I've decided to share with everyone a recently made available MP3 audio training compilation on the topic of OSINT cybercrime research and threat intelligence which you can check out here.
Stay tuned.
Continue reading →
Dear blog readers,
I've decided to share with everyone a recently recorded video on the topic of "How I Tracked Down the Conti Ransomware Gang?" which is also available here.
Enjoy.
Continue reading →
Exposing Bulgaria's Emil Kyulev/RansomedVC/Magadans/BorisTulev/BlackForums/ImpotentNaEvropa/Everest Ransomware Group/DADS Agency - An OSINT Analysis
0
Dear blog readers,
I've decided to share some OSINT notes on Bulgaria's Emil Kyulev.
Sample network assets reconnaissance:
e[.]kyulev[[.]]protonmail[.]com
hxxp://magadans[.]net
14cbx34hgJYN1iyFvT4PsCxKVsGDuZi5pR
0x0837a9df92d68505ceba32fb540475e29fbf29ff
hxxp://magadans23[.]com
hxxp://magadans23[.]info
hxxp://magadans23[.]net
admin[[.]]ransomed[.]vc
hxxp://t[.]me/RansomedSupport
hxxp://k63fo4qmdnl4cbt54sso3g6s5ycw7gf7i6nvxl3wcf3u6la2mlawt5qd[.]onion/
hxxp://f6amq3izzsgtna4vw24rpyhy3ofwazlgex2zqdssavevvkklmtudxjad[.]onion/
TOX: 192D52C7C18F3D2693ED2453E64C53EC0CCF0255AB2291F019B65BA84442B313C410DE132E59
hxxp://twitter[.]com/RansomedVC
hxxp://t[.]me/USISAutoLookupBot
hxxp://breached[.]wiki - 172[.]232[.]4[.]89
hxxp://breached[.]fun - 162[.]255[.]119[.]114
ransomed[.]nigge[.]rs
BorisTulev
hxxp://t[.]me/s/[.]EOMLOL
hxxp://blackforums[.]net
impotentnaevropa
threasec[.]]xmpp[.]jp
hxxp://t[.]me/s/RansomedSupport
bc1qg07auf7efld3edzyjs2wqztaky39xjdyk0uprj
bc1qqc7nla44te4wxyvf9j7zxtc5q296sxn94k6v00
bc1qwv6hg860mf9g0at8fe64nsswa2pa73vgd9tvj5
bc1qqc7nla44te4wxyvf9j7zxtc5q296sxn94k6v00
everestgrp[.]exploit[.]im
everestgrp[.]thesecure[.]biz
everbe[.]airmail[.]cc
everest[.]airmail[.]cc
notopen[.]cock[.]li
eV3rbe[.]rape[.]lol
thunderhelp[.]airmail[.]cc
everestblog[.]airmail[.]cc
everestblog[.]cock[.]li
decryptors[.]xmpp[.]is
Raznatovic
hxxp://ransomed[.]biz
hxxp://t[.]me/s/ransomed_middleman
Tigers of Arkan
Raznatovic Channel
RaznatovicAdmin
hxxp://t[.]me/s/RaznatovicAdmin
Hriste Boze
hxxp://exposed[.]vc
Impotent
kmeta
kmetanaevropa
promise
creeper
pulpo
hanakobuta
hristeeboje
185[.]246[.]222[.]28
bankmanagers
ransomed[.]danwin1210[.]de
rfadmin[.]thesecure[.]biz
192D52C7C18F3D2693ED2453E64C53EC0CCF0
255AB2291F019B65BA84442B313C410DE132E59
ransomedSec
HristeeBoje
HanaKobuta
impotent[.]thesecure[.]biz
Mariamagdalena1337[.]mailfence[.]com
209[.]141[.]58[.]150
hxxp://rinse-right[.]com
hxxp://rancorpbr[.]com
hxxp://rancorp[.]net
hxxp://ransom-market[.]com
hxxp://ransomedtools[.]online
hxxp://pennywiseretail[.]com
hxxp://rancorpav[.]com
hxxp://openrangemgmt[.]com
hxxp://selectwindows[.]ca - Email: rancorp@shaw[.]ca
hxxp://preferredloansla[.]com
hxxp://rancorpgroup[.]com
blackforums[.]net@gmail[.]com
hxxp://flighthk[.]com
rifkyrev98[.]gmail[.]com
hxxp://worlddating[.]xyz
hxxp://orbpanel[.]xyz
hxxp://permanawfx[.]xyz
hxxp://free-mail[.]xyz
hxxp://slinku[.]xyz
hxxp://pressfly[.]online
hxxp://redpay[.]online
hxxp://omanexpress[.]xyz
hxxp://accounttelekom[.]xyz
hxxp://point-teleko[.]xyz
hxxp://telekobalance[.]xyz
hxxp://omandhl[.]xyz
Leading Company in Digital Peace Tax
hxxp://blackforums[.]net
hxxp://tulach[.]cc
Teodor Iliev
MAGADANS
#МълчаниетоСвърши
#НиеСмеСилата
#ВъзмездиетоИдва
State Agency for Digital Peace
Continue reading →
Exposing Bulgaria's Ruja Ignatova's OneCoin Cryptocurrency Internet-Connected Infrastructure - An Analysis
0
UPDATE: I just added an additional set of details and information obtained using public sources.
