MP3 Training Audio Compilation

Dear blog readers,

I've decided to share with everyone a recently made available MP3 audio training compilation on the topic of OSINT cybercrime research and threat intelligence which you can check out here.

Stay tuned.

How I Tracked Down the Conti Ransomware Gang? - Video Demonstration

Dear blog readers,

I've decided to share with everyone a recently recorded video on the topic of "How I Tracked Down the Conti Ransomware Gang?" which is also available here.

Enjoy.

Exposing Bulgaria's Emil Kyulev/RansomedVC/Magadans/BorisTulev/BlackForums/ImpotentNaEvropa/Everest Ransomware Group/DADS Agency - An OSINT Analysis

Dear blog readers,

I've decided to share some OSINT notes on Bulgaria's Emil Kyulev.

Sample network assets reconnaissance:

e[.]kyulev[[.]]protonmail[.]com

hxxp://magadans[.]net

14cbx34hgJYN1iyFvT4PsCxKVsGDuZi5pR

0x0837a9df92d68505ceba32fb540475e29fbf29ff

hxxp://magadans23[.]com

hxxp://magadans23[.]info 

hxxp://magadans23[.]net

admin[[.]]ransomed[.]vc

hxxp://t[.]me/RansomedSupport

hxxp://k63fo4qmdnl4cbt54sso3g6s5ycw7gf7i6nvxl3wcf3u6la2mlawt5qd[.]onion/

hxxp://f6amq3izzsgtna4vw24rpyhy3ofwazlgex2zqdssavevvkklmtudxjad[.]onion/

TOX: 192D52C7C18F3D2693ED2453E64C53EC0CCF0255AB2291F019B65BA84442B313C410DE132E59

hxxp://twitter[.]com/RansomedVC

hxxp://t[.]me/USISAutoLookupBot

hxxp://breached[.]wiki - 172[.]232[.]4[.]89

hxxp://breached[.]fun - 162[.]255[.]119[.]114

ransomed[.]nigge[.]rs

BorisTulev

hxxp://t[.]me/s/[.]EOMLOL

hxxp://blackforums[.]net

impotentnaevropa

threasec[.]]xmpp[.]jp

hxxp://t[.]me/s/RansomedSupport

bc1qg07auf7efld3edzyjs2wqztaky39xjdyk0uprj

bc1qqc7nla44te4wxyvf9j7zxtc5q296sxn94k6v00

bc1qwv6hg860mf9g0at8fe64nsswa2pa73vgd9tvj5

bc1qqc7nla44te4wxyvf9j7zxtc5q296sxn94k6v00

everestgrp[.]exploit[.]im

everestgrp[.]thesecure[.]biz

everbe[.]airmail[.]cc

everest[.]airmail[.]cc

notopen[.]cock[.]li

eV3rbe[.]rape[.]lol

thunderhelp[.]airmail[.]cc

everestblog[.]airmail[.]cc

everestblog[.]cock[.]li

decryptors[.]xmpp[.]is

Raznatovic

hxxp://ransomed[.]biz

hxxp://t[.]me/s/ransomed_middleman

Tigers of Arkan

Raznatovic Channel

RaznatovicAdmin

hxxp://t[.]me/s/RaznatovicAdmin

Hriste Boze

hxxp://exposed[.]vc

Impotent

kmeta

kmetanaevropa

promise

creeper

pulpo

hanakobuta

hristeeboje

185[.]246[.]222[.]28

bankmanagers

ransomed[.]danwin1210[.]de

rfadmin[.]thesecure[.]biz

192D52C7C18F3D2693ED2453E64C53EC0CCF0

255AB2291F019B65BA84442B313C410DE132E59

ransomedSec

HristeeBoje

HanaKobuta

impotent[.]thesecure[.]biz

Mariamagdalena1337[.]mailfence[.]com

209[.]141[.]58[.]150

hxxp://rinse-right[.]com

hxxp://rancorpbr[.]com

hxxp://rancorp[.]net

hxxp://ransom-market[.]com

hxxp://ransomedtools[.]online

hxxp://pennywiseretail[.]com

hxxp://rancorpav[.]com

hxxp://openrangemgmt[.]com

hxxp://selectwindows[.]ca - Email: rancorp@shaw[.]ca

hxxp://preferredloansla[.]com

hxxp://rancorpgroup[.]com

blackforums[.]net@gmail[.]com

hxxp://flighthk[.]com

rifkyrev98[.]gmail[.]com

hxxp://worlddating[.]xyz

hxxp://orbpanel[.]xyz

hxxp://permanawfx[.]xyz

hxxp://free-mail[.]xyz

hxxp://slinku[.]xyz

hxxp://pressfly[.]online

hxxp://redpay[.]online

hxxp://omanexpress[.]xyz

hxxp://accounttelekom[.]xyz

hxxp://point-teleko[.]xyz

hxxp://telekobalance[.]xyz

hxxp://omandhl[.]xyz

Leading Company in Digital Peace Tax

hxxp://blackforums[.]net

hxxp://tulach[.]cc

Teodor Iliev

MAGADANS

#МълчаниетоСвърши

#НиеСмеСилата

#ВъзмездиетоИдва

State Agency for Digital Peace

Exposing Bulgaria's Ruja Ignatova's OneCoin Cryptocurrency Internet-Connected Infrastructure - An Analysis

UPDATE: I just added an additional set of details and information obtained using public sources.

Personal email: rujaignatova[.]hotmail.com

hxxp://rujaignatova.eu/

hxxp://drrujaignatova.com

hxxp://www.youtube.com/rujaignatova

hxxp://x.com/rujaignatova

hxxp://x.com/RoujaNoir

hxxp://www.facebook.com/ruja.ignatova.1

hxxp://www.pinterest.com/rujaignatova/ruja-ignatova/

hxxp://rujaignatova.blogspot.coma

hxxp://www.tumblr.com/rujaignatova

hxxp://rujaignatova.weebly.com/

hxxp://rujaignatova.wordpress.com 

hxxp://www.slideshare.net/rujaignatova

hxxp://rujaignatova.livejournal.com/

Related photos:

Related URLs known to have been involved in the campaign include:

