Aggregator

Currently trending CVE - Hype Score: 11 - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to cause unexpected system termination or write kernel memory.

Currently trending CVE - Hype Score: 3 - Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.

Currently trending CVE - Hype Score: 7 - An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.  The exploit can only be conducted via a Man-In-The-Middle (MITM) attack.  This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 ...

Currently trending CVE - Hype Score: 17 - RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a ...

Dear blog readers,

In this post I'll provide actionable intelligence based on the research and analysis which I posted in my previous "Dissecting the RAMP (Russian Anonymous Marketplace) Ransomware Forum - An Analysis" blog post and will provide actionable intelligence on various domain portfolios manage and operated by members of the RAMP (Russian Anonymous Marketplace) forum with the idea to assist the security community and fellow researchers including U.S Law Enforcement on its way to properly track down and prosecute the individuals behind these communities.

Here's the actual compilation:

Source Entity Target Entity [email protected] nord-termo.site [email protected] nord-termo.space [email protected] nordtermo.space [email protected] nordtermo.website [email protected] 24hoursnews.co [email protected] dqhost.net [email protected] dqsolutions.info [email protected] mrn2003.ir [email protected] annerley.com.hk [email protected] memorials-usa.us [email protected] 1v4.cn [email protected] ckqlc.cn [email protected] astra-sport.com [email protected] euadult.com [email protected] lgtube.com [email protected] pornxvidios.com [email protected] qtrtube.com [email protected] torrentcloud.download [email protected] exfeg.com [email protected] ucofj.net [email protected] 3bed.dev [email protected] valeriobattagli.com [email protected] ww5.in [email protected] anonytor.cc [email protected] anonytor.com [email protected] ah18.su [email protected] blacksmm.su [email protected] esportalen.su [email protected] impfnachweis.su [email protected] leakshare.su [email protected] totalnutritions.us [email protected] ff979834.com [email protected] globalonlinelink.com [email protected] ulezcharge.co.uk [email protected] xe317970.com [email protected] xe317990.com [email protected] pietrodimaria.info [email protected] akstudios.fr [email protected] akzkidstore.com [email protected] us24work.us [email protected] zoomaps.us [email protected] mauadhotel.com.br [email protected] netdeep.com.br [email protected] vermelhorconsultoria.com.br [email protected] air-gouv.com [email protected] nelfllx-abonnement.com [email protected] nelfllx-abonnements.com [email protected] nelfllx-clients.com [email protected] parisclassenumerique.org [email protected] alarife.com [email protected] time2time.com.br [email protected] offllce365.com [email protected] aliooird.us [email protected] bazoinf.us [email protected] fatturapagamento.us [email protected] osdoiasda.us [email protected] pagamento.us [email protected] mira-orel.com [email protected] lactioncosmetique.com [email protected] mediatic.com [email protected] soin2beaute.com [email protected] westlaw-researches.com [email protected] westlaw-researchs.com [email protected] a-mark.us [email protected] photo4love.us [email protected] happyrainy.com [email protected] totalblacktv.com [email protected] elcrazyfrog.com [email protected] voidhere2023.com [email protected] dosette-douche.com [email protected] lebey.fr [email protected] purchaseprotection.us [email protected] cryptohedgefund.us [email protected] crystalwaveforge.com [email protected] disney-connexion.com [email protected] healthwiseadvantage.com [email protected] novarisinghorizon.com [email protected] dante110.pw [email protected] passwordverifys.com [email protected] huawei-oss.cn [email protected] cs2source.us [email protected] netflixverify.com [email protected] post-redelivery.com [email protected] redelivery-post.com [email protected] thiendaonet.us [email protected] derisiontest3.com [email protected] meutrackerr.com.br [email protected] ns-24.com [email protected] ns-365.com [email protected] darknet.ug [email protected] ebemlohov.ug [email protected] hrenzabanish.ug [email protected] legatopeople.lu [email protected] fastfire.org [email protected] confirm-post.com [email protected] elverdaderopetro.com [email protected] investigacionpetro.org [email protected] petristasarrepentidos.com [email protected] petroleaks.org [email protected] papa-john.space [email protected] kleinanzeneigen.vip [email protected] zksynk.us [email protected] adsfun.club [email protected] kampagne-tonline.com [email protected] 2b7e.org [email protected] gabrielebner.at [email protected] gebner.org [email protected] arshadplus.ir [email protected] paingamingteam.ir [email protected] badbank.com.br [email protected] disaster-assistance.us [email protected] iabor.us [email protected] laborscolorado.us [email protected] pa-gov.us [email protected] uia-michigan.us [email protected] boxes-win.com [email protected] versionstoreaccos.site [email protected] jobcool.fr [email protected] katelinajlowe.com [email protected] newsiteregistration.online [email protected] top5sitehotgirl.online [email protected] fruktshop.uz [email protected] usagrantsonline.com [email protected] loomclothing.in [email protected] fix7w.us [email protected] ccpvp.us [email protected] enbanking-bmi.net [email protected] tejarat-banek.net [email protected] tejarat-benk.net [email protected] online4-boa.com [email protected] onlinewells-connect.com [email protected] receive-mtb.com [email protected] visit01b0a.com [email protected] visit02b0a.com [email protected] matumba.xyz [email protected] carry-hotel.com [email protected] bsdfjsd.us [email protected] c4863ccd1070dd01d880667e578f85be.us [email protected] l6sz1.us [email protected] s6un.us [email protected] x5a4w.us [email protected] kembolle.com.br [email protected] ocomunitariomt.com.br [email protected] bostitch.su [email protected] dkgaminggear.com [email protected] abacuslab.us [email protected] muwop.us [email protected] oppastoppa.us [email protected] tigrislab.us [email protected] payload.su [email protected] windows-tech-support.su [email protected] lovebombi.ng [email protected] 3ds-site-com.online [email protected] lumenai.co.kr [email protected] manageupdates.com [email protected] techsavvy.pro [email protected] payksld.digital [email protected] payksld.world [email protected] clause.ws [email protected] marketsmix.com [email protected] zuchri.com [email protected] m3taki.com [email protected] twlttre.com [email protected] sockcon.us [email protected] araztm.in [email protected] araztm.ir [email protected] englishmatrix.ir [email protected] fcoin.ir [email protected] fta-tab.com [email protected] koroshcarpet.ir [email protected] shgypsum.com [email protected] cialis26.us [email protected] fitbudds.com [email protected] hyzaars.com [email protected] imitrex24.com [email protected] makino.info [email protected] slotwang.com [email protected] wholesalejerseysace.life [email protected] casino0777.us [email protected] goolg-e.com [email protected] hefaz-security.ir [email protected] vsec.ir [email protected] xn--arbnb-q81b.com [email protected] stopclock.eu [email protected] netfiix.org [email protected] hingeserver89.com [email protected] quotaflow.net [email protected] recovery-session.com [email protected] secure0web.icu [email protected] securei0.com [email protected] filever.info [email protected] filever.us [email protected] vnteg.com [email protected] 28team.org [email protected] oleolex98.com [email protected] contentcrux.us [email protected] guptacapitalgroup.us [email protected] midoceanpartners.us [email protected] motioncontentgroup.us [email protected] trevinoelectronics.us [email protected] etsoft.fr [email protected] nibifu-tijax.com [email protected] cryptoforexleads.pw [email protected] solutionsmanualpdf.space [email protected] sapport.co.in [email protected] sapport.in [email protected] sapport.nz [email protected] sapport.one [email protected] sapport.run [email protected] ccf-support.com [email protected] jepreis-euan.com.do [email protected] larsinatosabala-oeca.com.do [email protected] macomdue.com.do [email protected] r-8djjksz.com.do [email protected] changway.hk [email protected] www.changway.hk [email protected] dertyu.com [email protected] buxhianyi.com [email protected] reeves.su [email protected] serivice.com [email protected] dclofty.com [email protected] isecsecurity.com.br [email protected] ubje.com.br [email protected] m.talk.im [email protected] talk.im [email protected] escola.i9ead.com.br [email protected] i9ead.com.br [email protected] www.i9ead.com.br [email protected] uniccsh0p.mn [email protected] exchangersdirectory.com [email protected] sonyblueprint.com [email protected] uniselect.org [email protected] web-proserv.com [email protected] workblacks.com [email protected] caprocoin.pw [email protected] maxho.ru [email protected] tf6.ru [email protected] pgnewslot.net [email protected] vip.bookchestsolutions.com [email protected] vip.mdkprivatelawfirm.onyxprivseconline.com [email protected] vvip.phoenixpoststh.com [email protected] vvip.tynoxthailand.com [email protected] bet0b3n.com [email protected] creativefeed.fr [email protected] madebycf.com [email protected] i-kusbpartner.com [email protected] moa-consolidation.co.kr [email protected] readyon.xyz [email protected] sline-sblack.co.kr [email protected] alyar.ir [email protected] bigmall.ir [email protected] tuur724.com [email protected] vcons.ir [email protected] webcourses.ir [email protected] muhafazakar-otel.com.tr [email protected] otel-extra.com.tr [email protected] otelextra.com.tr [email protected] businessonbelgrademn.us [email protected] casadepazcolorado.us [email protected] lelandscholarship.us [email protected] palospowersoftball.us [email protected] pottersangelsrescue.us [email protected] au-applepay-recover.com [email protected] re-register-netcode.com [email protected] redeliver-sendle.com [email protected] reschedule-nz-post.com [email protected] reschedule-nzpost-delivery.com [email protected] excellentscore.at [email protected] ufa24h.us [email protected] sunthar.tech [email protected] chatgptdwnl.online [email protected] citrxapps.online [email protected] ctrxapps.online [email protected] shrafdg.online [email protected] vpnvpn.gives [email protected] durakplay.com [email protected] xlsmmdhla1.in [email protected] agtrbd.cn [email protected] amazom.org.cn [email protected] pasargadplast.org.cn [email protected] r2b3y.cn [email protected] vnbqwkz.cn [email protected] user-acces.com [email protected] opalormint.online [email protected] kudoswindows.co.uk [email protected] yn588.com [email protected] ophtalmologiste-annecy.fr [email protected] oxygenvision.fr [email protected] lucky7football.us [email protected] xshow.tv [email protected] xbcsupport.us [email protected] baao.com [email protected] ttfx.org [email protected] electreum.co.com [email protected] androidstreet.net

