Introducing the "Certificate Crowd" - Brace Yourselves!

Continue reading →

Announcing Astalavista.box.sk's Flagship Search Engine for Hackers!

This summary is not available. Please click here to view the post. Continue reading →

Forum Administrator of a Popular Cybercrime-Friendly Community Runs DDoS for Hire Service - An OSINT Analysis

 

An image is worth a thousand words.

Stay tuned!

Continue reading →

Exposing a Currently Active Malicious and Fraudulent Domain Portfolio Managed and Operated by Members of a Known Cybercrime-Friendly Community - An OSINT Analysis

Related domains known to have been involved in the campaign and that are currently managed and operated by members of a well known cybercrime-friendly forum community:

hacklab.pro

news-plus.info

proxybase.net

net-net-net-net.net

net-net.net

net-net-net-net-net.net

mobservdot.com

hs-mail.com

gohlke-hs-mail.com

net-net-net.net

net---net.net

mahadevia.com

mediamaxfilms.com

inter-net-net.net

net--net.net

net-net-net-net-net-net.net

trojanbotnet.com

millionevents.net

kombykorm.kz

knoc.kz

putehestvie.com

extendedfor.xyz

xaker.top

djamix.space

kuninganonline.com

comawhite.net

123buildmysite.com

bestpochta.com

thegingerzone.com

theaxiompress.com

alanmclaughlin.com

theaxiompress.net

0816yl.net

mitrapengujian.com

mitraautomation.com

mitra-timbangan.com

webisnis.com

bantalonline.com

autonewblog.com

kurortsochi.com

matemat.xyz

imeretinskiy.club

djamix.xyz

djamix.site

cansistent.com

safron.site

depsdm-kemenpan.com

hdb-global.com

gdlexpress.com

bwt-logistic.com

arc-sch.com

manesinc1.com

manesinc.com

rampstercorp.com

js-top.link

js-cdn.link

js-save.link

sexonlyvideo.com

hypermgp.com

mgpproject.net

hardlink.biz

buyrolex.biz

yourmpgvideo.com

mobiledatadevice.biz

noteshere.net

mmmstock.com

mmmtrust.net

mmmbook.net

cloudaway.com

greatgadgetsstore.com

mmmfz.top

kkkfz.top

hhhlj.top

hhhfz.top

10-2-2.com

365import.com

1-in-2-2.com

test-javier-2-2.com

gz2510.com

zqlankou.com

2-0-2-2.com

testci47570399d5.com

baomaev.com

zhongdaojiaoyu.cn

gzpylv.com

electronsurge.com

6-2-2.com

9-2-2.com

uiautotest-2-2.com

jiuzhoufj.com

entertt.com

dz1688.com

wonghao.top

china2-2-2.com

agnesbinagwaho.com

multi17.cn

ffflj.top

kkklj.top

ggglj.top

gggfz.top

jjjfz.top

999fz.top

hotmy.net

zcggz.org

autosecure.net

tacwj.org

lawguides2008.net

wohsl.org

auth2.net

mjnxs.org

yamahayzfr1.us

zdofd.org

stabantitheft.us

xauov.org

gamerplanet1.com

ydtmj.org

juicedetails.com

yprwm.org

discountgoods2012.com

qlkux.org

jewelrystoresnow.com

vzzub.org

onlinerace4u.com

yaphq.org

tradecars1.com

vobkx.org

pindostan.us

xowds.org

patefon32.us

frefh.org

pilot-cooking.us

wcyso.org

technics22.us

gzxinyakj.com

incorruptible-computers.com

solartope.com

stemcellplant.com

thoughtclone.com

stellarphonicorchestra.com

solarlaserproductions.com

chez-2-2.com

yzzby.com

sko5.com

kxiduo.com

im0000.com

gzima.com

oaiwen.com

njbhzs.com

aoyaok.com

30-2-2.com

batteryblitzer.com

testpathbe-2-2.com

look-not.com

boon-2-2.com

0-2-2.com

crowdfundance.com

xn--22-iz2c.com

sakura2-2-2.com

accesslogs-2-2.com

4-4-2-2.com

3-2-2.com

8-2-2.com

2--2.com

2-2-2.com

2-2.com

netholderace.com

ejsldk.info

ip-info-2-2.com

2-2-2-2-2.com

ip10-2-2.com

huawei2-2-2.com

hua-wei-2-2-2.com

test-site-paid-ads-2-2-2-2-2-2.com

ip-2-2-2-2.com

arataka-2-2.com

t-2-2.com

future-beam.com

kobayashi8.com

wwb-company.com

crowdfundance.net

advertdatacache.com

peaceplanet.info

infohoster.net

crowdfundance.info

light-surge.com

industrial-laser-engraving.com

cloudydaysolar.org

sustainable-computers.com

sergedouw.com

litesurge.com

incredible-computers.com

incorruptiblecomputers.com

futurebeam.com

bleepmusic.com

a-weekend.com

crowdfundance.org

2--2--2.com

4-2-2.com

2-2-2-2.com

en-2-2.com

e-netanteisha-2-2.com

1-2-2.com

5-2-2.com

salad2-2-2.com

mmiller-ep5-native-products-2-2.com

6-7-8-2-2.com

qa-mil-1827-2-2.com

cloudydaysolar.com

7-2-2.com

robustinverters.com

d3520-2-2.com

swissjabber.ch

ud-22-2-2.com

internationalidentification.org

trainhorn.us

ysiuemg.com

zqiwie.com

tywhus8.com

mmkdsk.com

jdhfsai.com

