Exposing Hacking Team GhostSec - An Analysis

In this post I'll profile Hacking Team GhostSec and I'll provide all the relevant and necessary IoCs (Indicators of Compromise) including all the relevant personally identifiable information in terms of assisting U.S Law Enforcement and the U.S Intelligence Community on its way to properly track down and monitor and prosecute the cybercriminals behind these campaigns.

Personal Photos:

Related IoCs and personally identifiable information for GhostSec:

Official Web Site URL: hxxp://opiceisis.strangled.net

Official Web Site URL: hxxp://81.4.124.11/index.php

Official Web Site URL: hxxp://pst.klgrth.io

Official Group's Twitter account: hxxp://twitter.com/ghost_s3curity

Official Group's Telegram account: hxxp://t.me/GhostSecc

Official Group's Medium account: hxxp://medium.com/@OfficialGhostSec

Official Group's Web Site URL: hxxp://ghostsec-team.org

Official Group's Web Site URL: hxxp://ghostsecret-team.blogspot.com

Official Group's Email Address Account: ghostsecteam.org@gmail.com

Stay tuned!

Happy Holidays From The (Not) Republic of Bulgaria - An Analysis - Part Five

Dipshit. The deepest of them all.

Stay tuned!

Hacker Database

I would like to take the time and effort and let you know about my latest project which is called Hacker Database. Obtain access here.

Sample screenshots:

Sample visualizations produced using the database in GraphML format:

How Do Cybercriminals Manage Compromised Hosts Using Desktop Management Applications? - An Analysis

If an image is worth a thousand words then check out the following which although released in 2006 appears to be one of the cybercrime ecosystem's most sophisticated and advanced compromised hosts management tool within the ecosystem up to present day.

Sample screenshots include:

Who's Behind the Butterfly Bot/DCI Bot/DownTroj/Aspergillus Botnet Malicious Software?

Awesome.

Emails known to have been involved in the campaign include:

iserdo@gmail.com

toadmin@1337crew.info

wg.fatal@gmail.com

emailedgov.hacN@gmail.com

admin@1337crew.info

jernej_5@hotmail.com

usediserdo@gmail.com

toiserdo@gmail.com

schlist90210@gmail.com

Waisted.time@hotmail.com

addressnetNairo@hotmail.com

betweennetNairo@hotmail.com

hamlet1917@hotmail.com

addresshamlet1917@hotmail.com

withhamlet1917@hotmail.com

floxter@hotmail.com

ice@iceman.in

addressleniqi.mentor@siol.net

leniqi.mentor@siol.net

accountiserdo@gmail.com

addressicemangjN@hotmail.com

Sample screenshot:

Related domains:

hxxp://voc[.]cash

hxxp://deepbluesecurity[.]nl

hxxp://erc20collector[.]com

hxxp://b2bradio[.]net

hxxp://threatforce[.]net

hxxp://intelhub[.]link

Related screenshots:

Related screenshots:

Related domains:

hxxp://voc[.]cash

hxxp://deepbluesecurity[.]nl

hxxp://erc20collector[.]com

hxxp://b2bradio[.]net

hxxp://intelhub[.]link

hxxp://albahost[.]net

hxxp://albaname[.]com

hxxp://mpuq[.]net

hxxp://albaname[.]net

hxxp://threatforce[.]net

hxxp://tamiflux[.]net

hxxp://tamiflux[.]org

Sample screenshot of Voc Cash:

Exposing the Ukrainian Insider Trading Hackers that Stole $30M Using a SEC's EDGAR Securities Fraud Scheme - The Technical Details - Exclusive

"An OSINT conducted today is a tax payer's buck saved somewhere".

Official U.S Secret Service $1M reward listing on U.S Secret Service's Most Wanted Cybercriminals List for "Oleksandr Vitalyevich Ieremenko".

Handle: Zl0m; Lamarez; Ded.MCz; l@m@rEz

Email: lamarez@mail.ru; uaxakep@gmail.com - xeljanzusa.com - 62.109.25.228 (https://www.secureworks.com/research/point-of-sale-malware-threats); 62.109.1.69

Commpany: 2016 Кзерокс

Phone: +7 951 366 17 17

ICQ: 123424

Web Money: 258807111393

Related URLs:

hxxp://ageline.ru/lamarez.php

hxxp://k0x.ru/md5.salt.tx

hxxp://k0x.ru/_bot.exe - 82.146.60.59

hxxp://k0x.ru/black_energy_31337_/stat.php

http://k0x.ru/siicywu36dswh/addddos.php

hxxp://xtoolz.ru

hxxp://cup.su

hxxp://xwarez.us