In this post I'll elaborate more on some of the current activities of a well known Darkode forum member namely Nassef which we can clearly see here in the Darkode repository of research.
Known email: [email protected]
Sample currently active known domain registrations:
hxxp://tonymontana.su
hxxp://hack-mirror.net
hxxp://tonymontana.cards
hxxp://tonymontana.cash
hxxp://tonymontana.biz
Sample photos of related Darkode members:
Sample personal photo of Eric L Crocker also known as Phastman
Sample personal photo of Phillip R Fleitz also known as Strife
Related posts:
- Exposing the Darkode Forum Bust and the Associated Individuals Behind It - Or How I Almost Got Kidnapped? - An OSINT Analysis
- Domain Portfolio Operated by Sp3cial1st from Darkode
What we have here are several E-Shops for stolen credit card numbers part of his brand franchise including a web site defacement mirror run by him.
Known Darkode domains:
hxxp://darkode.com - 81.27.98.152 - [email protected]
hxxp://darkode.pro
hxxp://darkode.com
hxxp://darkode.me
hxxp://darkode.cc
hxxp://darkode.su - Email: [email protected]
Known Darkode personal email address account:
Full names of Darkode members:
Johan Anders Gudmunds
Morgan C Culbertson
Eric L Crocker
Naveed Ahmed
Phillip R Fleitz
Dewayne Watts
Murtaza Saifuddin
Daniel Placek
Matjaz Skorjanc
Florencio Carro Ruiz
Mentor Leniqi
Rory Stephen Guidry
We also have an interesting malicious infrastructure discovery in the context of TA505, Darkode (hxxp://darkode.su; [email protected]) and the following portfolio of malicious domains.
hxxp://arculus.su
hxxp://bestsup.su
hxxp://abcstore.su
hxxp://usdcoin.su
hxxp://loads.su
hxxp://adsk.su
hxxp://newbond.su
hxxp://moserant.su
hxxp://huntersinternational.su
hxxp://exploit.su
hxxp://mazurax.su
hxxp://mocaverse.su
hxxp://firemarket.su
hxxp://accounts-login.su
hxxp://drkatzen.su
hxxp://zeebira.su
hxxp://fedex-tracking.su
hxxp://officesupportdoc.com
hxxp://amazon-security-deutschland-safer-certification-info.com
hxxp://aspendok.com
hxxp://trailandra.com
hxxp://flumenco.com
hxxp://agliesc.com
hxxp://technicalpreviews.com
hxxp://thipissney.com
hxxp://paalai.su
hxxp://portfolio-metamask.su
hxxp://allbridge.su
hxxp://manta.su
hxxp://commerzebank.net
hxxp://aerulonoured.su
hxxp://aswurdaes.su
hxxp://cerofixt.su
Related personally identifiable information on Matjaz Skorjanc - Iserdo - ButterFly Bot which was also a well known Darkode member:
hxxp://lizardstresser.su
hxxp://80.242.123.196
hxxp://142.11.230.18/b.php
Related ButterFly Bot personally identifiable email address accounts:
Related URL:
hxxp://bfsystems.net
hxxp://webmail.ngulesh.info
Related domain ([email protected]) registrations:
hxxp://voc.cash
hxxp://deepbluesecurity.nl
hxxp://threatforce.net
hxxp://erc20collector.com
hxxp://b2bradio.net
hxxp://intelhub.link
Related domain ([email protected]) registrations:
hxxp://albaname.com
hxxp://albahost.net
hxxp://albaname.net
hxxp://mpuq.net
Related domain ([email protected]) registrations:
hxxp://jbcine.com
hxxp://futboltele.com
hxxp://clinicablanco.com
hxxp://clinica-blanco.com
Related domain ([email protected]) registrations:
hxxp://tamiflux.net
The post What is Nassef from Darkode Up To? appeared first on Security Boulevard.
Dancho Danchev
Source: Security Boulevard
Source Link: https://securityboulevard.com/2024/08/what-is-nassef-from-darkode-up-to/