Author Archives: Dancho Danchev

Dear blog readers,The following is a BitCoin blockchain analysis of the BitCoin wallet addresses from the XSS cybercrime forum.BitCoin wallet addresses from XSS:1KKtz7NZ8rQB5tPtU642M5Q1CZFSmrzxrs115T6jzGrVMgQ2Nt1Wnua7Ch1EuL9WXT2g1DBFAcRbVTtikmrRq8PA6MY… Continue reading Analysis of BitCoin Wallet Addresses from XSS Cybercrime Forum – A BitCoin Blockchain Analysis→

Dear blog readers,The following is a BitCoin blockchain analysis of the BitCoin wallet addresses from the RAMP (Russian Anonymous Marketplace) cybercrime forum. BitCoin wallet addresses from RAMP:bc1q0hv5p5gygrqqahj7ds8ssk2kajykjz5rxmspj6bc1q0nrnv… Continue reading Analysis of BitCoin Wallet Addresses from RAMP (Russian Anonymous Marketplace) – A BitCoin Blockchain Analysis→

Dear blog readers,In this post I’ll provide actionable intelligence based on the research and analysis which I posted in my previous “Dissecting the RAMP (Russian Anonymous Marketplace) Ransomware Forum – An Analysis” blog post and will provide actiona… Continue reading A Domains Portfolio Belonging to RAMP (Russian Anonymous Marketplace) Forum Members – A Compilation→

Dear blog readers,In this post I’ll provide actionable intelligence on all the BitCoin wallet addresses from the RAMP (Russian Anonymous Marketplace) forum members with the idea to assist the security community fellow researchers and U.S Law Enforcemen… Continue reading A Compilation of BitCoin Wallet Addresses from the RAMP (Russian Anonymous Marketplace) Forum Members – A Compilation→

Dear blog readers,Continuing my previous post “Dissecting the RAMP (Russian Anonymous Marketplace) Ransomware Forum – An Analysis” I this post I’ll provide actionable cyber threat actor attribution intelligence and personally identifiable information o… Continue reading A Compilation of Personally Identifiable Email Address Accounts Belonging to RAMP (Russian Anonymous Marketplace) Forum – A Compilation→

Dear blog readers, Continuing the “When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Two” blog post series in this post I’ll continue analyzing the next malicious software binar… Continue reading When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Three→

Dear blog readers,I recently took the time and effort and do some research on the recently made public Coruna iOS iPhone client-side exploits serving web malware exploitation kits.Here are the details.Related MD5s for the javascript detected payload:MD… Continue reading IoCs (Indicators of Compromise) for the Coruna iOS iPhone Web Malware Client Side Exploits Serving Web Malware Exploitation Kit→

Dear blog readers,Continuing the second part of my original “When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Two” post in this second post I’ll proceed and move on with the next Co… Continue reading When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Two→

Dear blog readers,I just did the impossible but I’ll leave a set of photos and personally identifiable information about RAMP (Russian Anonymous Marketplace) Ransomware Forum to speak for itself.     Sample screenshots from my … Continue reading Dissecting the RAMP (Russian Anonymous Marketplace) Ransomware Forum – An Analysis→

Dear blog readers,This is Dancho.I’ve spent the past week working on a very important personal project where I’m using 100% Google Gemini Python generated code to achieve my objectives with a lot of success.However the time has come to seek a professio… Continue reading Looking for a Python Developer or a Team of Python Developers→