The post A Domains Portfolio Belonging to RAMP (Russian Anonymous Marketplace) Forum Members – A Compilation appeared first on Security Boulevard.

Dear blog readers,

In this post I'll provide actionable intelligence on all the BitCoin wallet addresses from the RAMP (Russian Anonymous Marketplace) forum members with the idea to assist the security community fellow researchers and U.S Law Enforcement on its way to properly track down and prosecute the individuals behind these campaigns.

Here's the compilation:

 
bc1q0hv5p5gygrqqahj7ds8ssk2kajykjz5rxmspj6 | User: admin | Source: DM ID 4984 (Conv 1298)
bc1q0nrnvcqlty00ymr9c6qxvchdyr0w95px5rhtdk | User: admin | Source: DM ID 5151 (Conv 308)
bc1q3z6fsegsq79k2lcsgkwrez6tcwsvq2uylewp8s | User: Support | Source: DM ID 833 (Conv 172)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq | User: Mafia | Source: DM ID 723 (Conv 158)
bc1q87akg05wjnfmxwyj6j6ars9c0q0va6m0xu68xe | User: tyman | Source: Post ID 3604 (Thread 61)
bc1q8y97gq3apqsmfr808lhcj3uggujcd7786cpfau | User: N0_Esc4pe | Source: DM ID 5920 (Conv 1533)
bc1q9jvaemgc9262g0lzpsx0ke7z0lpj7yvpl6hfmv | User: Stallman | Source: DM ID 981 (Conv 189)
bc1qa4s3zlrdrjs9a5rjlveswzj0e7c37ptl4aqluf | User: admin | Source: DM ID 6016 (Conv 1316)
bc1qavkc796mfrrvsyjenvx8ef5xzn6zlrufv4rd7c | User: el84 | Source: DM ID 5087 (Conv 1328)
bc1qc2k5hhz5y53ppxyl2n5yhhz2pju3pqnnpn3h3w | User: RATNICK | Source: DM ID 6401 (Conv 1670)
bc1qcvh05dvca25k56k9nclpnq56h9x427fvmcdshy | User: Mafia | Source: DM ID 841 (Conv 158)
bc1qfz6jesmux9qps5svlnnk87z86vdnp4l5qqu98s | User: admin | Source: DM ID 6943 (Conv 1298)
bc1qg6cc8dmcvqqpvjz99hsjyt58rzccvtdn8hevr8 | User: admin | Source: DM ID 7167 (Conv 1830)
bc1qgfsvtpuaaf86zsrcnmhckjk6dv3a9mul9dveve | User: tyman | Source: Post ID 3604 (Thread 61)
bc1qjneykg4m2hctafyp9tr05mld2m2tn8rjaycze7 | User: Nero | Source: DM ID 4701 (Conv 1219)
bc1qjqugxy6agwujvtyqs5ht8h70cgsf296ekc0ez6 | User: eloncrypto | Source: DM ID 6980 (Conv 1802)
bc1qjvclt6q7d56t4uxhn7u0xhtcp0ef4kjmc4zzjf | User: admin | Source: DM ID 5040 (Conv 1316)
bc1qk3rh7c0h5pv02rluscjnyrce6kv0n5hv8neaxw | User: CheckZilla | Source: DM ID 2274 (Conv 308)
bc1qlkltuywcqs03wxu46elh6w2d5e0fvsdw4ddcfd | User: admin | Source: DM ID 4066 (Conv 1065)
bc1qllt6vt3zxuclfwng3wfy7grk8kf4rt89cyc5l5 | User: admin | Source: DM ID 6944 (Conv 1781)
bc1qm4kc76vckhdu5xp54natj3fd72wwujl6j9fa3q | User: Krendel | Source: DM ID 6065 (Conv 1590)
bc1qm6snul7z4lkyxvdlu9uavfzrnfqpxern6w42tj | User: Krendel | Source: DM ID 6070 (Conv 1590)
bc1qmczxy6qsm80xfkl9f24xqtr0d5d0fpwzy4s3t5 | User: hotri | Source: DM ID 3710 (Conv 928)
bc1qmmc7mps82elp6q78d8xc2u8wk0gwnqjcftk3tt | User: vAz | Source: DM ID 4673 (Conv 1207)
bc1qp9c26z9cw3qqfy0fx32kl598dnknx7wf3ck3te | User: admin | Source: DM ID 2699 (Conv 308)
bc1qpjftnrmahzc8cjs23snk2rq0vt6l0ehu4gqxus | User: Nowheretogo | Source: Post ID 3645 (Thread 717)
bc1qqt6jjknwe48wc8ewt0nywj7usl30uz4gdxux5w | User: spyboy | Source: DM ID 4155 (Conv 1082)
bc1qsdlnkkk9tpp6fe89ntdwk6hxqvf6ydmjj8lpkr | User: el84 | Source: DM ID 5520 (Conv 1456)
bc1qtzejuulhpsjfghz5q2a9h4vptfd4h5n008m5js | User: admin | Source: DM ID 5206 (Conv 1350)
bc1quuwkwzrpuwnyzt9tjqpt2u0sunqyxrrrua5x6l | User: admin | Source: DM ID 1000 (Conv 170)
bc1qvt60ku3zumfjljqy3nyxq4xrkncfekze8au3y2 | User: admin | Source: DM ID 2621 (Conv 668)
bc1qwgswrxaxxkme88zy7ydvpx43pmca6mqy7sh7q7 | User: admin | Source: DM ID 5363 (Conv 1396)
bc1qx2ptp5rtru0745as8lxaqhmymxu82mz5zw3kn9 | User: boxi | Source: Post ID 3309 (Thread 612)
bc1qxzu4esrm69tucfrpm22nm0s6yt74vysp0qsgzh | User: admin | Source: DM ID 2542 (Conv 633)
bc1qy0gz9dhhck0nwg2nm5feeufczjms7m0vyvsmss | User: tyman | Source: Post ID 3604 (Thread 61)