hxxp://onecoin.eu/signup/Artsaw

hxxp://onecoin.eu/signup/Bestcoin88/

hxxp://onecoin.eu/signup/Douglashoe

hxxp://onecoin.eu/signup/Emin2016

hxxp://onecoin.eu/signup/FernandoPaz

hxxp://onecoin.eu/signup/Filouius/

hxxp://onecoin.eu/signup/FreedomRocks

hxxp://onecoin.eu/signup/FreedomRocks

hxxp://onecoin.eu/signup/HelenN

hxxp://onecoin.eu/signup/Ikomcoin

hxxp://onecoin.eu/signup/KMArms

hxxp://onecoin.eu/signup/Kokudo

hxxp://onecoin.eu/signup/Markus1990

hxxp://onecoin.eu/signup/Morpheus69

hxxp://onecoin.eu/signup/Nikemoney57

hxxp://onecoin.eu/signup/OneFutureNitro

hxxp://onecoin.eu/signup/Silberberg

hxxp://onecoin.eu/signup/TwoCryptoLords

hxxp://onecoin.eu/signup/TwoCryptoLords

hxxp://onecoin.eu/signup/Valitys

hxxp://onecoin.eu/signup/account

hxxp://onecoin.eu/signup/allnova/

hxxp://onecoin.eu/signup/amb2

hxxp://onecoin.eu/signup/arastar

hxxp://onecoin.eu/signup/bigmoneylloyd

hxxp://onecoin.eu/signup/boesi666

hxxp://onecoin.eu/signup/brandongonzales022

hxxp://onecoin.eu/signup/businessdot

hxxp://onecoin.eu/signup/cimpalex/

hxxp://onecoin.eu/signup/cjn881

hxxp://onecoin.eu/signup/cln2204

hxxp://onecoin.eu/signup/coinday

hxxp://onecoin.eu/signup/conligusglobal

hxxp://onecoin.eu/signup/douglasone

hxxp://onecoin.eu/signup/emmanuel26

hxxp://onecoin.eu/signup/eniway/

hxxp://onecoin.eu/signup/franvar/

hxxp://onecoin.eu/signup/freesignup

hxxp://onecoin.eu/signup/frische

hxxp://onecoin.eu/signup/glorynow

hxxp://onecoin.eu/signup/granlord

hxxp://onecoin.eu/signup/headway

hxxp://onecoin.eu/signup/ilona888

hxxp://onecoin.eu/signup/jalgirdas

hxxp://onecoin.eu/signup/jupe

hxxp://onecoin.eu/signup/juvencio

hxxp://onecoin.eu/signup/jx123456

hxxp://onecoin.eu/signup/leotaurus

hxxp://onecoin.eu/signup/loveofmoney

hxxp://onecoin.eu/signup/loveofmoney

hxxp://onecoin.eu/signup/lza100

hxxp://onecoin.eu/signup/meneghini

hxxp://onecoin.eu/signup/mikel1

hxxp://onecoin.eu/signup/mikel1

hxxp://onecoin.eu/signup/mjlipsey1959

hxxp://onecoin.eu/signup/monicajackson

hxxp://onecoin.eu/signup/naturinost

hxxp://onecoin.eu/signup/netgain

hxxp://onecoin.eu/signup/prosperityteam

hxxp://onecoin.eu/signup/redapga1946

hxxp://onecoin.eu/signup/redapga1946

hxxp://onecoin.eu/signup/revel

hxxp://onecoin.eu/signup/rich2help888

hxxp://onecoin.eu/signup/rocco

hxxp://onecoin.eu/signup/sanji1

hxxp://onecoin.eu/signup/slavagold

hxxp://onecoin.eu/signup/sultan1

hxxp://onecoin.eu/signup/suomi

hxxp://onecoin.eu/signup/thetraveler

hxxp://onecoin.eu/signup/tovarco1

hxxp://onecoin.eu/signup/tyiviah

hxxp://onecoin.eu/signup/vassileva55

hxxp://onecoin.eu/signup/xrflex

hxxp://onecoin.eu/signup/1eugen1

hxxp://onecoin.eu/signup/2polmaks

hxxp://onecoin.eu/signup/EDSONCOOL

hxxp://onecoin.eu/signup/FRDS1

hxxp://onecoin.eu/signup/Ginaspider

hxxp://onecoin.eu/signup/Hope4U

