Who wants to chat privately with me? I'm using OMEMO. My XMPP ID: ddanchev@conversations.im and this is my OTR danchodanchev@xmpp.jp
Continue reading →
The power of OSINT and real-time OSINT which has been my methodology since December, 2005 when I originally launched this blog? Check out the following analysis courtesy of me which details in-depth who's behind the Conti Ransomware Gang and the Trickbot cybercrime enterprise using exclusively and entirely public sources of information in combination with my real-time OSINT methodology hence the results.
LiamNeeson@jabber.ru
arb_reserved@ubuntu-jabber.de
battletoad@jabbim.sk
begemot_sun@jabber.ru
crazy_digger@jabber.ru
gfh6776@jabb.im
ivanalert@jabber.ru
landslide@jabb.im
new_henry@jabber.cz
scopehope@jabb.im
ugly@1jabber.com
valerius2k@jabber.ru
vdx17@jabber.ru
337788@exploit.im
asteradminn@sure.im
benalen@exploit.im
bio@yax.im
crunch@exploit.im
daiverjm@exploit.im
dmanager@exploit.im
fuckUSAhahaha@exploit.im
fuckusa@exploit.im
gfh6776@jabb.im
goldcoin@exploit.im
jackiedugn@exploit.im
landslide@jabb.im
martiniden123@exploit.im
mr_loki@exploit.im
posi_tron@exploit.im
pravdazanami@exploit.im
rob0660@conversations.im
scopehope@jabb.im
soulst@exploit.im
time_t@exploit.im
trqa23rt@exploit.im
volhvb@exploit.im
yastreb@exploit.im
SamCodeSign@xmpp.jp
alieelu@xmpp.jp
baton@xmpp.jp
batono@xmpp.jp
benalien@xmpp.jp
cosm123@xmpp.jp
graddds@xmpp.jp
guliver@xmpp.sh
liamliam@xmpp.jpohmygod728@xmpp.jp
It gets even better with the recent OFAC sanctions that also mention several interesting email address accounts:
volhvb@mail.ru
volhvb@live.ru
volhvb@yandex.ru
volhvb@gmail.com
rfonin@gmail.com
mfonin@jabber.ru
tsarev89@gmail.com
megaprof@gmail.com
refflex@gmail.com
It gets even more interesting when we dig a little bit deeper and find related domain registrations associated with these email address accounts.
For instance we have hxxp://baikal-tour.su which is a travel agency and hxxp://kurochkina.com which is Ekaterina Kurochkina who is a fashion photographer currently known as Valentina Ushenina currently a training instructor at the PortDeBras company where we have the same domains registered by a known individual on the Conti Ransomware Gang's sanctions list (megaprof@gmail.com).
We also have a Google Play application (hxxp://play.google.com/store/apps/details?id=com.WSCards.RSP&&gl=US) that also points to (hxxp://finters.su) which stands for an international sports organization.
Personally identifiable information on Valentina Ushenina include:
Skype: valentinatigra
hxxp://vk.com/id3151577
Email: kyrochkina.sug@mail.ru; tkanikurik@yahoo.com
Sample photos of Valentina Ushenina include:
All known domains known to have been registered by megaprof@gmail.com include:
hxxp://artfreegallery.us
hxxp://artfreegallery.com
hxxp://kurochkina.com
hxxp://s23.su
hxxp://baikal-tour.su
hxxp://finters.su
All known domains known to have been registered by tsarev89@gmail.com include:
hxxp://art-deko.biz
hxxp://serpwomanhealth.info
hxxp://avtofortuna.info
hxxp://knigodvor.info
hxxp://alkommet.com
hxxp://art-deko.info
Stay tuned!
Continue reading →
Is it a King or it Gypsy? No, it's Yavor Kolev. Gypsy Kings to the bottom of your brain's out.
Stay tuned!
Continue reading →
A Psychological Profile of Nicolay Sabchev/Nikolay Subchev Troyan, Bulgarian, A Wannabe Psychedelic Trance DJ - Part of the "Local Diships Gang" - From the Awesome But I Smell Like Dipshit Department - An Analysis
0
This is from the "I sincerely apologies for this post but you robbed beated and home molested me and stole $85,000 with your savages friends from your and my hometown Troyan, Bulgaria without anyone knowing that also includes the police" department post.
Does it smell like dipships in Bulgaria or does it smells like dipshits in Bulgaria? Appreciate my rhetoric. It does but exactly where it does - in the toilet.
T-Shirt - $1
Haircut - $1
Equipment - $1
Sample photos:
Total amount owed during the years for existence that's so cool that cannot be appreciated due to logical and low life unappreciated existence where even nature cannot help you to "get high" - $0. How come?
That's life.
Continue reading →
Dear folks. I'm about to get featured in a very prestigious cyber security magazine in a very prestigious edition. Unfortunately as I'm slowly transitioning into becoming an independent contractor again where most and the best of my research comes from I'm practically broke and I might need your assistance here. Anyone up to assist and support me here? Drop me a line and I'll explain - dancho.danchev@hush.com
Stay tuned!
Continue reading →
Re-defining the basics of real-time OSINT?
Here's how it's done. Obtain quick access to a recently leaked internal communication courtesy of a major ransomware gang. Quickly attempt to data mine it looking for personally identifiable email address accounts and URLs then automatically visit these URLs and produce and publish high quality analysis on who's behind the Conti Ransomware Gang.
Here's the analysis:
Leylo Fashion Brand
Top Management:
Danil Ermolaev
ДАНИЛ ЕРМОЛАЕВ
hxxp://vk.com/id4874860
Birthday: 7 August 1989
Maria Ermolaeva
hxxp://vk.com/id7326657
Birthday: 5 July
Благотворительный Фонд «Импульс к жизни»
hxxp://impulse-life.ru
- ТАМИЛА КЕРИМОВА - ВИЦЕ-ПРЕЗИДЕНТ БФ
- Birthday: 4 April 1986
- hxxp://vk.com/id6515862
- Planet for beauty and development
- Планета за красоту и развитие
- ЛЕЧИ САИДОВИЧ БАКАНАЕВ - ВИЦЕ-ПРЕЗИДЕНТ БФ
- АЛЕКСАНДР ШИЛОВ - ПРЕДСЕДАТЕЛЬ ПОПЕЧИТЕЛЬСКОГО СОВЕТА
- Председатель-Попечительского-совета
Ирина Верхуша
- ĥxxp://irinaverhusha.com
Тел: +7 926 536-63-68
Email: impulse.life2020@gmail.com
Related photos:
Stay tuned!
Continue reading →
Folks,
I've recently joined Abuse.ch's Malware Bazaar Platform with the idea to share my actionable intelligence with the rest of the security community on a daily basis.
Sample photos:
Subscribe to:
Comments (Atom)
RSS Feed