zquweh.com

bizzkit.com

peaceapproach.com

xyapakikixox.info

jincheng1.com

dinzarikbu.info

dadsbigshed.com

765system.link

goo678.com

thebestupdates.com

igo678.com

kartoxa.biz

moto288.com

himybro.biz

mybro.biz

nilai-wuhan.com

theearninggame.com

theearninggame.info

themusicaltree.info

themusicaltree.org

biggiftwinner.com

sustainabilityhive.com

hiranks.com

themusicaltree.com

successsurge.com

boomaweb.com

themusicaltree.net

theearninggame.net

theearninggame.biz

themusicaltree.biz

greenlifeincome.com

rome0.net

nipdq.org

superman-deals.us

ddgxq.org

computer-helping.us

eggvd.org

logical-board.us

hfduv.org

green-monkeys.us

pikwk.org

train-pro.us

ungrd.org

magic-deals.us

plpbd.org

magicislands.us

tmagm.org

applepie1.us

qxieb.org

ulcmk.org

nwchf.org

kuvvh.org

mxqmo.org

nkuii.org

ggboy.org

nwrsm.org

zpmph.org

greencomputer.us

mvliw.org

snikers.us

ifynq.org

changeshops.us

sxdyv.org

tviks.us

dflcj.org

crazystyles.us

ljsey.org

download-apple.us

jixld.org

tradecars1.us

htfjs.org

fruite-ninjas.us

adsee.net

get-health.us

rmfns.org

itunes-media.us

gszyb.org

pingvin.us

iicsj.org

money-bags.us

pwmlg.org

sennheiser-mp3.us

uzebg.org

mycompanyaddress.us

iulrf.org

sportsvalley.us

luqob.org

online-markets1.us

hlfcm.com

easterniowaweather.info

xn--22-zja.com

4s6.com

xn--22-ng4atbj2c1b4ac1cg7nscs2fzfsevc5ioa.com

szsungold.com

kellytoys4u.com

jncjpxxx.com

ysbsqa-farm4mig2wh2-2-2.com

colourfullvibations.com

colourfulvibrations.com

laserlords.com

bwqj.info

feathersdream.info

peaceplanetproductions.com

peaceplanit.com

loanomat.com

eeywz.org

cclev.org

aqsax.org

acqlb.org

sellomat.com

xn--22-dr5c.com

solartope.org

emsjjkd.net

1-2-2-2.com

shmomom.com

backlink9000-2-2.com

3acai.org

3acai.net

drjmm.org

besth2o.biz

incorruptibleworld.com

Related domains known to have been involved in the campaign and are currently run managed and operated by members of a well-known cybercrime-friendly forum community:

hs-mail.com

gohlke-hs-mail.com

mobservdot.com

rampstercorp.com

swissjabber.ch

internationalidentification.org

wwb-company.com

advertdatacache.com

infohoster.net

millionevents.net

kurortsochi.com

kombykorm.kz

matemat.xyz

knoc.kz

trojanbotnet.com

js-magic.link

js-cdn.link

js-sucuri.link

noteshere.net

mmmstock.com

mmmtrust.net

cloudaway.com

mmmbook.net

greatgadgetsstore.com

sexonlyvideo.com

hypermgp.com

mgpproject.net

hardlink.biz

buyrolex.biz

yourmpgvideo.com

mobiledatadevice.biz

imeretinskiy.club

putehestvie.com

djamix.xyz

extendedfor.xyz

djamix.site

xaker.top

safron.site

djamix.space

kellytoys4u.com

kartoxa.biz

inter-net-net.net

mitraautomation.com

himybro.biz

phoenixlatenightbandits.com

mitra-timbangan.com

mybro.biz

net--net.net

autonewblog.com

rome0.net

favoraim.com

net-net-net-net-net-net.net

hdb-global.com

gdlexpress.com

bwt-logistic.com

arc-sch.com

manesinc1.com

manesinc.com

cansistent.com

depsdm-kemenpan.com

hacklab.pro

bestpochta.com

kuninganonline.com

news-plus.info

net-net-net-net.net

comawhite.net

proxybase.net

net-net.net

123buildmysite.com

net-net-net-net-net.net

theaxiompress.com

xyapakikixox.info

net-net-net.net

bukadarbasit.com

dinzarikbu.info

net---net.net

alanmclaughlin.com

765system.link

mahadevia.com

webisnis.com

thebestupdates.com

mediamaxfilms.com

mitrapengujian.com

Stay tuned!

Continue reading →

In Retrospective - The "Office" Circa 2006 Up To Present Day

This summary is not available. Please click here to view the post. Continue reading →

Exposing a Currently Active Malicious Free VPN Domain Portfolio Run and Operated by the NSA - An OSINT Analysis

From this. 

Currently active free VPN servive domains courtesy of the NSA known to have been participating in the campaign:

bluewebx.com

bluewebx.us

irs1.ga

iranianvpn.net

IRSV.ME

DNSSPEEDY.TK

ironvpn.tk

ironvpn.pw

irgomake.win

make-account.us

make-account.ir

IRANTUNEL.COM

JET-VPN.COM

newhost.ir

homeunix.net

vpnmakers.com

hidethisip.info

uk.myfastport.com

witopia.net

worldserver.in

music30ty.net

misconfused.org

privatetunnel.com

aseman-sky.in

Related domains known to have been involved in the campaign:

gaysexvideo.us

keezmovies.us

hitporntube.com

enjoyfreesex.com

allfreesextube.com

thegaytubes.com

sextubeshop.com

pornfetishexxx.com

ebonypornox.com

freepornpig.com

marriagesextube.com

searchporntubes.com

suckporntube.com

darlingmatures.com

pornretrotube.com

teensexfusion.net

rough18.us

teendorf.us

1retrotube.com

typeteam.com

biosextube.com

hadcoreporntube.com

reporntube.com

telltake.com

asianprivatetube.com

hostednude.com

alfaporn.com

sexbring.com

porntubem.com

newerotictube.com

firstretrotube.com

oralsexlove.com

1bdsmtubes.com

hairytubeporn.com

brunettetubex.com

tubelatinaporn.com

xxxgaytubes.com

analxxxvideo.com

analsexytube.com

aeroxxxtube.com

amateurpornlove.com

admingay.com

xxxretrotube.com

xxxshemaletubes.com

hotpornstartube.com

firsttrannytube.com

erotixtubes.com

1pornstartube.com

1asiantube.com

18mpegs.com

maturediva.com

elitematures.com

vipmatures.com

pcsextube.com

porn-vote.com

pornbrunettes.com

maturedtube.com

alfatubes.com

maturetubesexy.com

justhairyporn.com

hotblowjobporn.com

homemadetubez.com

homemadexx.com

golesbiansex.com

fuck-k.com

freebdsmxxx.com

emeraldporntube.com

dosextube.com

bigtitslove.com

yoursex.sexy

tubez.sexy

japaneseporn.win

hdfuck.me

tubelesbianporn.com

vipebonytube.com

vipamateurtube.com

largematuretube.com

latinosextube.com

xxxhardest.com

tubebigtit.com

tubesexa.com

realfetishtube.com

pornways.com

Related domains known to have participated in the campaign:

hi2panel.us

androidserver.us

make22.us

make46.us

make58.us

make-account.us

irspeedy.info

memolfashion.com

irspeedy.com

downloadpluse.com

make-account.com

kashkashun.com

erfan-shop.com

digidoorbin.com

make34.us

make94.us

make82.us

make70.us

make166.us

takeaw.us

irspeedyy.us

make-account2.us

downloadplus.link

mehrdad.biz

mypayments.me

appleid22.com

susadns.com

saba-sdi.com

saba-sdi.design

bluewebx.com

Stay tuned!

Continue reading →

My Compilations of Personally Identifiable Information Belonging to Multiple International and High-Profile Cyber Threat Actors - An Elaboration

Awesome!

I just got my first Notice of European Data Protection Law Removal Request for my personal blog in particular for one of my compilations of personally identifiable information. Great stuff!

Continue reading →

Commenting on the SANS Threat Intelligence Summit 2021 Presentations - An Analysis and Practical Recommendations

Hi everyone,

I recently came across to the entire portfolio of SANS Threat Intelligence Summit presentations which are currently online at YouTube and I've decided to take the time and effort to go through them and offer practical and relevant threat intelligence and OSINT advice and recommendations which I hope will come handy to the presenters including anyone currently working in the field or interested in making an impact as a threat intelligence analyst.

Sample presentations from the Summit include:

- Analyzing Chinese Information Operations with Threat Intelligence - this is a pretty informative presentation that offers practical and relevant Information Operations advice including a pretty decent case study on the topic of a high-profile information leak campaign based in China

- Collections and Elections: How The New York Times built an intel collections program in 2020 - this is a pretty informative presentation that offers an in-depth and relevant advice on building threat intelligence capabilities in terms of building a threat intelligence team including a first person experience in the process of building a threat intelligence program

- Better Than Binary: Elevating State Sponsored Attribution via Spectrum of State Responsibility - this is a pretty informative presentation that offers a very good overview of various threat intelligence techniques including collection enrichment and actual technical collection advice

What the presenters should keep in mind when doing their research and homework is to actually implement a threat intelligence "rock star" mentality when doing research and actually attempt to take a step higher in their research and make disruption and actually take both active and proactive measures and actions against specific cyber threat actors and adversaries.

I've been recently working on several articles on the topic of threat intelligence and I came up with a proper article which I'll share in this post with the idea to improve my reader's situational awareness on the topic eventually improving the way they work and do threat intelligence gathering online.

----------------------

00. The Basics of Threat Intelligence - A Novice Cyber Threat Researcher’s Guide

In this article we’ll aim to successfully provide an in-depth overview of the Threat Intelligence Gathering process including various methodologies for processing enriching and dissemination including active case studies and in-depth overview of various standards and technologies including an in-depth overview of various Threat Intelligence Gathering tools and techniques. This article aims to successfully provide readers with general and in-depth overview of the Threat Intelligence Gathering process including live and relevant examples including in-depth overview of various Threat Intelligence Gathering tools and techniques.

This article is aiming to target a diverse set of audience including security practitioners information security professionals threat intelligence analysts and organizations seeking an informative and educational approach further understanding the basics of threat intelligence including an in-depth overview of various threat intelligence methodologies and practices including a variety of in-depth case studies related to threat intelligence gathering including an in-depth discussion on various methodologies and threat intelligence gathering tools.

Overview of Threat Intelligence

Threat intelligence is a multi-disciplinary approach to collecting processing and disseminating actionable threat intelligence for the purpose of ensuring that an organizations security defense is actively aware of threats facing its infrastructure so that an adequate and cost-effective strategy can be formulated to ensure the confidentiality integrity and availability of the information. Threat Intelligence is the process of collecting processing and disseminating actionable intelligence for the purpose of ensuring that an organizations infrastructure remains properly secured from threats facing its infrastructure. The collection phrase can be best described as the process of obtaining processing and analyzing actionable threat intelligence for the purpose of processing and disseminating the processed data. The collection phrase consists of actively obtaining real-time threat intelligence data for the purpose of processing enriching and assessing the data for the purpose of processing and disseminating the data.

The collection phase consists of active monitoring of sources of interest including various public and privately closed community sources for the purpose of establishing an active threat intelligence gathering program foundation. The collection phrase consists of assessing and selecting a diverse set of primary and secondary public and privately closed sources for the purpose of establishing a threat intelligence gathering model. The collection phase consists of assessing and selecting primary and secondary public and privately closed sources for the purpose of establishing an active threat intelligence collection model. The collection phase consists of assessing the primary secondary public and privately closed sources for the purpose of establishing an active threat intelligence gathering collection model. The collection phase consists of assessing and selecting the primary and secondary public and privately closed sources for the purpose of establishing the foundations of the collection phrase.

