NotebookLM Content - 2005/2025

Dear blog readers,

I recently spend some time working with NotebookLM based on all of my content from 2005 to 2025 and I wanted to share the results with everyone.

 

 

 

 

 

 

 

 

Sample photos:

Sample videos:

 

 

 

 

Stay tuned.

Joining Forces with Treadstone 71

Dear blog readers,

This is Dancho.

I wanted to share with everyone the news that as of today I'm joining forces with Treadstone 71 as an OSINT Analyst. 

I also wanted to share the news of our latest flagship research entitled "Coordinated Inauthentic Behaviour Deceptive Amplification Comprehensive Analysis of Cross-Platform Synthetic Influence Operations Targeting @officialrezapahlavi and @pahlavireza" where I was responsible for the technical collection data mining data enrichment and analysis and presenting the final results of our report.

Here are some sample graphs from the report:

  

Stay tuned.

Enriched And Sandboxed Malware Command and Control (C&C) Domains Feed - Week 02

Dear blog readers,

This is the second week of sandboxing the new and novel malware samples that I have access to and extract and share and enrich all the malware command and control phone back domains. 

I hope that you will find this relevant and informative.

Sample malware C&C (command and control) phone back domains from this week's sandboxing include:

hxxp://212.ip.gl.ply.gg
hxxp://a.goatgame.co
hxxp://a0920080.xsph.ru
hxxp://bendavo.su
hxxp://cim.co.com
hxxp://classic-dave.gl.at.ply.gg
hxxp://clearsolutions.uk.com
hxxp://conxmsw.su
hxxp://cover-phantom.gl.at.ply.gg
hxxp://doddyfire.linkpc.net
hxxp://dstat.one
hxxp://elumadns.hopto.org
hxxp://exposqw.su
hxxp://fatisabi.linkpc.net
hxxp://fuu.tfuuuk.com
hxxp://hho.uk.com
hxxp://hov.multiatend.com.br
hxxp://hvu.uk.com
hxxp://infoprokaps.ddns.net
hxxp://job-citizenship.gl.at.ply.gg
hxxp://know-studied.gl.at.ply.gg
hxxp://krs.kievteplo.kiev.ua
hxxp://krs.tfba.me
hxxp://la-supreme.gl.at.ply.gg
hxxp://loganwolverin2026.duckdns.org
hxxp://memory-scanner.cc
hxxp://msf.uk.com
hxxp://narroxp.su
hxxp://needforrat.hopto.org
hxxp://needleexperience.xyz
hxxp://nft.uk.com
hxxp://nobles.locker
hxxp://open88-vip.com
hxxp://ozonelf.su
hxxp://pitchz.locker
hxxp://ptn.kievteplo.in.ua
hxxp://ptn.passadisco.com.br
hxxp://qdqwrqwrwqrqw.net
hxxp://salat.cn
hxxp://ser.nrovn.xyz
hxxp://squatje.su
hxxp://squeaue.su
hxxp://suzoo.ryxuz.com
hxxp://taodianla.com
hxxp://transfer.sh
hxxp://unembel.locker
hxxp://upaste.me
hxxp://vestcast.co
hxxp://vicareu.su
hxxp://vlxx.bz
hxxp://whitepepper.su
hxxp://windirautoupdates.top
hxxp://wndlogon.hopto.org
hxxp://wto.azl.one
hxxp://wto.mir-massage.kiev.ua
hxxp://www.ojang.pe.kr
hxxp://yip.su

