Author Archives: Dancho Danchev

Dear blog readers,I’ve decided to share some OSINT notes on Bulgaria’s Emil Kyulev.Sample network assets reconnaissance:e[.]kyulev[[.]]protonmail[.]comhxxp://magadans[.]net14cbx34hgJYN1iyFvT4PsCxKVsGDuZi5pR0x0837a9df92d68505ceba32fb540475e29fbf29f… Continue reading Exposing Bulgaria’s Emil Kyulev/RansomedVC/Magadans/BorisTulev/BlackForums/ImpotentNaEvropa/Everest Ransomware Group/DADS Agency – An OSINT Analysis→

UPDATE: I just added an additional set of details and information obtained using public sources.Personal email: rujaignatova[.]hotmail.comhxxp://rujaignatova.eu/hxxp://drrujaignatova.comhxxp://www.youtube.com/rujaignatovahxxp://x.com/rujaignatovahxxp:/… Continue reading Exposing Bulgaria’s Ruja Ignatova’s OneCoin Cryptocurrency Internet-Connected Infrastructure – An Analysis→

Dear blog readers,In this analysis I’ll provide actionable intelligence on the LabHost phishing as a service cybercrime enterprise.Sample URLs known to have been involved in the campaign include:hxxp://labhost[.]cchxxp://labhost[.]cohxxp://labhost[.]xy… Continue reading Exposing LabHost – Phishing as a Service Franchise – An OSINT Analysis→

Dear blog readers,In the following analysis I’ll offer an URL compilation of fake news sites including additional personally identifiable email address accounts known to have been involved in these campaigns.hxxp://addustuor[.]comhxxp://al-jazirah[.]or… Continue reading Exposing a Rogue Domain Portfolio of Fake News Sites – An Analysis→

 Dear blog readers,In this analysis I’ll take a look at a recently seized malware crypting as a service domain and will offer additional insights into how the service works.From the press release:”AegisTools.pw is a platform known in the undergrou… Continue reading A Peek Inside a Recently Seized Malware Crypting as a Service Domain Portfolio – An Analysis→

In this analysis we’ll take a look inside the Redline Stealer’s C&C and IoCs infrastructure obtained using public sources with the idea to enrich the actual domain infrastructure while looking for additional clues for related malicious and fraudule… Continue reading Exposing the C&C and IoC Infrastructure of the Redline Stealer Malicious Software – An Analysis→

Dear blog readers,In this analysis I’ll offer and provide an in-depth technical overview of the Internet-connected infrastructure behind the Maze Ransomware Group using public sources including the data leak broker who’s responsible for the Sonatrach D… Continue reading Exposing the Sonatrach Data Leak and the Data Leak Broker Behind it – An OSINT Analysis→

I’ve recently obtained access to a publicly obtainable set of personally identifiable information belonging to a secondary Breached Forum team members and based on this discovery I’ve decided to dig a little bit deeper and find out related domain name … Continue reading Exposing a Domains Portfolio Courtesy of Breached Forum Team Members – An OSINT Analysis→

I’ve decided to take a closer look at the recently seized domain portfolio owned by the infamous Samourai Cryptocurrency Mixer where the actual infrastructure consists of several primary domains and several secondary domains including a vast social med… Continue reading Profiling the Recently Seized Samourai Cryptocurrency Mixer Service – An Analysis→

The following is a compilation of publicly accessible DDoS booter services URLs.Sample related URLs:hxxp://str3ssed.comhxxp://dream-stresser.suhxxp://zdstresser.nethxxp://darkvr.iohxxp://tresser.iohxxp://xstress.tophxxp://blaststress.ruhxxp://dreams-st… Continue reading A Compilation of DDoS Booter Services URLs – An Analysis→