What analysts should keep in mind when doing threat intelligence collection including the actual Technical Collection process in terms of obtaining access to actual raw threat intelligence information which includes domains URLs and MD5's that also includes raw cybercrime forum information or actual copies of a cybercrime friendly forum community for the purpose of building a capacity driven threat intelligence program in terms of profiling and applying basic cyber attack attribution methodologies is to have a well trained staff force which could easily and efficiently obtain access to both real-time current and historical threat intelligence information using proprietary and publicly accessible sources for the purpose of enriching the information and actually coming up with new and novel research and cyber attack trends analysis.

The processing phrase consists of actively selecting processing tools and methodologies for the purpose of setting the foundations for a successful processing of the data. The processing phase consists of actively processing the threat intelligence gathering collected data for the purpose of establishing the foundations for a successful processing of the data. The processing phase consists of collecting the processed data for the purpose of establishing the foundations for a successful processing of the collected data for the purpose of processing and enriching the processed data. The processing phase consists of active collection enrichment and processing of the collected data for the purpose of active processing of the collected data. The processing phase consists of active selection of primary and secondary public and privately closed sources for the purpose of processing the collected data for the purpose of enriching and processing the collected data. The processing phase consists of active real-time aggregation of actionable threat intelligence data for the purpose of establishing the foundations of active processing and enrichment of the processed data for the purpose of processing and enriching of the processed data.

What analysts should keep in mind when doing threat intelligence processing is the relevance and timeliness of the actual information including the quality of the source including public and proprietary sources where the analysts should keep in mind that a huge portion of the information that could properly protect an enterprise or a vendor online is already publicly accessible and should be properly processed including possibly enriched in terms of coming up with the big picture in terms of the actual information including to come up with novel and new cyber attack attribution research. Sticking to major threat intelligence sharing and dissemination standards should be crucial in terms of feeding the publicly accessible and processed information into a threat intelligence processing system that also includes a cyber attack attribution process for the purpose of coming up with new and novel research including actual cyber attack attribution research using a researcher's or an organization's own methodology.

The dissemination phase consists of active processing and dissemination of the processed data for the purpose of communicating the actionable intelligence for the purpose of ensuring that an organizations defense is actively aware of the threats facing its infrastructure and security defense mechanisms. The dissemination phase consists of active distribution of the processed and enriched actionable intelligence for the purpose of active dissemination of the processed and enriched data. The dissemination phase consists of active dissemination and enrichment of the processed data for the purpose of establishing the foundations of an active threat intelligence gathering process. The dissemination phase consists of active communication and distribution of the processed and enriched data for the purpose of communicating the processed and enriched data across the organizations security defense mechanisms.

What analysts should keep in mind when disseminating threat intelligence is to always reach out to the proper parties including as many sources of information as possible for the purpose of presenting their research and information to the security industry industry and the security community in an in-depth enriched and properly processed way potentially assisting the security industry and the security community on its way to properly attribute a cyber attack or detect new cyber attack trends.

Threat Intelligence Methodologies

Numerous threat intelligence methodologies are currently available for an organization to take advantage of on its way to properly secure its infrastructure taking into consideration a proactive security response. Among the most common data acquisition strategies remains the active data acquisition through forum and communities monitoring including the active monitoring of private forums and communities. Carefully selecting and primary and secondary sources of information is crucial for maintaining the necessary situational awareness to stay ahead of threat facing the organizations infrastructure including the establishment of an active response through an active threat intelligence gathering program. Among the most common threat intelligence acquisition methodologies remains the active data acquisition through primary and secondary forums and communities including the data acquisition through private and secondary community based type of acquisition platforms.

Among the most common threat intelligence data acquisition strategies remains the active team collaboration in terms of data acquisition data processing and data dissemination for the purpose of establishing an active organizations security response proactively responding to the threats facing an organizations infrastructure. Among the most common data acquisition strategies in terms of threat intelligence gathering methodologies remains the active enrichment of the sources of information to include a variety of primary and secondary sources including private and community based primary and secondary sources.

Proactive Threat Intelligence Methodologies

Anticipating the emerging threat landscape greatly ensures an organizations successful implementation of a proactive security type of defense ensuring that an organizations security defense remains properly protected from the threats facing its infrastructure. Properly understanding the threat landscape greatly ensures that a proactive response can be properly implemented for the purpose of ensuring that an organizations security defense remains properly protected from the threats facing its infrastructure. Taking into consideration the data obtained through an active threat intelligence gathering program greatly ensures that a proactive security response can be adequately implemented to ensure that an organizations security defense remains properly protected from the threats facing its infrastructure.

Among the most common threat acquisition tactics remains the active understanding of the threats facing an organizations security infrastructure to ensure that an adequate response can be properly implemented ensuring that an organizations defense remains properly protected from the threats facing its infrastructure. Among the most common threat intelligence gathering methodologies remains the active team collaboration to ensure that an active enrichment process can be properly implemented further ensuring that an organizations defense can be properly protected from the threats facing its infrastructure. Based on the information acquired through an active threat intelligence gathering acquisition processing and dissemination program further ensuring that an organizations infrastructure can be properly protected from the threats facing its infrastructure.

The Future of Threat Intelligence

The future of threat intelligence gathering largely relies on a successful set of threat intelligence gathering methodologies active data acquisition processing and dissemination strategies including the active enrichment of the processed data for the purpose of ensuring that an organizations security defense remains properly in place. The future of threat intelligence largely relies on the successful understanding of multiple threat vectors for the purpose of establishing an organizations security defense. Relying on a multi-tude of enrichment processes including the active establishment of an active threat intelligence gathering acquisition processing and dissemination program greatly ensures that a proactive team-oriented approach can be implemented to ensure that an organizations security defense remains properly protected from the threats facing its infrastructure.

