf.nl
libg.tk
ttil.nl
llil.nl
lliv.nl
llit.site
flil.cf
e-library.me
cill.ml
fill.cf
libm.ga
eill.cf
llib.cf
eill.ga
nuec.cf
illl.cf
cnen.cf
aill.nl
eill.nl
mlib.cf
ulll.cf
nlll.cf
clll.nl
llii.cf
etll.cf
1edu.in
aill.cf
atna.cf
atti.cf
aztt.tk
cave.gq
ccli.cf
cnma.cf
cntt.cf
crll.tk
csll.cf
ctll.tk
cvnc.ga
cvve.cf
czll.tk
cztt.tk
euca.cf
euce.in
ezll.tk
ezplog.in
ezproxy.tk
eztt.tk
flll.cf
iell.tk
iull.tk
izll.tk
lett.cf
lib1.bid
lib1.pw
libb.ga
libe.ml
libg.cf
libg.ga
libg.gq
libloan.xyz
libnicinfo.xyz
libraryme.ir
libt.ml
libu.gq
lill.gq
llbt.tk
llib.ga
llic.cf
llic.tk
llil.cf
llit.cf
lliv.tk
llse.cf
ncll.tk
ncnc.cf
nctt.tk
necr.ga
nika.ga
nsae.ml
nuec.ml
rill.cf
rnva.cf
rtll.tk
sctt.cf
shibboleth.link
sitl.tk
slli.cf
till.cf
titt.cf
uill.cf
uitt.tk
ulibe.ml
ulibr.ga
umlib.ml
umll.tk
uni-lb.com
unll.tk
utll.tk
vsre.cf
web2lib.info
xill.tk
zedviros.ir
zill.cf
Sample IPs known to have been involved in the campaign:
103.241.3.91
104.152.168.23
107.180.57.7
107.180.58.47
138.201.17.56
144.217.120.73
144.76.189.80
162.218.237.3
167.114.103.215
173.254.239.2
176.31.33.115
178.33.115.10
184.95.37.90
185.105.185.22
185.28.21.83
185.55.227.104
185.86.180.250
188.40.34.186
193.70.117.250
195.154.102.75
198.252.106.149
198.91.81.5
199.204.187.164
31.220.20.111
66.70.197.208
78.46.77.105
79.175.181.11
82.102.15.215
87.98.249.207
88.99.139.8
88.99.160.209
88.99.40.240
88.99.69.4
93.174.95.64
94.76.204.201
136.243.145.233
136.243.198.45
141.8.224.221
148.251.116.93
148.251.12.172
162.218.237.31
167.114.13.164
172.246.144.34
173.254.239.217
6.31.33.115
176.31.33.116
176.9.188.235
85.28.21.83
185.28.21.95
192.169.82.134
198.27.68.142
198.91.81.51
45.35.33.126
46.4.91.26
5.135.123.163
5.196.194.234
51.254.198.131
51.254.21.142
79.175.181.118
88.99.128.229
88.99.139.88
88.99.69.49
3.174.95.64
Stay tuned!
Continue reading →
I wanted to take the time and effort and elaborate more on some of the current activities behind my currently ongoing Law Enforcement and OSINT Operation "Uncle George" where I've managed to process and actively crawl approximately 1M of publicly accessible cybercrime forum community web sites for the purpose of enriching and actually distributing the Data Set to interested parties with the idea to assist U.S Law Enforcement and the U.S Intelligence Community on its way to properly respond to track down and prosecute the cybercriminals behind these campaigns.
The current state of Law Enforcement and OSINT Operation "Uncle George" is that I've been approached by several vendors including independent researchers who expressed interest in obtaining access to the Data Set for the purpose of data mining and enriching it.
I've also decided to share some recently produced graphs which basically represent a decent portion of popular keywords and topics that cybercriminals are busy discussing on the communities found in the original Law Enforcement and OSINT operation "Uncle George" cybercrime forum Data Set.
Users organizations and vendors interested in obtaining access to the Cybercrime Forum Data Set for 2019 can approach me at dancho.danchev@hush.com and I'd be happy to share a copy for research purposes and the actual enrichment process.
