Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

In the overwhelming sea of information, access to timely, insightful and independent open-source intelligence (OSINT) analyses is crucial for maintaining the necessary situational awareness to stay on the top of emerging security threats. This blog covers trends and fads, tactics and strategies, intersecting with third-party research, speculations and real-time CYBERINT assessments, all packed with sarcastic attitude

Friday, February 21, 2025

Exposing the Black Basta Ransomware Group

UPDATED:

Exposing the Black Basta Ransomware Group - Part Two

Exposing the Black Basta Ransomware Group - Part Three

An image is worth a thousand words.

Sample photos:

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Friday, January 17, 2025

A Peek Inside the Current State of BitCoin Exchanges

Dear blog readers,

In this post I'll provide some actionable intelligence on the current state of active BitCoin Exchanges landscape with the idea to assist everyone on their way to properly attribute a fraudulent or malicious transaction or to dig a little bit deeper inside the infrastructure and financial infrastructure behind these BitCoin Exchanges.

Sample BitCoin Exchanges URLs:

hxxp://bisq.network
hxxp://blockdx.net
hxxp://boltz.exchange
hxxp://changenow.io
hxxp://coinswap.click
hxxp://crp.is
hxxp://exch.cx
hxxp://exchanger.infinity.taxi
hxxp://exolix.com
hxxp://fixedfloat.com
hxxp://godex.io
hxxp://hodlhodl.com
hxxp://letsexchange.io
hxxp://localmonero.co
hxxp://majesticbank.at
hxxp://mandala.exchange
hxxp://peachbitcoin.com
hxxp://sideshift.ai
hxxp://stealthex.io
hxxp://tradeogre.com
hxxp://unstoppableswap.net
hxxp://vexl.it
hxxp://bitswitch.io
hxxp://wizardswap.io
hxxp://xchange.me

Sample known responding IPs:

172.67.172.108
91.195.240.19
51.68.37.66
188.165.1.80
104.21.80.1
104.21.64.1
36.86.63.182
172.67.69.184
188.114.99.236
188.114.96.18
185.178.208.163
3.24.66.78
188.114.98.229
104.26.7.14
188.114.99.229
103.154.123.132
172.67.68.152
188.114.98.224
182.23.79.195
203.119.13.75
203.119.13.76
186.2.163.71
91.215.41.54
176.9.158.211
188.114.98.128
146.112.61.107
188.114.99.192
162.241.216.218
128.242.250.148
208.101.21.43
202.160.130.52
202.160.128.210
146.112.61.106
89.41.182.24
89.41.182.99
193.168.141.179
193.168.141.55
72.52.178.23
13.248.148.254
104.21.58.171
206.189.58.26
167.99.246.105
54.66.176.79
157.245.84.7
188.114.97.4
188.114.96.4
188.114.97.12
95.214.53.250
159.89.122.145
104.21.60.147
172.67.197.200
172.64.86.149
15.235.75.245
104.18.45.100
188.114.97.1
104.31.82.18
192.29.39.98
107.154.236.60
107.154.141.60
172.67.70.100
192.29.39.48
65.8.227.25
13.225.229.65
18.160.144.91
13.35.245.111
13.249.64.117
172.217.12.179
172.217.16.179
198.18.1.141
34.196.254.27
92.242.140.6
185.66.143.187
188.114.96.6
188.114.97.10
188.114.96.14
104.31.83.21
104.21.34.110
188.114.97.14
192.186.250.199
188.114.97.11
18.102.16.191
13.50.141.112
176.9.29.194
104.26.1.187
34.234.52.18
65.0.79.182
173.236.182.137
104.244.46.93
198.18.1.164
108.160.165.211
52.25.92.0
86.35.3.193
50.63.202.31
104.21.112.1
184.168.221.26
50.63.202.19
172.67.134.215
255.255.255.255
23.217.138.108
149.202.88.23
184.168.221.42
45.60.153.115
15.165.119.196
188.114.96.0
15.164.135.176
18.173.233.64
104.26.13.101
188.114.97.20
108.160.170.41
104.21.81.250
188.114.97.6
188.114.97.3
104.21.32.1
172.67.128.64
104.26.7.183
184.168.221.44
172.64.80.1
23.202.231.167

Dancho Danchev