In this post I’ll elaborate more on some of the current activities of a well known Darkode forum member namely Nassef which we can clearly see here in the Darkode repository of research.
Sample currently active known domain registrations:
hxxp://tonymontana.su
hxxp://hack-mirror.net
hxxp://tonymontana.cards
hxxp://tonymontana.cash
hxxp://tonymontana.biz
Sample photos of related Darkode members:
Sample personal photo of Eric L Crocker also known as Phastman
Sample personal photo of Phillip R Fleitz also known as Strife
Related posts:
What we have here are several E-Shops for stolen credit card numbers part of his brand franchise including a web site defacement mirror run by him.
Known Darkode domains:
hxxp://darkode.pro
hxxp://darkode.com
hxxp://darkode.me
hxxp://darkode.cc
Known Darkode personal email address account:
Full names of Darkode members:
Johan Anders Gudmunds
Morgan C Culbertson
Eric L Crocker
Naveed Ahmed
Phillip R Fleitz
Dewayne Watts
Murtaza Saifuddin
Daniel Placek
Matjaz Skorjanc
Florencio Carro Ruiz
Mentor Leniqi
Rory Stephen Guidry
We also have an interesting malicious infrastructure discovery in the context of TA505, Darkode (hxxp://darkode.su; [email protected]) and the following portfolio of malicious domains.
hxxp://arculus.su
hxxp://bestsup.su
hxxp://abcstore.su
hxxp://usdcoin.su
hxxp://loads.su
hxxp://adsk.su
hxxp://newbond.su
hxxp://moserant.su
hxxp://huntersinternational.su
hxxp://exploit.su
hxxp://mazurax.su
hxxp://mocaverse.su
hxxp://firemarket.su
hxxp://accounts-login.su
hxxp://drkatzen.su
hxxp://zeebira.su
hxxp://fedex-tracking.su
hxxp://officesupportdoc.com
hxxp://amazon-security-deutschland-safer-certification-info.com
hxxp://aspendok.com
hxxp://trailandra.com
hxxp://flumenco.com
hxxp://agliesc.com
hxxp://technicalpreviews.com
hxxp://thipissney.com
hxxp://paalai.su
hxxp://portfolio-metamask.su
hxxp://allbridge.su
hxxp://manta.su
hxxp://commerzebank.net
hxxp://aerulonoured.su
hxxp://aswurdaes.su
hxxp://cerofixt.su
Related personally identifiable information on Matjaz Skorjanc – Iserdo – ButterFly Bot which was also a well known Darkode member:
hxxp://lizardstresser.su
hxxp://80.242.123.196
hxxp://142.11.230.18/b.php
Related ButterFly Bot personally identifiable email address accounts:
Related URL:
hxxp://bfsystems.net
hxxp://webmail.ngulesh.info
hxxp://voc.cash
hxxp://deepbluesecurity.nl
hxxp://threatforce.net
hxxp://erc20collector.com
hxxp://b2bradio.net
hxxp://intelhub.link
hxxp://albaname.com
hxxp://albahost.net
hxxp://albaname.net
hxxp://mpuq.net
hxxp://jbcine.com
hxxp://futboltele.com
hxxp://clinicablanco.com
hxxp://clinica-blanco.com
hxxp://tamiflux.net
*** This is a Security Bloggers Network syndicated blog from Dancho Danchev's Blog - Mind Streams of Information Security Knowledge authored by Dancho Danchev. Read the original post at: https://ddanchev.blogspot.com/2024/08/what-is-nassef-from-darkode-up-to.html