Author Archives: Dancho Danchev

It’s the Facebook message that came from one of your infected friends pointing you to an on purposely created bogus Bloglines blog serving fake YouTube video window, that I have in mind. The Koobface gang has been mixing social engineering vectors by t… Continue reading Historical OSINT – The Koobface Gang Mixing Social Engineering Vectors→

The original real-time OSINT analysis of the Russian cyberattacks against Georgia conducted on the 11th of August, not only closed the Russia vs Georgia cyberwar case for me personally, but also, once again proved that real-time OSINT is invaluable com… Continue reading Real-Time OSINT vs Historical OSINT in Russia/Georgia Cyberattacks→

When you get the “privilege” of getting DDoS-ed by a high profile DDoS for hire service used primarily by cybercriminals attacking other cybercriminals, you’re officially doing hell of a good job exposing money laundering scams.

The attached screensho… Continue reading The DDoS Attack Against Bobbear.co.uk→

So, the ultimate question – who’s behind the GPcode ransomware? It’s Russian teens with pimples, using E-gold and Liberty Reserve accounts, running three different GPcode campaigns, two of which request either $100 or $200 for the decryptor, and commun… Continue reading Who’s Behind the GPcode Ransomware?→

Of course the Klingons did it, or you were naive enough to even think for a second that Russians were behind it at the first place? Of the things I hate  most, it’s lowering down the quality of the discussion I hate the most. Even if you’re excluding a… Continue reading Who’s Behind the Georgia Cyber Attacks?→

The Koobface Facebook worm — go through an assessment of a previous campaign — is once again making its rounds across social networking sites, Facebook in particular. Therefore, shall we spill a big cup of coffee over the malware campaigners efforts … Continue reading Dissecting the Koobface Worm’s December Campaign→

Ho, Ho, Ho.Merry Christmas or Christmas just came in earlier.This is an official letter to all of my 5.6M readers since December, 2005 including an official letter to the U.S Security Industry including my current colleagues and friends from across the… Continue reading Time to Say Goodbye!→

I’ve been recently digging into several archives in terms of looking for actionable threat intelligence based on my research circa 2010 with the idea to enrich it in 2022 and collerate it with several of my proprietary databases for threat intelligence… Continue reading Historical OSINT – Profiling a Compilation of Known Apophis Exploit Kit C&C Public Domains – An OSINT Analysis→

Dear blog readers,This is Dancho. I wanted to take the time and effort and introduce you to my latest project which is a publicly accessible search engine for hackers security analysts security bloggers OSINT analysts and threat intelligence analysts t… Continue reading Search Engine for Hackers/Analysts/Bloggers/OSINT Analysts and Threat Intelligence Experts! Here We Go!→

A currently ongoing malicious campaign relying on injected iFrames at legitimate Web sites, successfully segments mobile traffic, and exposes mobile users to fraudulent legitimately looking variants of the AndroidOS/FakeInst/Trojan-SMS.J2ME.JiFake mobi… Continue reading Rogue iFrame Injected Web Sites Lead to the AndroidOS/FakeInst/Trojan-SMS.J2ME.JiFake Mobile Malware→