----------------------

including the following second article which I've been working on in terms of using OSINT in combination with threat intelligence to do a better research online and actually come up with novel and never-published research and cyber threat actor research and analysis:

---------------------

00. Basics of OSINT in the Context of Fighting Cybercrime - The Definite Beginner's Guide

“What use are they? They’ve got over 40,000 people over there reading newspapers.” - President Nixon

This introductory guide into the world of OSINT is part of an upcoming series of articles aiming to assist both novice and experienced security practitioners including analysts for the purpose of entering the world of OSINT for cybercrime research and aims to offer a high-profile and never-published before practical and relevant in today’s nation-state and rogue cyber adversaries Internet and cybercrime ecosystem whose purpose general overview and introductory material and training course material for novice beginners including advanced Internet users hackers security consultants analysts including researchers who are interested in exploring the world of OSINT (Open Source Intelligence) for the purpose of making a difference doing their work in a better and more efficient way including to actually be fully capable and equipped to catch the bad guys online including to monitor and track them down to the point of building the big picture of their fraudulent and rogue online activities. The course including the actual learning and training material is courtesy of Dancho Danchev who is considered one of the most popular security bloggers threat intelligence analysts and cybercrime researchers internationally and within the security industry.

The primary purpose behind this guide is to summarize Dancho Danchev’s over a decade of active passive and active including actionable threat intelligence and OSINT research type of experience including cybercrime research type of experience where the ultimate goal would be to empower the student or the organization taking this course into better doing their online research work including to be fully capable of tracking down and monitoring the rogue and malicious online activities of the bad guys online where the ultimate goal would be to better position and enhance your cyber attack or malicious threat actor cyber campaign attribution skills ultimately improving your work activities and actually empowering you to learn how to do OSINT for good and most importantly to track down and monitor the bad guys.

Introduction

In a world dominated by sophisticated cybercrime gangs and nation-state sponsored and tolerated rogue cyber actors the use of OSINT (Open Source Intelligence) is crucial for building the big picture in the context of fighting cybercrime internationally including to actually "connect the dots" in the context of providing personally identifiable information to a closed-group and invite-only LE community including international Intelligence Agencies on their way to track down and prosecute the cybercriminals behind these campaigns.

In this training and learning material Dancho Danchev one of the security industry's most popular and high-value security blogger and cybercrime researcher will offer an in-depth peek inside the world of OSINT in the context of fighting cybercrime and will provide practical advice examples and case in particular on how he tracked down and shut down the infamous Koobface botnet and continued to supply never-published and released before potentially sensitive and classified information on new cyber threat actors which he continued to publish at his Dancho Danchev's blog.

Basics of OSINT

OSINT in the context of fighting cybercrime can be best described as the systematic and persistent use of public information for the purpose of building a cyber threat intelligence enriched data sets and intelligence databases both for real-time situational awareness and historical OSINT preservation purposes which also include to actually "connect the dots" in cybercrime gang and rogue cyber actor campaigns and cyber attack type of campaigns. A general example would consist of obtaining a single malicious software sample and using it on a public sandbox to further map the infrastructure of the cybercriminal behind it potentially exposing the big picture behind the campaign and connecting the dots behind their infrastructure which would lead to a multi-tude and variety of personally identifiable information getting exposed which could help build a proprietary cybercrime gang activity database and actually assist LE in tracking down the prosecuting the cybercriminals behind these campaigns.

"There's no such thing as new cyber threat actors. It's just new players adopting economic and marketing concepts to steal money and cause havoc online."

The primary idea here is to locate free and public online repositories of malicious software and to actually obtain a sample which will be later on used in a public sandbox for the purpose of mapping the Internet-connected infrastructure of the cybercrime gang in question including to actually elabore more on the ways they attempt to monetize the access to the compromised host including possibly ways in which they make money including to actually find out what exactly are they trying to compromise. Possible examples here include VirusTotal or actually running a malware interception honeypot such as for instance a spam trap which would allow you to intercept currently circulating in the wild malare campaigns that propagate using email and actually analyze them in terms of connecting the dots exposing their Internet-connected infrastructure and establishing the foundations for a successful career into the world of malicious software analysis and cybercrime research.

"Everything that can be seen is already there".

The next logical step would be to properly assess and analyze the recently obtained sample and to properly establish the foundation of a "connect the dots" culture within your organization where the primary goal would be to have researchers and analysts look for clues on their way to track down and monitor a specific campaign potentially coming up with new and novel cyber attack attribution research. Visualization is often the key to everything in terms of visualizing threats and looking for additional clues and possible cyber attack attribution clues where a popular visualization and threat analysis tool known as Maltego should come into play which basically offers an advanced and sophisticated way to process OSINT and cybercrime research and threat intelligence type of information and actually enrich it using public and proprietary sources of information for the purpose of establishing the big picture and actually connecting the dots for a specific cyber attack campaign.

Among the first things that you should consider before beginning your career in the World of OSINT is that everything that you need to know about a specific online event a specific online campaign that also includes the activities of the bad guys online is already out there in the form of publicly accessible information which should be only processed and enriched to the point where the big picture for a specific event or a malicious online campaign should be established using both qualitative and quantitative methodologies that also includes the process of obtaining access to the actual technical details and information behind a specific online event or an actual malicious and rogue online campaign.

Among the few key things to keep in mind when doing OSINT including actual OSINT for cyber attack and cyber campaign attack attribution is the fact that in 99% of the cases all the collection information that you need in terms of a specific case is already publicly known and is publicly accessible instead of having to obtain access to a private or a proprietary source of information and the only thing that you would have to do to obtain access to it is to use the World’s most popular search engine in terms of collection processing and enrichment.

The second most popular thing to keep in mind when doing OSINT is that you don’t need to obtain access to proprietary even public OSINT tools.