hxxp://212.ip.gl.ply.gg	94ed112cb1f9ffe831906c83e02799a252b9f7b0116502550c1753ad12c23630	Suspicious:TrojanDrop.Agent.A.gaau
hxxp://a.goatgame.co	6fd5c640f4c1e434978fdc59a8ec191134b7155217c84845ea6a313aecf25bcc	Win/malicious_confidence_100%
hxxp://a0920080.xsph.ru	ea7efe5b685adb6324eea4717d5a9ef0c09c0222acc527d3bff2dc752d0cdcf9	Zusy.Generic
hxxp://bendavo.su	e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748	Win/malicious_confidence_100%
hxxp://cim.co.com	c5ed92bd459abb4fd92b3de50b9b60e38622a40e014faaec617c5de9d9e7cc60	Win/malicious_confidence_100%
hxxp://classic-dave.gl.at.ply.gg	6e6f89821d980d1305a0f7a333e529fdb212b10ffcd8e11c32d9a36f3326458e	Trojan.Generic
hxxp://clearsolutions.uk.com	3fb74f626ee600cd36be84546dbea162456581fae1f9a512209e9bbdb0ec29c8	Win/malicious_confidence_100%
hxxp://conxmsw.su	e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748	Win/malicious_confidence_100%
hxxp://cover-phantom.gl.at.ply.gg	94ed112cb1f9ffe831906c83e02799a252b9f7b0116502550c1753ad12c23630	Suspicious:TrojanDrop.Agent.A.gaau
hxxp://doddyfire.linkpc.net	33a995a9fb0790de7a522da691ab296e6d0e845b8228cb1fde3acddfff4e0584	Win/malicious_confidence_100%
hxxp://dstat.one	79bcf99e5c1a3c82d9de611adecaa580350711916e22f9f019d80ae90b3ef24f	Win/malicious_confidence_100%
hxxp://elumadns.hopto.org	607e18119b44e869812cccf8b2e7707d63024bde7ef1fc82da9086d2e21bf5d4	CryptPack.Generic
hxxp://exposqw.su	e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748	Win/malicious_confidence_100%
hxxp://fatisabi.linkpc.net	abfef5885b48d80f03063d96710c39d285dcd948acff2d2e7aca3c1e902245e9	QD:Trojan.GenericQ
hxxp://fuu.tfuuuk.com	749a094dd333916249a24c7e9540c9f7f22c8ead8a9b1bb353aeaf1b8e195fb9	Win/grayware_confidence_60%
hxxp://hho.uk.com	3fb74f626ee600cd36be84546dbea162456581fae1f9a512209e9bbdb0ec29c8	Win/malicious_confidence_100%
hxxp://hov.multiatend.com.br	59d896c37abda71d5321d121ec682bc058ce590a049418118d81f68235a54628	Trojan.Generic
hxxp://hvu.uk.com	3fb74f626ee600cd36be84546dbea162456581fae1f9a512209e9bbdb0ec29c8	Win/malicious_confidence_100%
hxxp://infoprokaps.ddns.net	6b5507201747da116e679511aa351ca64779d04dd4e406feab58e17cee3c86f8	Trojan.Generic
hxxp://job-citizenship.gl.at.ply.gg	df8a3aa8281ab768be25aa7e6994cb4a2b75c2fb76b9decea321cb2f032c4cd8	Suspicious:TrojanDrop.Agent.A.gaau
hxxp://know-studied.gl.at.ply.gg	39fdd742df6bfcf32a04c46dcbcda4a12c630506a4208a43251804f4ec05c520	Barys.Generic
hxxp://krs.kievteplo.kiev.ua	de84d30f33ec188bf7bb4bee5db11b592176ad4b90efe6de8423b221bdcd48e7	Win/malicious_confidence_60%
hxxp://krs.tfba.me	de84d30f33ec188bf7bb4bee5db11b592176ad4b90efe6de8423b221bdcd48e7	Win/malicious_confidence_60%
hxxp://la-supreme.gl.at.ply.gg	53fa182205d5f1253c1655870ceed328075a7384fc4196fc44cb33a546dfd1ad	Trojan.XWorm
hxxp://loganwolverin2026.duckdns.org	8e1f62b87234e54baf7ca40bfd2a81a6ed53b5a009b15ce7e4cba7d54d39a3a2	Trojan.Generic
hxxp://memory-scanner.cc	ed0df4e63f9f4ae680a8ae1d8ab92b192f406ea10794ece9de8fb719f70d6205	Win/malicious_confidence_100%
hxxp://msf.uk.com	3fb74f626ee600cd36be84546dbea162456581fae1f9a512209e9bbdb0ec29c8	Win/malicious_confidence_100%