Sample screenshots of active cybercrime research intelligence and clustered words produced by me while working on my Law Enforcement and OSINT Operation "Uncle George":
Dancho Danchev's Disappearance - 2010 - Official Complaint Against Republic of Bulgaria - Part Two
0
This is a quick note on my current situation in my home town in Troyan Bulgaria where I was originally kidnapped and home molested by three police offers from the local police department who stole my ID from my place and with no witnesses escorted my and locked me in a room in another town for a period of several months and injected me on a daily basis without anyone's knowledge and with no legal action and legal consequences from anyone including anyone from Republic of Bulgaria.
Bulgarian name of people involved in my kidnapping and illegal arrest including robbery 5 years later that used to act as local police inspectors in Troyan Police, Bulgaria circa 2010:
- Марин Моев Маринов
- Павлин Стоянов Георгиев
- Красимир Михов Колев
- Тихомир Найденов Славков\
- Стефан Иванов Милев
- Анатоли Пламенов Трифонов
- Станимир Цочев Инковски
- Иван Недялков Иванов
- Мирослав Стойков Михайлов
- Васил Моев Гачевски
- Божидар Банков Петров
- Веско Цветанов Минков
- Момчил Стефанов Цочев
- Минко Стоянов Минков
- Георги Митков Илиев
Sample personal photo of my personal kidnapper circa 2010 from my place in Troyan, Bulgaria - Павлин Стоянов Георгиев (https://www.facebook.com/profile.php?id=100005932519460):
Email: dans@dans.bg
Telefon za korupciq na slujiteli na MVR - 02 / 982 22 22
GDBOP - Signal za korupciq i izpirane na pari - gdbop@mvr.bg
Nachalnik RPU Troyan - rutr.lo@mvr.bg
Troyan Police - Email: police_troyan@abv.bg
Troyan Hospital - Email: mbal_troyan@abv.bg
Lovech Psychiatry Clinic - Email: dpblovech@abv.bg
Troyan Municipality - Email: mail@troyan.bg
Related reading:
Missing Durzhavna Sigurnost? Worry about your IP (Intellectual Property) as if it was U.S National Security? Did the Klingons did it? Keep reading.
asen.kumanov@dans.bg
milko.milenov@dans.bg
miroslav.tsvetkov@dans.bg
tsvetan.kitov@dans.bg
Continue reading →
I've decided to share with you the details of my most recently launched and permanent Dark Web crowd-funding project where I aim to raise the necessary amount in BitCoin for the purpose of working with and hiring VR application developers who can assist in building and developing the World's first VR social network platform for hackers and security experts.
Check out the Dark Web Onion here (http://iysxzy3z5qjtr5pipcuj5webwfrjnh7mvgb7jl5ki2iypvnj3j5u4pid.onion/) including the clearnet URL here and donate today to support the project.
Stay tuned!
Continue reading →
Dear blog readers,
I've decided to post a second update to my original FBI's Most Wanted Iran-based Cybercriminals post including the original research on Iran's Hacking Ecosystem and the second edition of the report with the idea to assist U.S Law Enforcement and the U.S Intelligence Community on its way to track down and prosecute the cybercriminals behind these campaigns.
Sample personally identifiable information for Omid Ghaffarinia a.k.a Plus:
Name: Omid Ghaffarinia
Handle: Plus
Email: omid.ghaffarinia@gmail.com; plus.ashiyane@gmail.com; omid.ghaffarinia@alum.sharif.edu
Phone: 091 2444 9002
Web Site: http://alum.sharif.ir/~omid.ghaffarinia/; http://alum.sharif.ir/~omid.ghaffarinia/; http://omidplus.persiangig.com/;
Social Media Accounts: https://plus.google.com/109226633947780718251; https://plus.google.com/109226633947780718251
Sample Maltego SNA (Social Network Analysis) of Omid Ghaffarinia a.k.a Plus:
Sample Maltego SNA (Social Network Analysis) of Omid Ghaffarinia a.k.a Plus:
Sample personal photos of FBI's Most Wanted Omid Ghaffarinia a.k.a Plus:
Stay tuned!
Continue reading →
Subscribe to:
Comments (Atom)
RSS Feed