Related BitCoin wallet addresses for RAMP Ransomware Forum:

Wallet Address     Crypto Type     User     Source Location
39WorQNB1BR6oEJQVvVRPrEqn3U1mvLRCS     Bitcoin (Legacy/P2SH)     Nero     DM ID 4610 (Conv 1168)
3JMkKMnoYW1r1vWMrkKmjHmb1tPfZMajcm     Bitcoin (Legacy/P2SH)     Nowheretogo     Post ID 3063 (Thread 545)
1Fzdh15YCAc97Q148VQgLCZYNqoxvp5xKh     Bitcoin (Legacy/P2SH)     Nowheretogo     Post ID 5159 (Thread 1095)
1DLYfCoRJgyWodjaVm13D43x9ViyiWrvbM     Bitcoin (Legacy/P2SH)     RATNICK     DM ID 7483 (Conv 1813)
1Bc4NkmoQb7a5eA1M2PCChFre8AcETyUBC     Bitcoin (Legacy/P2SH)     Stallman     DM ID 867 (Conv 158)
19g7mbR9d6uGUyFPewV1oMz28ciEFdhXQm     Bitcoin (Legacy/P2SH)     Stallman     DM ID 981 (Conv 189)
19g7mbR9d6uGUyFPewV1oMz28ciEFdhXQm     Bitcoin (Legacy/P2SH)     Stallman     DM ID 982 (Conv 190)
1EBZrrGtXA5kcf88CC1RhzsZKWe2CioWVy     Bitcoin (Legacy/P2SH)     Vism     DM ID 581 (Conv 128)
19g7mbR9d6uGUyFPewV1oMz28ciEFdhXQm     Bitcoin (Legacy/P2SH)     Whop-Whop     DM ID 978 (Conv 189)
14A7TFD5v2M6QGQZM7yqz7F9wDQEh7FqzM     Bitcoin (Legacy/P2SH)     cocacola     DM ID 7359 (Conv 1875)
1EiyWbX9F9YP1SMuSYc3ZsYK1cV4jkodo     Bitcoin (Legacy/P2SH)     cocacola     DM ID 7359 (Conv 1875)
1GQcCAPhzQCxcNA3f5RX89NLMjVaMEi16m     Bitcoin (Legacy/P2SH)     el84     DM ID 3283 (Conv 832)
1Bc4NkmoQb7a5eA1M2PCChFre8AcETyUBC     Bitcoin (Legacy/P2SH)     johndoe     DM ID 844 (Conv 158)
13mpQcVR35pddrdT8YkKyrDiRgou1imhGe     Bitcoin (Legacy/P2SH)     tyman     Post ID 3604 (Thread 61)
19iqYbeATe4RxghQZJnYVFU4mjUUu76EA6     Bitcoin (Legacy/P2SH)     tyman     Post ID 3604 (Thread 61)
1C7msoqUG6GKPuAxg84FWtxGFRH68YiXkJ     Bitcoin (Legacy/P2SH)     tyman     Post ID 3604 (Thread 61)
1JuhgScB7ikMPudVm7PfdMNEzjmoNz9G49     Bitcoin (Legacy/P2SH)     tyman     Post ID 3604 (Thread 61)
16yQbH8hXxSZNASr2ntW21qQewcRgEJf9R     Bitcoin (Legacy/P2SH)     ☠xrahitel☠     DM ID 7401 (Conv 1247)
bc1qk3rh7c0h5pv02rluscjnyrce6kv0n5hv8neaxw     Bitcoin (SegWit)     CheckZilla     DM ID 2274 (Conv 308)
bc1qm4kc76vckhdu5xp54natj3fd72wwujl6j9fa3q     Bitcoin (SegWit)     Krendel     DM ID 6065 (Conv 1590)
bc1qm6snul7z4lkyxvdlu9uavfzrnfqpxern6w42tj     Bitcoin (SegWit)     Krendel     DM ID 6070 (Conv 1590)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq     Bitcoin (SegWit)     Mafia     DM ID 723 (Conv 158)
bc1qcvh05dvca25k56k9nclpnq56h9x427fvmcdshy     Bitcoin (SegWit)     Mafia     DM ID 841 (Conv 158)
