The power of OSINT and real-time OSINT which has been my methodology since December, 2005 when I originally launched this blog? Check out the following analysis courtesy of me which details in-depth who's behind the Conti Ransomware Gang and the Trickbot cybercrime enterprise using exclusively and entirely public sources of information in combination with my real-time OSINT methodology hence the results.
Sample XMPP and Jabber account IDs include:
It gets even better with the recent OFAC sanctions that also mention several interesting email address accounts:
It gets even more interesting when we dig a little bit deeper and find related domain registrations associated with these email address accounts.
For instance we have hxxp://baikal-tour.su which is a travel agency and hxxp://kurochkina.com which is Ekaterina Kurochkina who is a fashion photographer currently known as Valentina Ushenina currently a training instructor at the PortDeBras company where we have the same domains registered by a known individual on the Conti Ransomware Gang's sanctions list ([email protected]).
We also have a Google Play application (hxxp://play.google.com/store/apps/details?id=com.WSCards.RSP&&gl=US) that also points to (hxxp://finters.su) which stands for an international sports organization.
Personally identifiable information on Valentina Ushenina include:
Skype: valentinatigra
hxxp://vk.com/id3151577
Email: [email protected]; [email protected]
Sample photos of Valentina Ushenina include:
All known domains known to have been registered by [email protected] include:
hxxp://artfreegallery.us
hxxp://artfreegallery.com
hxxp://kurochkina.com
hxxp://s23.su
hxxp://baikal-tour.su
hxxp://finters.su
All known domains known to have been registered by [email protected] include:
hxxp://art-deko.biz
hxxp://serpwomanhealth.info
hxxp://avtofortuna.info
hxxp://knigodvor.info
hxxp://alkommet.com
hxxp://art-deko.info
Stay tuned!