Historical OSINT – Newly Launched Koobface Themed Campaign Spotted in the Wild

Related malicious URLs known to have participated in the campaign:

Once executed a sample malware phones back to a well known command and control server IPs:
hxxp:// GET /install.php?id=02979

Parked at the same IP where crusade affiliates are were more scareware domains. Meanwhile, the Koobface gang is currently busy typosquatting my name for registering domains (Rancho Ranchev; Pancho Panchev) for instance hxxp://mayernews.com – Email: 1andruh.a1@gmail.com is registered using Danchev Danch.

Leave a Reply

Your email address will not be published. Required fields are marked *

Unit-123.org E-shop Owner Information

Who is Dancho Danchev?


Focused on delivering daily batches of personally-produced never-ending supply of high-quality and never-published and released before classified and sensitive Intelligence Deliverables.

Latest Products