Personal email: rujaignatova[.]hotmail.com
hxxp://rujaignatova.eu/
hxxp://drrujaignatova.com
hxxp://www.youtube.com/rujaignatova
hxxp://x.com/rujaignatova
hxxp://x.com/RoujaNoir
hxxp://www.facebook.com/ruja.ignatova.1
hxxp://www.pinterest.com/rujaignatova/ruja-ignatova/
hxxp://rujaignatova.blogspot.coma
hxxp://www.tumblr.com/rujaignatova
hxxp://rujaignatova.weebly.com/
hxxp://rujaignatova.wordpress.com
hxxp://www.slideshare.net/rujaignatova
hxxp://rujaignatova.livejournal.com/
Related photos:
Related URLs known to have been involved in the campaign include:
hxxp://onecoin.eu/signup/Artsaw
hxxp://onecoin.eu/signup/Bestcoin88/
hxxp://onecoin.eu/signup/Douglashoe
hxxp://onecoin.eu/signup/Emin2016
hxxp://onecoin.eu/signup/FernandoPaz
hxxp://onecoin.eu/signup/Filouius/
hxxp://onecoin.eu/signup/FreedomRocks
hxxp://onecoin.eu/signup/FreedomRocks
hxxp://onecoin.eu/signup/HelenN
hxxp://onecoin.eu/signup/Ikomcoin
hxxp://onecoin.eu/signup/KMArms
hxxp://onecoin.eu/signup/Kokudo
hxxp://onecoin.eu/signup/Markus1990
hxxp://onecoin.eu/signup/Morpheus69
hxxp://onecoin.eu/signup/Nikemoney57
hxxp://onecoin.eu/signup/OneFutureNitro
hxxp://onecoin.eu/signup/Silberberg
hxxp://onecoin.eu/signup/TwoCryptoLords
hxxp://onecoin.eu/signup/TwoCryptoLords
hxxp://onecoin.eu/signup/Valitys
hxxp://onecoin.eu/signup/account
hxxp://onecoin.eu/signup/allnova/
hxxp://onecoin.eu/signup/amb2
hxxp://onecoin.eu/signup/arastar
hxxp://onecoin.eu/signup/bigmoneylloyd
hxxp://onecoin.eu/signup/boesi666
hxxp://onecoin.eu/signup/brandongonzales022
hxxp://onecoin.eu/signup/businessdot
hxxp://onecoin.eu/signup/cimpalex/
hxxp://onecoin.eu/signup/cjn881
hxxp://onecoin.eu/signup/cln2204
hxxp://onecoin.eu/signup/coinday
hxxp://onecoin.eu/signup/conligusglobal
hxxp://onecoin.eu/signup/douglasone
hxxp://onecoin.eu/signup/emmanuel26
hxxp://onecoin.eu/signup/eniway/
hxxp://onecoin.eu/signup/franvar/
hxxp://onecoin.eu/signup/freesignup
hxxp://onecoin.eu/signup/frische
hxxp://onecoin.eu/signup/glorynow
hxxp://onecoin.eu/signup/granlord
hxxp://onecoin.eu/signup/headway
hxxp://onecoin.eu/signup/ilona888
hxxp://onecoin.eu/signup/jalgirdas
hxxp://onecoin.eu/signup/jupe
hxxp://onecoin.eu/signup/juvencio
hxxp://onecoin.eu/signup/jx123456
hxxp://onecoin.eu/signup/leotaurus
hxxp://onecoin.eu/signup/loveofmoney
hxxp://onecoin.eu/signup/loveofmoney
hxxp://onecoin.eu/signup/lza100
hxxp://onecoin.eu/signup/meneghini
hxxp://onecoin.eu/signup/mikel1
hxxp://onecoin.eu/signup/mikel1
hxxp://onecoin.eu/signup/mjlipsey1959
hxxp://onecoin.eu/signup/monicajackson
hxxp://onecoin.eu/signup/naturinost
hxxp://onecoin.eu/signup/netgain
hxxp://onecoin.eu/signup/prosperityteam
hxxp://onecoin.eu/signup/redapga1946
hxxp://onecoin.eu/signup/redapga1946
hxxp://onecoin.eu/signup/revel
hxxp://onecoin.eu/signup/rich2help888
hxxp://onecoin.eu/signup/rocco
hxxp://onecoin.eu/signup/sanji1
hxxp://onecoin.eu/signup/slavagold
hxxp://onecoin.eu/signup/sultan1