Current State of the Cybercrime Ecosystem

In 2021 a huge number of the threats facing the security industry including vendors and organizations online include RATs (Remote Access Tools) malicious software part of a larger bother malicious and fraudulent spam and phishing emails including client-side exploits and vulnerabilities which have the potential to exploit an organization or a vendor's end points for the purpose of dropping malware on the affected host including the rise of the ransomware threat which is basically an old fashioned academic concept known as cryptoviral extortion.

With more novice cybercriminals joining the underground ecosystem market segment largely driven by a set of newly emerged affiliate based revenue sharing fraudulent and malicious networks offering financial incentive for participation in a fraudulent scheme it shouldn't be surprising that more people are actually joining the cybercrime ecosystem potentially causing widespread damage and havoc online.

With cybercrime friendly forums continuing to proliferate it should be clearly evident that more people will eventually join these marketplaces potentially looking for new market segment propositions to take advantage of for the purpose of joining the cybercrime ecosystem and that more vendors will eventually continue to occupy and launch new underground forum market propositions for the purpose of promoting and looking for new clients for the services.

In a World dominated by a geopolitically relevant Internet cybercrime ecosystem it shouldn't be surpising that more international cybercrime gangs will eventually continue to launch new fraudulent and malicious spam and phishing campaigns that also includes malicious software campaigns for the purpose of earning fraudulent revenue.

With more affiliate based underground market segment based networks aiming to attract new uses where they would forward the risk for the actual infection process and fraudulent transaction to the actual user in exchange for offering access to sophisticated bulletproof infrastructure including advanced and sophisticated malware and ransomware releases it shouldn't be surprising that more people are actually joining these affiliate networks for the purpose of earning fraudulent revenue in the process of causing havoc and widespread disruption online.

---------------------

Overall I believe that the presentations from this event are worth watching and worth going through and I can't wait to actually participate in the Call for Papers for the upcoming virtual Summit.

Happy watching!

Continue reading →

This Blog Has a New Address! Bookmark Today!

Folks,

h0 h0 h0 - Xmas came earlier!

This is Dancho. Believe it or not the time has come to say goodbye to one of the security industry's most popular security publication since December, 2005 and actually let you know that I've successfully migrated this blog to a new Dark Web Onion address which is - http://iysxzy3z5qjtr5pipcuj5webwfrjnh7mvgb7jl5ki2iypvnj3j5u4pid.onion/ which I advise you to bookmark and check on a daily basis in terms of presenting new and novel research courtesy of me the way I've been doing it since December, 2005.

Stay tuned and bare with me! Visit it on a daily basis and stay tuned! Keep up the good work and keep it coming!

Image courtesy of a loyal fan reader.

Second image courtesy of me attending a private party.

Continue reading →

Continue reading →

Dancho Danchev's Comeback Livestream Today - Join me on Facebook Live!

Bookmark the link.

See you later today!

Stay tuned!

Continue reading →

The Myth of the APT (Advanced Persistent Threat) Term - An Analysis

Continue reading →

Who's on Twitter?

Folks,

Who's on Twitter? Follow me today.

Stay tuned!

Continue reading →

Dancho Danchev's Cybercrime Forum Data Set for 2019 and 2021 - Free Direct Download Link Available - Grab a Copy Today!

 

Continue reading →

Exposing a Currently Active Domain Portfolio Managed and Run by Cyber Jihadists - An OSINT Analysis

Continue reading →

Exposing Bulgarian Cyber Army Hacking Group - An OSINT Analysis

In this OSINT analysis I'll offer in-depth information and analysis of Bulgaria's Bulgarian Cyber Army including personally identifiable information on some of the key members behind the group for the purpose of assisting U.S Law Enforcement and the U.S Intelligence Community on its way to track down and prosecute the cybercriminals behind these campaigns.

EvilHack -> http://www.youtube.com/user/AnonymousEvilHack/about -> http://cyber-code.tk/ -> BG Cyber Army -> http://www.zone-h.org/archive/notifier=Bulgarian%20Cyber%20Army 

-> https://www.facebook.com/bgcyberarmy

Bca-group.org - Email: bca-group@mail.ru

BG Cyber Army - Cyber Root, Cyber King, iNCUBUS, JoKeR, MoonSpire

- [Pa3pyxA, FuckOFF, CyberKing, CyberLord]

CyberLord: cyberlordbg@mail.ru :: [OK]

[+] CyberKing: z3roc00l@mail.ru :: [OK]

Pa3pyxA: ra3pyxa@mail.ru

Anonymous BG's main forum URL: http://anonbg.info

Group member handles: rootheR_, Hades, NoTolerance, EvilHack, PsychoPatternz.

Forum postings for ID-ed member PsychoPatternz: http://anonbg.info/member.php?34-PsychoPatternz

Forum postings for ID-ed member EvilHack: http://anonbg.info/member.php?13-EvilHack

EvilHack's real name: Genadi

Skype: genadi_97

Skype: anonymous_evilhack

City: Veliko Turnovo or Tutrakan

Associated emails:

clangrf@abv.bg

genadi_100@abv.bg

anonyops@abv.bg

EvilHack@hmamail.com

evilhack000@gmail.com

evilhack@bk.ru

evil_hack@abv.bg

URL he maintains:

https://www.facebook.com/pages/EvilHack-Programs

http://anonymous-world.free.bg/page-8.html

http://web-dangerous.free.bg/page-9.html

http://evilhack-official.blogspot.com/

http://www.podariavam.com/user/GenadiD

PsychoPatternz's name: Asparuh Naydenov

City:: Plovdiv

Skype: asparuh1231

URLs he maintains:

http://psychopatternz.blogspot.com/

https://www.facebook.com/hakhz/timeline

Facebook profile:

https://www.facebook.com/Psychopatternz

EvilHack appears to be also a member of a newly emerged group, namely, Bulgarian Cyber Army.

