Exposing the Warzone RAT (Remote Access Tool) Enterprise - An OSINT Analysis

0
February 28, 2024

This just in.

Here's the analysis.
 

 

 

 

hxxp://www.warzone.ws/

Personal emails: solmyr@warzone.ws; ebase03@hotmail.com

XMPP/Jabber ID: solmyr@xmpp.jp

Telegram: solwz; sammysamwarzone

Skype: vuln.hf

Facebook account: https://www.facebook.com/il.meli.5

Sample photos of Warzone RAT (Remote Access Tool):








Sample photos of Daniel Meli:









Continue reading →

From the "Dipshitness is Cool But Is It Relevant" Department?

0
February 26, 2024

From the "we' hate you. "We" don't want to see you. You don't exist and we don't want to see or hear anything about you department.

Cheers!

Continue reading →

The Troyan, Bulgaria Local Dipshit Leader Gipsy King That "Killed" Them All

0
February 26, 2024

Writing dipshit "poetry" and singing it "all" constitutes illegal and dipshit activity. Guess what? You're somehow supposed to be master of it.

Continue reading →

Profiling the xDedic Cybercrime Service Enterprise

0
February 26, 2024

My latest white paper for WhoisXML API.

The popular cybercrime-friendly xDedic service was recently shut down and in this analysis we’ll take an in-depth look inside the Internet-connected infrastructure of the xDedic cybercrime-friendly enterprise and will offer practical and relevant technical insights making it easier for fellow researchers vendors and law enforcement to keep track of their current and historical including upcoming online activities.

Sample domains:
hxxp://xdedic.biz
hxxp://xdedic.ac
hxxp://xdedic.tk

Known responding IPs:
194.12.255.28
81.25.59.80
125.209.101.190
41.74.66.229
186.2.163.126
91.220.101.43
41.164.71.116
104.21.31.62
172.67.175.56
104.31.84.191
104.31.85.191
185.214.10.111
93.158.215.185
87.236.215.18
5.135.26.102
176.123.6.191

Personally identifiable information:
Email: support@xdedic.biz, abuse@xdedic.ac
Jabber Supports: support@xdedic.tk, support2@xdedic.tk
ICQ 591-20-47

Related personally identifiable information:

support@e-investhost.com

Name Server: NS1.E-INVESTHOST.COM
Name Server: NS10.E-INVESTHOST.COM
Name Server: NS2.E-INVESTHOST.COM
Name Server: NS20.E-INVESTHOST.COM
Name Server: NS21.E-INVESTHOST.COM
Name Server: NS3.E-INVESTHOST.COM
Name Server: NS4.E-INVESTHOST.COM
Name Server: NS5.E-INVESTHOST.COM
Name Server: NS6.E-INVESTHOST.COM
Name Server: NS7.E-INVESTHOST.COM
Name Server: NS8.E-INVESTHOST.COM
Name Server: NS9.E-INVESTHOST.COM

Current related domain registrations:
infox.sg
getmobiledevices.com
trustpharms.com
start55555.com
elevrus24.com

Known responding IPs:
141.105.69.219
80.93.188.78
158.255.1.56
88.208.35.36
88.208.57.120
188.126.76.59
46.229.164.15
185.26.230.134
62.152.53.50
209.99.40.222
103.18.40.182

Historic related domain registrations:
mstroy.pro
viagraovernightdelivery.biz
kuechenmarkt.moscow
baf.moscow
xdedic.biz
kurgan-45.info
rrwiki.biz
legioneer.biz

Known responding IPs:
209.99.40.219
104.21.31.62
172.67.175.56
74.220.207.139
5.135.26.102
91.220.101.43
104.31.84.191
104.31.85.191
41.164.71.116
194.12.255.28
81.25.59.80
125.209.101.190
41.74.66.229
186.2.163.126
185.84.110.74
185.84.110.75
185.84.110.72
185.84.110.73
185.84.110.70
185.84.110.71
185.84.110.65
185.84.110.66
185.84.110.84
185.84.110.85
185.84.110.82
185.84.110.83

Related domain registrations:

xdedic.biz
wertor.info
adminin.mobi
swap-money.biz
fedumps.pro
gossipgel.com
viagra-purchase.org
goodfinance-blog.com
q-seo.biz
ed-generics-online.com
hotnpapers.com
buycytotecnow.com
pharmaplus.biz
buyingamoxicillin.com
buyingclomid.com
amtrustpills.com
site-in-top.biz
omerta.cc
xdedic.biz
wertor.info
adminin.mobi
ed-generics-online.com
buycytotecnow.com
swap-money.biz
fedumps.pro
gossipgel.com
viagra-purchase.org
goodfinance-blog.com
q-seo.biz
pharmaplus.biz