bc1q8y97gq3apqsmfr808lhcj3uggujcd7786cpfau     Bitcoin (SegWit)     N0_Esc4pe     DM ID 5920 (Conv 1533)
bc1qjneykg4m2hctafyp9tr05mld2m2tn8rjaycze7     Bitcoin (SegWit)     Nero     DM ID 4701 (Conv 1219)
bc1qjneykg4m2hctafyp9tr05mld2m2tn8rjaycze7     Bitcoin (SegWit)     Nero     DM ID 4841 (Conv 1258)
bc1qjneykg4m2hctafyp9tr05mld2m2tn8rjaycze7     Bitcoin (SegWit)     Nero     DM ID 4842 (Conv 1260)
bc1qpjftnrmahzc8cjs23snk2rq0vt6l0ehu4gqxus     Bitcoin (SegWit)     Nowheretogo     Post ID 3645 (Thread 717)
bc1qc2k5hhz5y53ppxyl2n5yhhz2pju3pqnnpn3h3w     Bitcoin (SegWit)     RATNICK     DM ID 6401 (Conv 1670)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq     Bitcoin (SegWit)     Stallman     DM ID 696 (Conv 158)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq     Bitcoin (SegWit)     Stallman     DM ID 717 (Conv 158)
bc1qcvh05dvca25k56k9nclpnq56h9x427fvmcdshy     Bitcoin (SegWit)     Stallman     DM ID 867 (Conv 158)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq     Bitcoin (SegWit)     Stallman     DM ID 918 (Conv 189)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq     Bitcoin (SegWit)     Stallman     DM ID 919 (Conv 190)
bc1q9jvaemgc9262g0lzpsx0ke7z0lpj7yvpl6hfmv     Bitcoin (SegWit)     Stallman     DM ID 981 (Conv 189)
bc1q9jvaemgc9262g0lzpsx0ke7z0lpj7yvpl6hfmv     Bitcoin (SegWit)     Stallman     DM ID 982 (Conv 190)
bc1q3z6fsegsq79k2lcsgkwrez6tcwsvq2uylewp8s     Bitcoin (SegWit)     Support     DM ID 833 (Conv 172)
bc1quuwkwzrpuwnyzt9tjqpt2u0sunqyxrrrua5x6l     Bitcoin (SegWit)     admin     DM ID 1000 (Conv 170)
bc1qk3rh7c0h5pv02rluscjnyrce6kv0n5hv8neaxw     Bitcoin (SegWit)     admin     DM ID 1613 (Conv 308)
bc1qk3rh7c0h5pv02rluscjnyrce6kv0n5hv8neaxw     Bitcoin (SegWit)     admin     DM ID 2268 (Conv 308)
bc1qxzu4esrm69tucfrpm22nm0s6yt74vysp0qsgzh     Bitcoin (SegWit)     admin     DM ID 2542 (Conv 633)
bc1qvt60ku3zumfjljqy3nyxq4xrkncfekze8au3y2     Bitcoin (SegWit)     admin     DM ID 2621 (Conv 668)
bc1qxzu4esrm69tucfrpm22nm0s6yt74vysp0qsgzh     Bitcoin (SegWit)     admin     DM ID 2647 (Conv 656)
bc1qp9c26z9cw3qqfy0fx32kl598dnknx7wf3ck3te     Bitcoin (SegWit)     admin     DM ID 2699 (Conv 308)
bc1qp9c26z9cw3qqfy0fx32kl598dnknx7wf3ck3te     Bitcoin (SegWit)     admin     DM ID 2727 (Conv 308)
bc1qlkltuywcqs03wxu46elh6w2d5e0fvsdw4ddcfd     Bitcoin (SegWit)     admin     DM ID 4066 (Conv 1065)
bc1q0hv5p5gygrqqahj7ds8ssk2kajykjz5rxmspj6     Bitcoin (SegWit)     admin     DM ID 4984 (Conv 1298)
bc1qjvclt6q7d56t4uxhn7u0xhtcp0ef4kjmc4zzjf     Bitcoin (SegWit)     admin     DM ID 5040 (Conv 1316)