hxxp://onecoin.eu/signup/suomi
hxxp://onecoin.eu/signup/thetraveler
hxxp://onecoin.eu/signup/tovarco1
hxxp://onecoin.eu/signup/tyiviah
hxxp://onecoin.eu/signup/vassileva55
hxxp://onecoin.eu/signup/xrflex
hxxp://onecoin.eu/signup/1eugen1
hxxp://onecoin.eu/signup/2polmaks
hxxp://onecoin.eu/signup/EDSONCOOL
hxxp://onecoin.eu/signup/FRDS1
hxxp://onecoin.eu/signup/Ginaspider
hxxp://onecoin.eu/signup/Hope4U
hxxp://onecoin.eu/signup/Kristinaup
hxxp://onecoin.eu/signup/LjLifestyle
hxxp://onecoin.eu/signup/Master021
hxxp://onecoin.eu/signup/Master21
hxxp://onecoin.eu/signup/Master22
hxxp://onecoin.eu/signup/Moneyrabbit
hxxp://onecoin.eu/signup/ROBett
hxxp://onecoin.eu/signup/Rosado1
hxxp://onecoin.eu/signup/Saunaseppo1
hxxp://onecoin.eu/signup/Sonnenschein24
hxxp://onecoin.eu/signup/Thomasw71
hxxp://onecoin.eu/signup/Youhim
hxxp://onecoin.eu/signup/alespavsic
hxxp://onecoin.eu/signup/angels001
hxxp://onecoin.eu/signup/arasan30071989
hxxp://onecoin.eu/signup/ardna888
hxxp://onecoin.eu/signup/arunk7448
hxxp://onecoin.eu/signup/bagosrg
hxxp://onecoin.eu/signup/bcjenterprises3
hxxp://onecoin.eu/signup/bricediamant
hxxp://onecoin.eu/signup/cisar72
hxxp://onecoin.eu/signup/dalma1
hxxp://onecoin.eu/signup/davil
hxxp://onecoin.eu/signup/diamondcoin88
hxxp://onecoin.eu/signup/doomer
hxxp://onecoin.eu/signup/doubleclick
hxxp://onecoin.eu/signup/duinvestor
hxxp://onecoin.eu/signup/duksa
hxxp://onecoin.eu/signup/edwinmontoya
hxxp://onecoin.eu/signup/finlay1
hxxp://onecoin.eu/signup/gudzen
hxxp://onecoin.eu/signup/herbasanitatum
hxxp://onecoin.eu/signup/jeffhsu0908
hxxp://onecoin.eu/signup/jeffpb1
hxxp://onecoin.eu/signup/jhernandez61
hxxp://onecoin.eu/signup/kimovich2015
hxxp://onecoin.eu/signup/koubayb
hxxp://onecoin.eu/signup/loulou2706
hxxp://onecoin.eu/signup/mundialone
hxxp://onecoin.eu/signup/murbank
hxxp://onecoin.eu/signup/ninel555
hxxp://onecoin.eu/signup/oczahid777
hxxp://onecoin.eu/signup/onecoinsf01
hxxp://onecoin.eu/signup/parlik777
hxxp://onecoin.eu/signup/ravi5feb
hxxp://onecoin.eu/signup/rosanacgazzotto
hxxp://onecoin.eu/signup/sahara396
hxxp://onecoin.eu/signup/satoshi
hxxp://onecoin.eu/signup/sebasone
hxxp://onecoin.eu/signup/skorpio7skorpio
hxxp://onecoin.eu/signup/sliuda2205
hxxp://onecoin.eu/signup/sol17
hxxp://onecoin.eu/signup/spezialcoin
hxxp://onecoin.eu/signup/superuwe
hxxp://onecoin.eu/signup/svetagorinvest
hxxp://onecoin.eu/signup/topcats
hxxp://onecoin.eu/signup/tturihamwe
hxxp://onecoin.eu/signup/ucantwo
hxxp://onecoin.eu/signup/vsvasvs
hxxp://onecoin.eu/signup/xopr4
hxxp://onecoin.eu/signup/yudi01
hxxp://onecoin.eu/signup/zirbenhof
hxxp://www.onecoin.eu/signup/1coinsuk
hxxp://www.onecoin.eu/signup/AlShea
hxxp://www.onecoin.eu/signup/Alishahid1
hxxp://www.onecoin.eu/signup/Butchong
hxxp://www.onecoin.eu/signup/ChristianFunding
hxxp://www.onecoin.eu/signup/DanielW1
hxxp://www.onecoin.eu/signup/DrBreakThrough
hxxp://www.onecoin.eu/signup/DrBreakThrough