hxxp://narroxp.su	e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748	Win/malicious_confidence_100%
hxxp://needforrat.hopto.org	c2a299f988158d07a573a21621b00b1577b7c232f91c1442ba30d272e4414c5d	Jalapeno.Generic
hxxp://needleexperience.xyz	53ddd2aa1a419ed06e97fb6a00f6032288cdfafc1288707a4c1cf28e95778c78	Trojan_Win32_Wacatac_B_ml
hxxp://nft.uk.com	c5ed92bd459abb4fd92b3de50b9b60e38622a40e014faaec617c5de9d9e7cc60	Win/malicious_confidence_100%
hxxp://nobles.locker	e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748	Win/malicious_confidence_100%
hxxp://open88-vip.com	4de054e1e7ab2a58f115cb769eb333352b67f182725979a7dd79f5f0c2fa12d9	Win/malicious_confidence_100%
hxxp://ozonelf.su	e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748	Win/malicious_confidence_100%
hxxp://pitchz.locker	1d691ee35228d7b5dff10f1cc39a9ecdda48414488df2b36370328919e262cdf	Trojan.Generic
hxxp://ptn.kievteplo.in.ua	21b7e82e5509b2564c3bbc25b1cd3aaefa175618ce4f267f3656eedd4226538d	Win/malicious_confidence_100%
hxxp://ptn.passadisco.com.br	3eaa9777b7b070dc3639b95b316aa0d7949f318527d3a813fc603c612700965e	tedy.Generic
hxxp://qdqwrqwrwqrqw.net	3a631b401a7730521459f6f40b7470a9ca055aedef3f86ee526be2eb4415c513	Tedy.Generic
hxxp://salat.cn	dae4e3ef73e9789b396b5f1117d8dd668bf07f6e703e7e7c18f14bf53c3406c8	Win/malicious_confidence_100%
hxxp://ser.nrovn.xyz	1954e0151deb50691b312e7e8463bd2e798f78ff0d030ce1ef889e0207cc03aa	Trojan.Agent
hxxp://squatje.su	e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748	Win/malicious_confidence_100%
hxxp://squeaue.su	e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748	Win/malicious_confidence_100%
hxxp://suzoo.ryxuz.com	9c2e1a084971f03e182ca54e09a4781db80a8158afe25ef0fdc4b2fde7ff5ad4	Trojan.Generic
hxxp://taodianla.com	f2e2a44d8084a1b9b359cb6d32ec93331cde72c53229edb5452590e1c26f562c	Trojan.Generic
hxxp://unembel.locker	20d41d4b657de10f240a6b94666973c9560daee9a363e5e31147029beb6a6cbb	QD:Trojan.GenericQ
hxxp://upaste.me	bb2419dbca5d15cdadd4c34be1828901a094b9b84d157c670b3350dcf691307e	MSIL.Cassiopeia.Generic
hxxp://vestcast.co	abd56fe04c36d4373ea9cc53efa0aec3bfd626a632c1079581163eaba26a0545	Trojan.Generic
hxxp://vicareu.su	e723996bb6955ee83c32917aff0d7f4c196bd401fcf950276ae52752d1f8f748	Win/malicious_confidence_100%
hxxp://vlxx.bz	7edad86c094f657569d22c11fdd5c593723160bd0c131208b96658b655ba6afc	Win/malicious_confidence_100%
hxxp://whitepepper.su	ed0df4e63f9f4ae680a8ae1d8ab92b192f406ea10794ece9de8fb719f70d6205	Win/malicious_confidence_100%
hxxp://windirautoupdates.top	eba32a07adf4a424f44d99b8dc4abf9cb1c7f4c771c6312e07d3fb92fc4b4c84	Win/malicious_confidence_100%
hxxp://wndlogon.hopto.org	23211cc5c51e8a3d1c0c8a99e5d726e232dd54f8dac7ca28ff11abaca76e864c	Trojan.Generic
hxxp://wto.azl.one	1b01df3731e1507392151ebb0200f7b5fec2fd05656eaef17b0a79e2d7770320	Trojan.Generic
hxxp://wto.mir-massage.kiev.ua	1b01df3731e1507392151ebb0200f7b5fec2fd05656eaef17b0a79e2d7770320	Trojan.Generic
hxxp://www.ojang.pe.kr	152704e13aba56bccb1183992109216ee3c2d007dfe123ff5762955ecd3b8f00	Trojan.Heur.Generic
hxxp://yip.su	612300066252c3151883d30f69a9b287c323a4a484a35ca553c5a73d3f7d0cfc	Jalapeno.Generic