bc1q0hv5p5gygrqqahj7ds8ssk2kajykjz5rxmspj6     Bitcoin (SegWit)     admin     DM ID 5105 (Conv 1298)
bc1q0nrnvcqlty00ymr9c6qxvchdyr0w95px5rhtdk     Bitcoin (SegWit)     admin     DM ID 5151 (Conv 308)
bc1qtzejuulhpsjfghz5q2a9h4vptfd4h5n008m5js     Bitcoin (SegWit)     admin     DM ID 5206 (Conv 1350)
bc1qwgswrxaxxkme88zy7ydvpx43pmca6mqy7sh7q7     Bitcoin (SegWit)     admin     DM ID 5363 (Conv 1396)
bc1qa4s3zlrdrjs9a5rjlveswzj0e7c37ptl4aqluf     Bitcoin (SegWit)     admin     DM ID 6016 (Conv 1316)
bc1qfz6jesmux9qps5svlnnk87z86vdnp4l5qqu98s     Bitcoin (SegWit)     admin     DM ID 6943 (Conv 1298)
bc1qllt6vt3zxuclfwng3wfy7grk8kf4rt89cyc5l5     Bitcoin (SegWit)     admin     DM ID 6944 (Conv 1781)
bc1qllt6vt3zxuclfwng3wfy7grk8kf4rt89cyc5l5     Bitcoin (SegWit)     admin     DM ID 6945 (Conv 1802)
bc1qg6cc8dmcvqqpvjz99hsjyt58rzccvtdn8hevr8     Bitcoin (SegWit)     admin     DM ID 7167 (Conv 1830)
bc1qx2ptp5rtru0745as8lxaqhmymxu82mz5zw3kn9     Bitcoin (SegWit)     boxi     Post ID 3309 (Thread 612)
bc1qavkc796mfrrvsyjenvx8ef5xzn6zlrufv4rd7c     Bitcoin (SegWit)     el84     DM ID 5087 (Conv 1328)
bc1qsdlnkkk9tpp6fe89ntdwk6hxqvf6ydmjj8lpkr     Bitcoin (SegWit)     el84     DM ID 5520 (Conv 1456)
bc1qsdlnkkk9tpp6fe89ntdwk6hxqvf6ydmjj8lpkr     Bitcoin (SegWit)     el84     DM ID 5540 (Conv 1460)
bc1q9jvaemgc9262g0lzpsx0ke7z0lpj7yvpl6hfmv     Bitcoin (SegWit)     eliotto     DM ID 922 (Conv 190)
bc1qm6snul7z4lkyxvdlu9uavfzrnfqpxern6w42tj     Bitcoin (SegWit)     ellisjDG     DM ID 6084 (Conv 1590)
bc1qllt6vt3zxuclfwng3wfy7grk8kf4rt89cyc5l5     Bitcoin (SegWit)     eloncrypto     DM ID 6952 (Conv 1782)
bc1qjqugxy6agwujvtyqs5ht8h70cgsf296ekc0ez6     Bitcoin (SegWit)     eloncrypto     DM ID 6980 (Conv 1802)
bc1qmczxy6qsm80xfkl9f24xqtr0d5d0fpwzy4s3t5     Bitcoin (SegWit)     hotri     DM ID 3710 (Conv 928)
bc1qx2ptp5rtru0745as8lxaqhmymxu82mz5zw3kn9     Bitcoin (SegWit)     michael     Post ID 3311 (Thread 612)
bc1q0hv5p5gygrqqahj7ds8ssk2kajykjz5rxmspj6     Bitcoin (SegWit)     o1oo1     DM ID 5104 (Conv 1298)
bc1qqt6jjknwe48wc8ewt0nywj7usl30uz4gdxux5w     Bitcoin (SegWit)     spyboy     DM ID 4155 (Conv 1082)
bc1q87akg05wjnfmxwyj6j6ars9c0q0va6m0xu68xe     Bitcoin (SegWit)     tyman     Post ID 3604 (Thread 61)
bc1qgfsvtpuaaf86zsrcnmhckjk6dv3a9mul9dveve     Bitcoin (SegWit)     tyman     Post ID 3604 (Thread 61)
bc1qy0gz9dhhck0nwg2nm5feeufczjms7m0vyvsmss     Bitcoin (SegWit)     tyman     Post ID 3604 (Thread 61)