hxxp://www.onecoin.eu/signup/DrBreakThrough2
hxxp://www.onecoin.eu/signup/EstoniaOneCoin
hxxp://www.onecoin.eu/signup/Fast1
hxxp://www.onecoin.eu/signup/Fastforward1011
hxxp://www.onecoin.eu/signup/FreeMoney365
hxxp://www.onecoin.eu/signup/ImAntbPolo
hxxp://www.onecoin.eu/signup/ImAntbPolo
hxxp://www.onecoin.eu/signup/InGodWeTrust
hxxp://www.onecoin.eu/signup/IngresosOnline
hxxp://www.onecoin.eu/signup/KAUFKRAFTmoney
hxxp://www.onecoin.eu/signup/LakshmiEmpire
hxxp://www.onecoin.eu/signup/Livingfree7
hxxp://www.onecoin.eu/signup/Mehrwertkonto
hxxp://www.onecoin.eu/signup/Mrbeats
hxxp://www.onecoin.eu/signup/NaDiPh
hxxp://www.onecoin.eu/signup/Ohanna
hxxp://www.onecoin.eu/signup/OneFutureJeff
hxxp://www.onecoin.eu/signup/PEInvestments
hxxp://www.onecoin.eu/signup/PRIMAWORLD
hxxp://www.onecoin.eu/signup/ROBett
hxxp://www.onecoin.eu/signup/Rdon
hxxp://www.onecoin.eu/signup/ReachHigh
hxxp://www.onecoin.eu/signup/ReachHigh1
hxxp://www.onecoin.eu/signup/Rhino01
hxxp://www.onecoin.eu/signup/TheVision
hxxp://www.onecoin.eu/signup/Tradertomdotnet
hxxp://www.onecoin.eu/signup/WillieGold
hxxp://www.onecoin.eu/signup/achievesuccess
hxxp://www.onecoin.eu/signup/achievesuccess
hxxp://www.onecoin.eu/signup/addy2014
hxxp://www.onecoin.eu/signup/angel741
hxxp://www.onecoin.eu/signup/aquigano
hxxp://www.onecoin.eu/signup/autosmile
hxxp://www.onecoin.eu/signup/blazze
hxxp://www.onecoin.eu/signup/burmese
hxxp://www.onecoin.eu/signup/carmar12
hxxp://www.onecoin.eu/signup/datroni2t
hxxp://www.onecoin.eu/signup/derscheithauer
hxxp://www.onecoin.eu/signup/evgeniyaalp
hxxp://www.onecoin.eu/signup/freedompass777
hxxp://www.onecoin.eu/signup/geppy
hxxp://www.onecoin.eu/signup/groundlevel
hxxp://www.onecoin.eu/signup/h16888
hxxp://www.onecoin.eu/signup/iProfit
hxxp://www.onecoin.eu/signup/ilma43
hxxp://www.onecoin.eu/signup/jrb3
hxxp://www.onecoin.eu/signup/kharkhowa2
hxxp://www.onecoin.eu/signup/klaus1955
hxxp://www.onecoin.eu/signup/macitam
hxxp://www.onecoin.eu/signup/maximocoin1
hxxp://www.onecoin.eu/signup/maxwave
hxxp://www.onecoin.eu/signup/nrichunow
hxxp://www.onecoin.eu/signup/onecoin4u
hxxp://www.onecoin.eu/signup/online
hxxp://www.onecoin.eu/signup/onlinesecrets4
hxxp://www.onecoin.eu/signup/powerleg
hxxp://www.onecoin.eu/signup/renmei
hxxp://www.onecoin.eu/signup/robertdcoinsB
hxxp://www.onecoin.eu/signup/sandracielo
hxxp://www.onecoin.eu/signup/skibumfx
hxxp://www.onecoin.eu/signup/solidincomes
hxxp://www.onecoin.eu/signup/tamaybee
hxxp://www.onecoin.eu/signup/trevorweir
hxxp://www.onecoin.eu/signup/umsatznavigator
hxxp://www.onecoin.eu/signup/vapaa
hxxp://www.onecoin.eu/signup/wownetwork
hxxp://www.onecoin.eu/signup/zuzam
hxxp://www.onecoin.eu/signup/18268694217
hxxp://www.onecoin.eu/signup/30king
hxxp://www.onecoin.eu/signup/ACHIEVER
hxxp://www.onecoin.eu/signup/Arkad5
hxxp://www.onecoin.eu/signup/abypermata
hxxp://www.onecoin.eu/signup/alekstar
hxxp://www.onecoin.eu/signup/alex787