Known responding IPs:

91.195.240.117
193.187.128.22
18.215.128.143
193.187.128.60
52.4.209.250
149.202.225.167
18.213.250.117
91.227.18.166
172.67.164.204
194.190.153.138
104.31.70.227
212.47.196.170
195.140.147.9
104.31.71.227
51.161.1.45
89.111.178.107
45.156.119.4
209.99.40.220
40.117.174.224
89.111.176.101
178.154.240.197
89.111.176.224
194.85.61.76
38.11.201.106
38.165.108.130
204.12.207.178
192.151.154.52
104.21.31.62
156.253.118.74
186.2.163.126
5.135.26.102
91.220.101.43
172.67.175.56
119.28.6.251
104.31.84.191
72.52.178.23
104.31.85.191
150.95.54.165
41.164.71.116
150.95.255.38
194.12.255.28
185.28.193.195
81.25.59.80
159.253.25.197
125.209.101.190
159.253.28.197
41.74.66.229
187.134.45.172
89.35.39.50
190.133.29.139
209.99.40.223
189.245.138.156
141.8.224.169
187.204.88.251
91.237.88.232
201.119.124.139
186.50.114.86
201.119.9.63
186.48.59.8
170.178.183.18
103.224.182.242
75.2.18.233
165.3.150.34
154.221.230.198
169.148.17.239
154.201.195.229
179.25.249.159
155.159.237.68
2.88.87.18
160.124.92.248
186.50.124.35
15.197.210.240
178.73.236.178
210.230.244.170
141.8.224.93
91.209.77.20
188.120.239.86
184.168.221.55
208.91.197.206
185.53.179.8
141.8.224.183
85.114.137.19
52.200.243.123
52.20.104.240
52.71.117.99
107.23.160.218
162.214.81.12
103.50.163.86
52.71.185.125
52.6.86.86
54.210.33.190
54.236.123.224
107.23.198.240
52.4.72.137
23.20.239.12
54.174.212.152
54.208.174.161

Continue reading →

Conti Ransomware Gang's Russia-Based Music Album Labels and Plastika Recording Studio - An OSINT Analysis

0
February 24, 2024

I recently came across to another image courtesy of Conti ransomware gang's internal and publicly accessible leaked communication which I data mined with the idea to come up with a proper analysis and connect the dots which in this case appear that a member of the Conti ransomware gang who's responsible for their advertising and marketing creative is also busy doing advertising and marketing creative for other clients companies and organizations in this specific case Russia-based rap and hip artists and their album covers.

Is this the case? Let's find out.


Original Russia-based Artist album cover screenshot found by data mining Conti ransomware gang's publicly accessible leaked internal communication

Original Russian Music Artist SAYTEE SAI - Nikita Zharinov – Born on10 January 2002 - hxxp://vk.com/kidsocial Album Cover Part of the PLASTIKA Russia-Based Recording Studio

Sample personal photos of Nikita Zharinov:





Artwork courtesy of: W8D8DIGITAL - hxxp://www.instagram.com/w8d8w8d8/

hxxp://vk.com/w8d8w8d8 -> hxxp://vk.com/lungo999 -> Alexey Plyushkin - Born - 11 April 1994


Related images:


Sample personal photos of the owner and the advertising and marketing creative developer for the album cover – W8D8DIGITAL:






Sample photo of Flowers a Capella recording studio also based on the same address:


Sample personal photo of Oleg Dyachenko:

Sample personal photo of Oleg Khruschev:

 

Flowers a Capella -> Oleg Dyachenko - Born 10 February -> hxxp://vk.com/where.oreo; hxxp://vk.com/id234109753

Олег Хрущев - Born 14 February -> hxxp://vk.com/lezhatpluslezhat; hxxp://vk.com/id166833144 (Oleg Khruschev)

+7 (912) 629-76-36

улица Кирова, 9, Екатеринбург

hxxp://t.me/flowersacapellastudio -> hxxp://t.me/kreasttik

hxxp://vk.com/whoisplutok9

hxxp://vk.com/id654906170 -> hxxp://vk.com/flowers.since2023


Continue reading →
Subscribe to: Comments (Atom)