The post A Compilation of BitCoin Wallet Addresses from the RAMP (Russian Anonymous Marketplace) Forum Members – A Compilation appeared first on Security Boulevard.

Dear blog readers,

 Continuing the "When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com - Part Two" blog post series in this post I'll continue analyzing the next malicious software binary which I obtained by data mining Conti Leaks with a lot of success. 

The actual malicious software binary location URL:

hxxp://shighil.com/dl2.exe

MD5: c2055b7fbaa041d9f68b9d5df9b45edd
SHA-1: e4bd443bd4ce9029290dcd4bb47cb1a01f3b1b06
SHA-256: 342f04c4720590c40d24078d46d9b19d8175565f0af460598171d58f5ffc48f3

Here's the actual analysis.

Executive Summary

dl2.exe is a Windows x86_64 PE executable (849.5 KB) exhibiting characteristics consistent with malicious software. The binary demonstrates sophisticated capabilities including registry manipulation, dynamic API resolution, file system operations, and system information gathering. Analysis identified multiple high-risk behaviors typical of malware, particularly around persistence mechanisms and anti-analysis techniques.

Key Findings Critical Capabilities (High Severity)

1. Registry Manipulation

• Functions: sub_419118, sub_419228, sub_419198, sub_4192e8, sub_4193c4, sub_40da8c, sub_422ef4, sub_418ffc
• APIs Used: RegOpenKeyA, RegSetValue, RegCreateKey, RegQueryValue
• Registry Keys Accessed:
  • Software\Microsoft\Windows\CurrentVersion
  • RestrictRun and NoRun keys (policy restriction keys)
• Risk: High - Can modify system configuration and establish persistence

2. Dynamic API Resolution

• Function: sub_40b868 (0x40b868)
• APIs Used: GetProcAddress, LoadLibrary, GetModuleHandle
• Risk: High - Common evasion technique to bypass static analysis and API monitoring
• Details: Dynamically resolves function addresses at runtime, making static detection more difficult

Medium Severity Capabilities

3. File System Operations

• Functions: sub_423718, sub_4228a4, sub_423360, sub_41aeec
• APIs Used: CreateFile, DeleteFile, MoveFile, CopyFile, FindFirstFile, FindNextFile, GetFileAttributes
• Risk: Medium - Can manipulate files on the system

4. System Information Gathering

• Functions: sub_4542b0, sub_40f0ac, sub_46df44, sub_46d3bc
• APIs Used: GetVersionExA, GetSystemInfo, GetComputerName, GetUserName
• Risk: Medium - Fingerprints the system, likely for profiling or anti-VM checks

5. Memory Manipulation

• Functions: sub_4540e0, sub_453df0, sub_453d10, sub_453b50
• APIs Used: VirtualAlloc, VirtualProtect, HeapAlloc, HeapFree
• Risk: Medium - Can change memory protection flags, potentially indicating code injection or unpacking behavior

6. Mutex Creation

• Function: sub_46be50 (0x46be50)
• API Used: CreateMutex
• Risk: Medium - Commonly used for single-instance enforcement in malware

Security Features (Informational)

7. Stack Protection Mechanisms

• Stack Cookie Initialization (sub_45ca90 at 0x45ca90): Uses multiple entropy sources (GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter) to generate stack cookies
• Stack Guard Pages (sub_4540e0 at 0x4540e0): Implements guard pages using VirtualQuery, VirtualAlloc, and VirtualProtect

Notable Observations

• Entry Point: 0x4545a0 (_start)
• Main Function: 0x46d9f4 (jumps to 0x46da1c)
• Imported Libraries: ADVAPI32.dll, GDI32.dll, KERNEL32.dll, OLEAUT32.dll, SHELL32.dll, SHLWAPI.dll, USER32.dll, WINSPOOL.DRV, comdlg32.dll, ole32.dll, oledlg.dll
• Total Functions Identified: 2,616
• No Network APIs Detected: No direct socket, HTTP, or network communication APIs were found in the analyzed functions (analysis incomplete)
• No Obvious Encryption Strings: No strings matching common encryption algorithm names were found

Malware Classification

Based on identified capabilities, this binary exhibits behaviors consistent with:

• System modification malware (registry manipulation, file operations)
• Information stealer (system information gathering)
• Potentially a dropper/loader (dynamic API resolution, memory manipulation)

Critical Malicious Capabilities Identified

1. Windows Policy Restriction Manipulation (HIGH SEVERITY)

The binary targets multiple Windows policy registry keys designed to restrict user actions:

Registry Keys Targeted:

• Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • NoRun - Prevents running programs via Run dialog
  • RestrictRun - Restricts which programs can execute
  • NoDrives - Hides/restricts drive access
  • NoNetConnectDisconnect - Prevents network connections/disconnections
  • NoRecentDocsHistory - Disables recent documents
  • NoClose - Prevents closing windows
• Software\Microsoft\Windows\CurrentVersion\Policies\Network
  • NoEntireNetwork - Restricts network browsing
• Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
  • Common dialog restrictions

Functions Involved:

• sub_419228 (0x419228) - Writes DWORD registry values
• sub_4192e8 (0x4192e8) - Writes/deletes registry string values and keys
• sub_419198 (0x419198) - Reads registry integer values
• sub_4193c4 (0x4193c4) - Reads registry string values
• sub_419118 (0x419118) - Opens registry keys
• sub_40b0d4 (0x40b0d4) - Saves settings to registry
• sub_432610 (0x432610) - Batch registry operations