Including the following:

hxxp://bendavo.su - Email: sbakuga@inbox.ru
hxxp://whitepepper.su
hxxp://vicareu.su 

Stay tuned. 

A Leak of Silent Ransomware Operators

Dear blog readers,

On November 19th 20025 the Silent Ransomware Operator's Dark Web Onion made an interesting posting in what appears to be a compromised Dark Web Onion with a specific post detailing the activities of the Silent Ransomware operators. 

I decided to dig a little bit deeper and also provide an enriched analysis.

Here are the leaked details:

Зубков, Владислав Сергеевич
Телефон: 79038429329
Дата рождения: 09.03.1996
Город: Тула, Россия
Инстаграм: vladi_tula
ВК: slaw71

Иванов, Иван Сергеевич
Телефон: 79153700392, 74957113532
Дата рождения: 03.04.1991
Город: Москва, Россия
 

Унжаков, Василий Андреевич
Телефон: 76534249063
Дата рождения: 22.04.1993
Город: Тула, Россия
Инстаграм: foxstis

Несветаев, Даниил Павлович
Телефон: 79508749805, 79031156929, 79510857967, 79606919091
Дата рождения: 03.01.2000
Город: Курск, Россия
ВК: xvidis

Солдатов, Владимир ВладимировичТелефон: 79514754980, 79124043093
Дата рождения: 21.09.1992
Город: Миасс, Россия
ВК: ВОВА 12345 СОЛДАТОВ

Аверин, Алексей Иванович
Телефон: 79534255483
Дата рождения: 23.01.1996
Город: Тула, Россия
Инстаграм: alexey.averin, averina1exei
ВК: a1exiiu

Фомичёв, Кирилл Алексеевич
Телефон: 79997815534, 79509266372, 79066268794, 79509028210, 79612672856
Дата рождения: 18.12.1996
Город: Тула, Россия
Инстаграм: kirill_fomichev71
ВК: diger71 

Primary domain known to have been involved:

hxxp://business-data-leaks.com - Email: tatodavi1997@finefreemail.com

Related domains:

hxxp://ucheck.info

hxxp://arculufi.com

hxxp://business-data-leaks.com

hxxp://layerzeronetworks.net

hxxp://parcelpathways.com 

Related domains:

hxxp://blackpass.online

hxxp://blackpass.link

Related domains:

hxxp://blackpass.one
hxxp://blackpass.sale
hxxp://blackpass.im
hxxp://blackpass.lu
hxxp://blackpass.io
hxxp://blackpass.ws
hxxp://blackpass.name
hxxp://blackpass.biz 

Stay tuned.

Profiling the Craxs Rat Malware-as-a-Service (MaaS) Enterprise

Dear blog readers,

I recently came across to a relatively interesting and novel malware as a service malicious software provider that specialized in Android based malware releases with several releases currently in the works and available commercially within the cybercrime ecosystem with the vendor currently possessing a pretty decent social media presence so I decided to provide some personally identifiable information about their online whereabouts. 

Sample domains known to have been involved in the campaign include:

hxxp://craxsrat.com - Email: evlfdev@gmail.com
hxxp://craxsrat.net
hxxp://craxsserver.com
hxxp://craxsrat.com
hxxp://evlfdev.com
hxxp://spysolr.com 

Sample contact details:

Session ID:
05e476b08449c214be276c9eee0db24f5d5a2296da86432a122d3102242939fe3d

Jabber ID:
evfldev@draugr.de

Tox ID:
93BEB9028B77008BFE13A46F2B2290A75988036A77D3D6A315FFA986C45F84654FF298AB9031 

Sample social media accounts involved in the campaign include:

https://x.com/EvLFDev
https://www.facebook.com/craxsrat
https://t.me/EVLFDEV
https://github.com/EVLF
https://www.youtube.com/@EvLFDev
https://www.facebook.com/spysolr/
https://spysolr.com
https://vimeo.com/user204150405
https://x.com/spysolr
https://t.me/spysolr 

Sample video demonstrations:

Related screenshots:

Stay tuned.