hxxp://www.onecoin.eu/signup/alexteam
hxxp://www.onecoin.eu/signup/allthatmoney
hxxp://www.onecoin.eu/signup/altera
hxxp://www.onecoin.eu/signup/amihur
hxxp://www.onecoin.eu/signup/amoisexy
hxxp://www.onecoin.eu/signup/angelschina
hxxp://www.onecoin.eu/signup/arisa
hxxp://www.onecoin.eu/signup/ashish12
hxxp://www.onecoin.eu/signup/autosmile
hxxp://www.onecoin.eu/signup/barzoy
hxxp://www.onecoin.eu/signup/bizzonline
hxxp://www.onecoin.eu/signup/cat2014
hxxp://www.onecoin.eu/signup/chinainvestor
hxxp://www.onecoin.eu/signup/chitownguy
hxxp://www.onecoin.eu/signup/comstar
I just came across to this and I decided to jump in with research and expertise including a proper analysis on the topic.
Sample network infrastructure reconnaissance:
hxxp://onecoin.eu - Email: georgi[.]onelifecorp.eu
hxxp://onelife.eu
hxxp://oneecosystem.eu
hxxp://onecoincurrencycrypto.blogspot.com/
hxxp://oneacademy.eu
hxxp://oneworldfoundation.eu
Sample personal photos:
Sample personally identifiable email address accounts:
press[.]onecoin.eu
office[.]onecoin.eu
press[.]onelife.eu
info[.]onelife.eu
office[.]oneworldfoundation.eu
ruja[.]onecoin.eu
sebgreenwood[.]gmail.com
sgreenwood[.]loopium.com
irina[.]onecoin.eu
gery.bacheva[.]gmail.com
y.savova[.]onelifecorp.eu
whistleblower[.]onelifecorp.eu
ruja[.]onecoin.eu
lottaspjut[.]onecoin.eu
mashakaalison[.]onecoin.eu
Related personally identifiable email address accounts:
office[.]onecoin.eu – Head Office
press[.]onecoin.eu – OneCoin Press Department
support[.]onelife.eu – Support Department
compliance[.]onelife.eu – Compliance Department
info[.]oneacademy.eu – One Academy Information Department
office[.]oneworldfoundation.eu – One World Foundation Office
publicidadvmms[.]gmail.com
press[.]onecoin.eu
Sample social media accounts:
hxxp://twitter.com/powerqueen_NFT
hxxp://www.linkedin.com/in/lottaspjut/
hxxp://bg.linkedin.com/in/dr-ruja-ignatova-74417161
https://www.linkedin.com/in/mashaka-alison-6771b340/
Sample BitCoin wallet IDs:
BTC: bc1qyap59m06vpj3p0y9ur936kg65sl6u34nq59gqamamtx5k2t2yvmsq28fjn
USDT (TRC20): TTQ978jA7u8HoQdUUWeG1N36kwqiTjmTdy
Related social media accounts:
hxxp://www.facebook.com/onecoincompany/
hxxp://www.facebook.com/OneCoin-708913922526031/
hxxp://www.facebook.com/OneLifeOfficial/
hxxp://www.facebook.com/oneworldfoundation.eu
hxxp://www.onelife.eu/en/contacts
hxxp://www.oneacademy.eu
hxxp://www.facebook.com/onecoincompany
hxxp://www.facebook.com/DrRujaIgnatova.onecoin
hxxp://bg.linkedin.com/in/ruja-ignatova-83929a161
hxxp://www.linkedin.com/in/thesebastiangreenwood
hxxp://www.facebook.com/sebastiangreenwood.onecoin
hxxp://www.linkedin.com/in/currencycrypto
hxxp://x.com/onecoincurrency
hxxp://www.facebook.com/onecoinregister
hxxp://www.pinterest.com/onecoincrypto/
hxxp://www.facebook.com/OneCoinCurrencyCrypto/
hxxp://youtube.com/c/OneCoinOfficial
hxxp://www.flickr.com/photos/134729469@N04/
Continue reading →
Subscribe to:
Comments (Atom)
RSS Feed