hxxp://onecoin.eu/signup/Kristinaup

hxxp://onecoin.eu/signup/LjLifestyle

hxxp://onecoin.eu/signup/Master021

hxxp://onecoin.eu/signup/Master21

hxxp://onecoin.eu/signup/Master22

hxxp://onecoin.eu/signup/Moneyrabbit

hxxp://onecoin.eu/signup/ROBett

hxxp://onecoin.eu/signup/Rosado1

hxxp://onecoin.eu/signup/Saunaseppo1

hxxp://onecoin.eu/signup/Sonnenschein24

hxxp://onecoin.eu/signup/Thomasw71

hxxp://onecoin.eu/signup/Youhim

hxxp://onecoin.eu/signup/alespavsic

hxxp://onecoin.eu/signup/angels001

hxxp://onecoin.eu/signup/arasan30071989

hxxp://onecoin.eu/signup/ardna888

hxxp://onecoin.eu/signup/arunk7448

hxxp://onecoin.eu/signup/bagosrg

hxxp://onecoin.eu/signup/bcjenterprises3

hxxp://onecoin.eu/signup/bricediamant

hxxp://onecoin.eu/signup/cisar72

hxxp://onecoin.eu/signup/dalma1

hxxp://onecoin.eu/signup/davil

hxxp://onecoin.eu/signup/diamondcoin88

hxxp://onecoin.eu/signup/doomer

hxxp://onecoin.eu/signup/doubleclick

hxxp://onecoin.eu/signup/duinvestor

hxxp://onecoin.eu/signup/duksa

hxxp://onecoin.eu/signup/edwinmontoya

hxxp://onecoin.eu/signup/finlay1

hxxp://onecoin.eu/signup/gudzen

hxxp://onecoin.eu/signup/herbasanitatum

hxxp://onecoin.eu/signup/jeffhsu0908

hxxp://onecoin.eu/signup/jeffpb1

hxxp://onecoin.eu/signup/jhernandez61

hxxp://onecoin.eu/signup/kimovich2015

hxxp://onecoin.eu/signup/koubayb

hxxp://onecoin.eu/signup/loulou2706

hxxp://onecoin.eu/signup/mundialone

hxxp://onecoin.eu/signup/murbank

hxxp://onecoin.eu/signup/ninel555

hxxp://onecoin.eu/signup/oczahid777

hxxp://onecoin.eu/signup/onecoinsf01

hxxp://onecoin.eu/signup/parlik777

hxxp://onecoin.eu/signup/ravi5feb

hxxp://onecoin.eu/signup/rosanacgazzotto

hxxp://onecoin.eu/signup/sahara396

hxxp://onecoin.eu/signup/satoshi

hxxp://onecoin.eu/signup/sebasone

hxxp://onecoin.eu/signup/skorpio7skorpio

hxxp://onecoin.eu/signup/sliuda2205

hxxp://onecoin.eu/signup/sol17

hxxp://onecoin.eu/signup/spezialcoin

hxxp://onecoin.eu/signup/superuwe

hxxp://onecoin.eu/signup/svetagorinvest

hxxp://onecoin.eu/signup/topcats

hxxp://onecoin.eu/signup/tturihamwe

hxxp://onecoin.eu/signup/ucantwo

hxxp://onecoin.eu/signup/vsvasvs

hxxp://onecoin.eu/signup/xopr4

hxxp://onecoin.eu/signup/yudi01

hxxp://onecoin.eu/signup/zirbenhof

hxxp://www.onecoin.eu/signup/1coinsuk

hxxp://www.onecoin.eu/signup/AlShea

hxxp://www.onecoin.eu/signup/Alishahid1

hxxp://www.onecoin.eu/signup/Butchong

hxxp://www.onecoin.eu/signup/ChristianFunding

hxxp://www.onecoin.eu/signup/DanielW1

hxxp://www.onecoin.eu/signup/DrBreakThrough

hxxp://www.onecoin.eu/signup/DrBreakThrough

hxxp://www.onecoin.eu/signup/DrBreakThrough2

hxxp://www.onecoin.eu/signup/EstoniaOneCoin

hxxp://www.onecoin.eu/signup/Fast1

hxxp://www.onecoin.eu/signup/Fastforward1011

hxxp://www.onecoin.eu/signup/FreeMoney365

hxxp://www.onecoin.eu/signup/ImAntbPolo

hxxp://www.onecoin.eu/signup/ImAntbPolo