Connection: EvilHack -> http://www.youtube.com/user/AnonymousEvilHack/about -> http://cyber-code.tk/ -> BG Cyber Army -> http://www.zone-h.org/archive/notifier=Bulgarian%20Cyber%20Army

-> https://www.facebook.com/bgcyberarmy

Official Web site: bca-group.org - Email: bca-group@mail.ru

Related group emails: bca-group@bk.ru; adrenalinovocs@abv.bg

Current members: Cyber Root, Cyber King, iNCUBUS, JoKeR, MoonSpire

Ex-members: Pa3pyxA, FuckOFF, CyberKing, CyberLord

Group members' associated emails:

CyberLord - cyberlordbg@mail.ru

CyberKing - z3roc00l@mail.ru

Pa3pyxA - ra3pyxa@mail.ru

Group's Name: Hack3D TeaM" or "MTH Soft

Facebook: https://www.facebook.com/hack3dteam;

https://www.facebook.com/bgworm.info

Vimeo account: http://vimeo.com/user16145338/videos

Forum: http://hakerstvo.informe.com/

Zone-H Archive: http://zone-h.org/archive/notifier=MaStErChO/page=1

Hackdb Archive: http://www.hack-db.com/hacker/r00tkit/all.html

Google Plus Profile: https://plus.google.com/104878573752624522053/photos

Group Members: r00tkit, MaStErChO AloneWolf, Sspdf11, razora911, Metalqear

Shout outs most commonly given to -- on the basis of multiple defaced

page assessments --MaStErHaCk, - RTFM -The Godfather-(tm)(R) PanteliX (R)(tm) -

(tm)W!PS(tm) - Tiger(tm) - Slackera - TraferA - 3ikmy - N3x0R.

Known group domains' reconnaissance:

hxxp://bgworm.com - Email: gudolik@gmail.com -  name: "Mastercho

Hoomie" same as the Google Plus account

hxxp://bgworm.info - historical WHOIS emails: Email: nikolas47@abv.bg;

Email: mahon-74@hotmail.com

Group member profile: Anton Nikolaev (MaStErChO)

Email: ludoto_93@abv.bg - email used from the forum's registration confirmation

Secondary email: ludoto_93@hotmail.com - Reference:

https://www.facebook.com/photo.php?fbid=327560933969442&set=a.325721410820061.74800.125466524178885&type=1

Skype: ko.ti.puka

Mobile: 0895373102

Second Mobile: 0887565357

Birth date: March 25, 1992 or 17 July, 1990

Sample Personal Photos of Bulgarian Cyber Army Team Members:

 

Stay tuned!

Continue reading →

Exposing Team Code Zero Hacking Group - An OSINT Analysis

In this post I'll provide personally identifiable information on some of the key members of the Team Code Zero hacking group with the idea to assist U.S Law Enforcement and the the U.S Intelligence Community on its way to track down and prosecute the cybercriminals behind these campaigns.

Related Zero for Owned Personal Domains and Web Sites:

http://sh0dan.org 

http://antilimit.net 

https://sinnerz.com 

https://codez.com 

Related Team Code Zero/Confidence Remains High Team Members:

- so1o

- helix

- xFli

- modeX

- Shok

- zer0x

- Spheroid

Related Personal Web Sites belonging to Team Code Zero Members:

http://www.aom.co.uk/total/ 

http://www.r0ot.org/crh/ 

http://www.rootshell.com 

http://insecurity.insecurity.org/codez/ 

Related personal emails belonging to Team Code Zero Members:

- dk@crackhouse.com 

- dz@acheron.net 

- domains4sale@usa.net 

- zen@sekurity.org 

Related personal Web sites belonging to Team Code Zero Members:

http://el8.netgates.co.uk 

http://www.mastaz.org/codezero/ 

http://ulticonn.dyndns.com/codezero/ 

Related personal email belonging to Team Code Zero Members:

Darkfool

darkfool@pancreas.com 

Related personal Web sites belonging to Team Code Zero Members:

http://insecurity.insecurity.org/codez/ 

http://www.r0ot.org 

http://www.exceed.net 

http://www.7thsphere.com/hpvac/hacking.html 

ftp://ftp.sekurity.org/users/so1o/ 

Related personal Web sites of Team Code Zero Members:

www.d-lab.com.ar/crh/ 

www.technotronic.com/ezines/crh/ 

http://cybrids.simplenet.com/Toast/files/CRH/ 

ftp.linuxwarez.com/pub/crh/ 

ftp.sekurity.org/users/so1o/ 

Related personal Web sites belonging to Team Code Zero Members:

http://www.d-lab.com.ar/sekret/warez/ 

http://www.d-lab.com.ar/mad/ 

http://www.d-lab.com.ar/crh/

Sample personal photos of Team Code Zero Members:

Stay tuned!

Continue reading →

Exposing 29A Virus Coding Group - An OSINT Analysis

In this analysis I'll provide personally identifiable information on some of the key members of the infamous 29A Virus Coding Group for the purpose of assisting U.S Law Enforcement and the U.S Intelligence Community on its way to track down and prosecute the cybercriminals behind these campaigns.