2. Console Output Manipulation

• sub_46be50 (0x46be50) - Opens CONOUT$ device handle, likely for output redirection or hiding console output

3. Persistence & Configuration

The binary uses both registry and INI file storage for configuration, with registry taking precedence. This dual-storage approach suggests:

• Fallback mechanisms for different environments
• Ability to persist settings across system changes

Summary of Malicious Findings

This binary is highly malicious with the following critical behaviors:

Primary Threat: System Restriction Malware

The binary manipulates Windows Group Policy registry keys to:

• Disable the Run dialog (NoRun)
• Restrict program execution (RestrictRun)
• Hide/disable drives (NoDrives)
• Prevent network operations (NoNetConnectDisconnect, NoEntireNetwork)
• Disable system features (NoClose, NoRecentDocsHistory)

This behavior is characteristic of ransomware preparation, system lockers, or destructive malware that prevents users from:

• Running recovery tools
• Accessing safe mode
• Using system utilities
• Connecting to networks for help

Additional Malicious Capabilities:

1. Dynamic API resolution - Evades static analysis
2. Dual persistence - Registry + INI file storage
3. Console manipulation - Hides output/errors
4. File system operations - Can modify/delete files
5. Memory manipulation - Can inject code or unpack payloads
6. System fingerprinting - Profiles victim environment

The post When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Three appeared first on Security Boulevard.

Ключи от всех замков лежат прямо на виду.

Name: Redfox CTF 2026 (an Redfox CTF event.)
Date: March 21, 2026, 12:30 p.m. — 22 March 2026, 12:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Location: Online
Offical URL: https://academy.redfoxsec.com/course/redfox-ctf-85076
Rating weight: 0.00
Event organizers: redfoxteam

A vulnerability has been found in WWBN AVideo up to 25.x and classified as critical. Impacted is the function unlink of the file plugin/CloneSite/cloneServer.json.php. Performing a manipulation of the argument deleteDump results in path traversal. This vulnerability is reported as CVE-2026-33293. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Ftpshell FTP Shell Server 6.83. This issue affects some unknown processing of the component Manage FTP Accounts Dialog. Such manipulation of the argument account name leads to out-of-bounds write. This vulnerability is documented as CVE-2019-25619. The attack needs to be performed locally. Additionally, an exploit exists.

A vulnerability, which was classified as problematic, has been found in Audiotool Ease Audio Converter 5.30. This vulnerability affects unknown code of the component Audio Cutter Interface. This manipulation causes denial of service. This vulnerability is registered as CVE-2019-25617. The attack needs to be launched locally. Furthermore, an exploit is available.

A vulnerability classified as problematic was found in Ddz1977 AnMing MP3 CD Burner 2.0. This affects an unknown part of the component Registration Handler. The manipulation of the argument registration name results in denial of service. This vulnerability is cataloged as CVE-2019-25616. The attack must be initiated from a local position. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Admin-Express AdminExpress 1.2.5.485. Affected by this issue is some unknown functionality of the component System Compare Feature. The manipulation leads to out-of-bounds write. This vulnerability is listed as CVE-2019-25612. The attack must be carried out locally. In addition, an exploit is available.

A vulnerability described as critical has been identified in Jetaudio jetCast Server 2.0. Affected by this vulnerability is an unknown functionality. Executing a manipulation of the argument Log Directory can lead to out-of-bounds write. This vulnerability is tracked as CVE-2019-25609. The attack is restricted to local execution. Moreover, an exploit is present.

A vulnerability marked as problematic has been reported in Admin-Express AdminExpress 1.2.5.485. Affected is the function comparison of the component System Compare Feature. Performing a manipulation of the argument Folder Path results in file inclusion. This vulnerability is identified as CVE-2019-25618. The attack is only possible with local access. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in Lavavo CD Ripper 4.20. This impacts an unknown function. Such manipulation of the argument License Activation Name leads to out-of-bounds write. This vulnerability is referenced as CVE-2019-25615. The attack can only be performed from a local environment. Furthermore, an exploit is available.

A vulnerability identified as critical has been detected in WWBN AVideo up to 25.x. This affects the function uploadVideoToLinkedIn of the component SocialMediaPublisher Plugin. This manipulation causes os command injection. The identification of this vulnerability is CVE-2026-33319. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in skyqinsc MiniFtp 128. The impacted element is the function parseconf_load_setting of the file miniftpd.conf of the component Setting Handler. The manipulation results in out-of-bounds write. This vulnerability was named CVE-2019-25611. The attack needs to be approached locally. In addition, an exploit is available.

A vulnerability was found in Iperius Backup 6.1.0. It has been rated as critical. The affected element is an unknown function of the component Service. The manipulation leads to .net misconfiguration: use of impersonation. This vulnerability is uniquely identified as CVE-2019-25608. Local access is required to approach this attack. Moreover, an exploit is present.