hxxp://www.onecoin.eu/signup/InGodWeTrust

hxxp://www.onecoin.eu/signup/IngresosOnline

hxxp://www.onecoin.eu/signup/KAUFKRAFTmoney

hxxp://www.onecoin.eu/signup/LakshmiEmpire

hxxp://www.onecoin.eu/signup/Livingfree7

hxxp://www.onecoin.eu/signup/Mehrwertkonto

hxxp://www.onecoin.eu/signup/Mrbeats

hxxp://www.onecoin.eu/signup/NaDiPh

hxxp://www.onecoin.eu/signup/Ohanna

hxxp://www.onecoin.eu/signup/OneFutureJeff

hxxp://www.onecoin.eu/signup/PEInvestments

hxxp://www.onecoin.eu/signup/PRIMAWORLD

hxxp://www.onecoin.eu/signup/ROBett

hxxp://www.onecoin.eu/signup/Rdon

hxxp://www.onecoin.eu/signup/ReachHigh

hxxp://www.onecoin.eu/signup/ReachHigh1

hxxp://www.onecoin.eu/signup/Rhino01

hxxp://www.onecoin.eu/signup/TheVision

hxxp://www.onecoin.eu/signup/Tradertomdotnet

hxxp://www.onecoin.eu/signup/WillieGold

hxxp://www.onecoin.eu/signup/achievesuccess

hxxp://www.onecoin.eu/signup/achievesuccess

hxxp://www.onecoin.eu/signup/addy2014

hxxp://www.onecoin.eu/signup/angel741

hxxp://www.onecoin.eu/signup/aquigano

hxxp://www.onecoin.eu/signup/autosmile

hxxp://www.onecoin.eu/signup/blazze

hxxp://www.onecoin.eu/signup/burmese

hxxp://www.onecoin.eu/signup/carmar12

hxxp://www.onecoin.eu/signup/datroni2t

hxxp://www.onecoin.eu/signup/derscheithauer

hxxp://www.onecoin.eu/signup/evgeniyaalp

hxxp://www.onecoin.eu/signup/freedompass777

hxxp://www.onecoin.eu/signup/geppy

hxxp://www.onecoin.eu/signup/groundlevel

hxxp://www.onecoin.eu/signup/h16888

hxxp://www.onecoin.eu/signup/iProfit

hxxp://www.onecoin.eu/signup/ilma43

hxxp://www.onecoin.eu/signup/jrb3

hxxp://www.onecoin.eu/signup/kharkhowa2

hxxp://www.onecoin.eu/signup/klaus1955

hxxp://www.onecoin.eu/signup/macitam

hxxp://www.onecoin.eu/signup/maximocoin1

hxxp://www.onecoin.eu/signup/maxwave

hxxp://www.onecoin.eu/signup/nrichunow

hxxp://www.onecoin.eu/signup/onecoin4u

hxxp://www.onecoin.eu/signup/online

hxxp://www.onecoin.eu/signup/onlinesecrets4

hxxp://www.onecoin.eu/signup/powerleg

hxxp://www.onecoin.eu/signup/renmei

hxxp://www.onecoin.eu/signup/robertdcoinsB

hxxp://www.onecoin.eu/signup/sandracielo

hxxp://www.onecoin.eu/signup/skibumfx

hxxp://www.onecoin.eu/signup/solidincomes

hxxp://www.onecoin.eu/signup/tamaybee

hxxp://www.onecoin.eu/signup/trevorweir

hxxp://www.onecoin.eu/signup/umsatznavigator

hxxp://www.onecoin.eu/signup/vapaa

hxxp://www.onecoin.eu/signup/wownetwork

hxxp://www.onecoin.eu/signup/zuzam

hxxp://www.onecoin.eu/signup/18268694217

hxxp://www.onecoin.eu/signup/30king

hxxp://www.onecoin.eu/signup/ACHIEVER

hxxp://www.onecoin.eu/signup/Arkad5

hxxp://www.onecoin.eu/signup/abypermata

hxxp://www.onecoin.eu/signup/alekstar

hxxp://www.onecoin.eu/signup/alex787

hxxp://www.onecoin.eu/signup/alexteam

hxxp://www.onecoin.eu/signup/allthatmoney

hxxp://www.onecoin.eu/signup/altera