Personal email belonging to the group: 29A@sourceofkaos.com

Group's personal Web site: http://sourceofkaos.com/homes/29a/ 

Second group's Web Site: http://www.29a.net/ - Email: m0n305@terra.es

Personally identifiable information for GriYo: – Spain – Email: griyo@akrata.org - http://www.geocities.com/Area51/Corridor/2618 - Email: Dreamcatcher5072@aol.com - Email: griyo@hellsparty.com; griyo29A@hotmail.com- http://griyo.hellsparty.com - Email: griyo@bi0.net - https://twitter.com/griyo666- http://vxug.fakedoma.in - https://www.facebook.com/pg/djgriyo

Personal Emails belonging to 29A Team Members:

- Jacky Qwerty – Peru - jqwerty@cryogen.com

- Mental Driller – Spain - mental_driller@hotmail.com 

- Reptile - Canada - bwaha@hotmail.com

- SoPinky – Argentina - msopinky@hotmail.com 

- Super – Spain - super_29a@mixmail.com

- Tcp – Spain - tcp@cryogen.com

- Vecna – Brazil - vecna@antisocial.com

- VirusBuster – Spain - darknode@oninet.es - Email: virusbuster@terra.es

- Z0mbie – Russia - zloebuchij_zasrakomondohooy@usa.net

- Darkman - Denmark darkman@sourceofkaos.com

- roy g biv - iam_rgb@hotmail.com

Personally Identifiable Information for Benny:

Personal Web Site: http://benny29a.cjb.net; http://benny29a.kgb.cz; http://www.benny29a.com

Sample Personal Email: benny_29a@hushmail.com; benny@post.cz; benny_29a@privacyx.com

Related personal Web sites: http://benny.bloguje.cz; http://benny.hysteria.cz

ICQ – 123122556; 156892790; UnderNet.Org server, #vir, #virus, #vxers channels

Related personal Web sites for 29A Group Members:

- Alcopaul/[rRlf] http://alcopaul.cjb.net; alcopaul@cannabismail.com

- Benny/29A http://www.coderz.net/benny; benny@post.cz

- Mental Driller/29A mental_driller@notrix.net;  mental_driller@psynet.net; mental_driller@hotmail.com

- philet0ast3r/[rRlf] http://www.rRlf.de philet0ast3r@rRlf.de PhileT0ast3r@gmx.de

- ZeMacroKiller98 http://zemckiller98.multimania.com - http://membres.lycos.fr/zemckiller98 zebulon@softel.fr

- Vecna http://coderz.net/vecna

- VirusBuster http://virustradingcenter.cjb.net

- Z0MBiE http://z0mbie.host.sk http://forumer.com/bsodomon

- GriYo Spain griyo@hellsparty.com

- Ratter Czech Republic ratter@atlas.cz

- roy g biv iam_rgb@hotmail.com

- VirusBuster Spain virusbuster@terra.es

- Super super_29a@mixmail.com

Sample SNA (Social Network Analysis) Graph of 29A Virus Coding Group:

Stay tuned!

Continue reading →

Exposing HackPhreak Hacking Group - An OSINT Analysis

HackPhreak is a well known U.S based hacking group throughout the 90's which is known  to have been actively using IRC for the purpose of communicating and recruiting new members including its own Anti-Pedophile organization among the Internet's first community-driven organization to fight online child pornography launched by a popular and well-known hacking group including the following high-profile members of the group:

HackPhreak Group Members Include:

Bronc Buster, Lothos, Overdose, Truedog, x-empt, phriction, ntwakO, Gridmark, Phemetrix, Mnemonic, t0ucht0ne, muted, espionage, mercs, kanuchsa, Morbid Angel, Lucii, optiklenz, cap n crunch, tip, icer, sreality, Zyklon, havoc, HyperLogik, Defiant, Duncan Silver. Slfdstrct, lothos

Group's founder: Charlie Wellborne - rloxley@hackphreak.org

Personally identifiable information for Digital Ebola:

Digital Ebola - Email: digi@legions.org

AIM: digitalebola1

ICQ: 70001776

IRC: Undernet #legions, Efnet #ampedout

MUD: sensenet.legions.org port 5555

digi@wintermute.linux.tc

digi@wintermute.unixgeeks.com

Sample HackPhreak network infrastructure reconnaissance:

http://wintermute.legions.org - 66.12.11.162

http://neuromancer.legions.org - 66.12.11.171

http://cyberspace7.legions.org 

http://sensenet.legions.org

http://straylight.legions.org

http://monkeyboxing.legions.org - 66.12.11.170

http://boomzilla.legions.org

lhttp://uckydragon.legions.org - 66.12.11.172

http://walledcity.legions.org

http://aleph.legions.org

Sample Personal Emails belonging to HackPhreak members:

digi@wintermute.linux.tc, digi@wintermute.unixgeeks.com, digi@legions.org, ks@rmci.net, digi@linuxpron.com, fejed@legions.org, proto@legions.org, shekk@smurfs.com, wak0@legions.org, super@ce.net, threx@attrition.org, phric@legions.org, fejed@legions.org, threx@attrition.org, digi@legions.org, sodium@omega2.net, fejed@legions.org, godess@securityflaw.com, ntwako@legions.org, anonymous@legions.org, phric@legions.org,, CogitoESum@yahoo.com, ddfelts@ultravision.net, gimps@legions.org, gridmark@legions.org, davidj@wiretapped.net, dayzee@madsekci.net, clocker@adelphia.net, dayzee@madseckzi.net, flutterby_2001@hotmail.com, syntech@intraworldcom.net, j.p@b3ss13.ant10nl1ne.com, morbie@legions.org, pr00f@pr00f.org, cippa@hobbiton.org, beowulf3@telocity.com, adonis1@videotron.ca, alkinoos@project802.net, vecna@s0ftpj.org, cogitoesum@yahoo.com, ntwak0@safehack.com, archimedes@security-foundation.net, gridmark@planetmotherfucker.net, ruben@generation.nl, vecna@insertcoint.net, kiddish@hehe.com, blooddjinn@hotmail.com

Sample Personal Photos belonging to HackPhreak hacking group members:

Continue reading →

Cyber Intelligence - Personal Memoir - Dancho Danchev - 2021 - Download Free Copy Today!

Dear blog readers,

I've decided to share with you a direct free download copy of my personal memoir circa 2021.

Grab a copy here.

Stay tuned!

Continue reading →