National Cyber Warfare Foundation (NCWF)

National Cyber Warfare Foundation (NCWF)

The Conti Ransomware Gang and the Trickbot Cybercrime Enterprise XMPP’s and Jabber Account IDs

0 user ratings

2023-09-08 14:13:20
milo
Blue Team (CND)
- archive --

The power of OSINT and real-time OSINT which has been my methodology since December, 2005 when I originally launched this blog? Check out the following analysis courtesy of me which details in-depth who's behind the Conti Ransomware Gang and the Trickbot cybercrime enterprise using exclusively and entirely public sources of information in combination with my real-time OSINT methodology hence the results.

Sample XMPP and Jabber account IDs include:

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

It gets even better with the recent OFAC sanctions that also mention several interesting email address accounts:

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

It gets even more interesting when we dig a little bit deeper and find related domain registrations associated with these email address accounts.

For instance we have hxxp://baikal-tour.su which is a travel agency and hxxp://kurochkina.com which is Ekaterina Kurochkina who is a fashion photographer currently known as Valentina Ushenina currently a training instructor at the PortDeBras company where we have the same domains registered by a known individual on the Conti Ransomware Gang's sanctions list ([email protected]).

We also have a Google Play application (hxxp://play.google.com/store/apps/details?id=com.WSCards.RSP&&gl=US) that also points to (hxxp://finters.su) which stands for an international sports organization.

Personally identifiable information on Valentina Ushenina include:

Skype: valentinatigra

hxxp://vk.com/id3151577

Email: [email protected]; [email protected]

Sample photos of Valentina Ushenina include:

All known domains known to have been registered by [email protected] include:

hxxp://artfreegallery.us

hxxp://artfreegallery.com

hxxp://kurochkina.com

hxxp://s23.su

hxxp://baikal-tour.su

hxxp://finters.su

All known domains known to have been registered by [email protected] include:

hxxp://art-deko.biz

hxxp://serpwomanhealth.info

hxxp://avtofortuna.info

hxxp://knigodvor.info

hxxp://alkommet.com

hxxp://art-deko.info

Stay tuned!

The post The Conti Ransomware Gang and the Trickbot Cybercrime Enterprise XMPP’s and Jabber Account IDs appeared first on Security Boulevard.

Dancho Danchev

Source: Security Boulevard
Source Link: https://securityboulevard.com/2023/09/the-conti-ransomware-gang-and-the-trickbot-cybercrime-enterprise-xmpps-and-jabber-account-ids/

Comments	new comment
Nobody has commented yet. Will you be the first?

Forum

Blue Team (CND)

Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.