hxxp://www.onecoin.eu/signup/amihur

hxxp://www.onecoin.eu/signup/amoisexy

hxxp://www.onecoin.eu/signup/angelschina

hxxp://www.onecoin.eu/signup/arisa

hxxp://www.onecoin.eu/signup/ashish12

hxxp://www.onecoin.eu/signup/autosmile

hxxp://www.onecoin.eu/signup/barzoy

hxxp://www.onecoin.eu/signup/bizzonline

hxxp://www.onecoin.eu/signup/cat2014

hxxp://www.onecoin.eu/signup/chinainvestor

hxxp://www.onecoin.eu/signup/chitownguy

hxxp://www.onecoin.eu/signup/comstar

Dear blog readers,

I just came across to this and I decided to jump in with research and expertise including a proper analysis on the topic.

Sample network infrastructure reconnaissance:

hxxp://onecoin.eu - Email: georgi[.]onelifecorp.eu

hxxp://onelife.eu

hxxp://oneecosystem.eu

hxxp://onecoincurrencycrypto.blogspot.com/

hxxp://oneacademy.eu

hxxp://oneworldfoundation.eu

Sample personal photos:

Sample personally identifiable email address accounts:

press[.]onecoin.eu

office[.]onecoin.eu

press[.]onelife.eu

info[.]onelife.eu

office[.]oneworldfoundation.eu

ruja[.]onecoin.eu

sebgreenwood[.]gmail.com

sgreenwood[.]loopium.com

irina[.]onecoin.eu

gery.bacheva[.]gmail.com

y.savova[.]onelifecorp.eu

whistleblower[.]onelifecorp.eu

ruja[.]onecoin.eu

lottaspjut[.]onecoin.eu

mashakaalison[.]onecoin.eu

Related personally identifiable email address accounts:

office[.]onecoin.eu – Head Office

press[.]onecoin.eu – OneCoin Press Department

support[.]onelife.eu – Support Department

compliance[.]onelife.eu – Compliance Department

info[.]oneacademy.eu – One Academy Information Department

office[.]oneworldfoundation.eu – One World Foundation Office

publicidadvmms[.]gmail.com

press[.]onecoin.eu

Sample social media accounts:

hxxp://twitter.com/powerqueen_NFT

hxxp://www.linkedin.com/in/lottaspjut/

hxxp://bg.linkedin.com/in/dr-ruja-ignatova-74417161

https://www.linkedin.com/in/mashaka-alison-6771b340/

Sample BitCoin wallet IDs:

BTC: bc1qyap59m06vpj3p0y9ur936kg65sl6u34nq59gqamamtx5k2t2yvmsq28fjn

USDT (TRC20): TTQ978jA7u8HoQdUUWeG1N36kwqiTjmTdy

Related social media accounts:

hxxp://www.facebook.com/onecoincompany/

hxxp://www.facebook.com/OneCoin-708913922526031/

hxxp://www.facebook.com/OneLifeOfficial/

hxxp://www.facebook.com/oneworldfoundation.eu

hxxp://www.onelife.eu/en/contacts

hxxp://www.oneacademy.eu

hxxp://www.facebook.com/onecoincompany

hxxp://www.facebook.com/DrRujaIgnatova.onecoin

hxxp://bg.linkedin.com/in/ruja-ignatova-83929a161

hxxp://www.linkedin.com/in/thesebastiangreenwood

hxxp://www.facebook.com/sebastiangreenwood.onecoin

hxxp://www.linkedin.com/in/currencycrypto

hxxp://x.com/onecoincurrency

hxxp://www.facebook.com/onecoinregister

hxxp://www.pinterest.com/onecoincrypto/

hxxp://www.facebook.com/OneCoinCurrencyCrypto/

hxxp://youtube.com/c/OneCoinOfficial

hxxp://www.flickr.com/photos/134729469@N04/