Dear blog readers,
I’ve decided to take a deeper look inside the currently ongoing cyber war between Russia and Ukraine and I’ve decided to provide actionable intelligence on the online whereabouts and actual campaign infrastructure behind the currently ongoing campaigns which appear to be several crowd-sourced campaigns which I profiled including various other modest engagement “touch points” courtesy of international hacktivists.
In this analysis I’ll offer practical and relevant OSINT analysis on the current state of the Russia and Ukraine cyber war with the idea to provide actionable intelligence on the current state of the Russia and Ukraine cyber war conflict.
Sample screenshots related to the current Russian and Ukraine cyber attack conflict include:
Related URLs related to the current Russian and Ukraine cyber war conflict include:
hxxp://discord.com/invite/thecollective
hxxp://anonfiles.com/tfn6obK8x3/RussiaC2Ips_rtf
Related IPs in terms of the current Russia and Ukraine cyber war conflict include:
hxxp://45.172.153.157
hxxp://95.72.229.228
hxxp://116.48.6.22
hxxp://93.78.227.241
hxxp://156.196.39.62
hxxp://195.54.32.233
hxxp://94.232.41.25
hxxp://176.36.43.143
hxxp://178.142.234.157
hxxp://1.171.52.214
hxxp://176.215.112.46
hxxp://185.232.52.57
hxxp://185.232.52.58
hxxp://185.232.52.61
hxxp://46.71.177.89
hxxp://223.73.222.57
hxxp://5.62.18.39
hxxp://178.234.185.46
hxxp://182.241.22.226
hxxp://116.53.131.2
hxxp://36.69.111.152
hxxp://223.74.98.96
hxxp://46.139.233.68
hxxp://36.235.174.97
hxxp://172.111.174.34
hxxp://93.77.233.7
hxxp://95.179.118.246
hxxp://58.122.6.83
hxxp://37.145.11.91
hxxp://123.241.134.221
hxxp://5.62.18.69
hxxp://171.237.152.152
hxxp://179.167.135.167
hxxp://178.92.217.43
hxxp://178.234.135.45
hxxp://118.122.62.35
hxxp://151.229.238.54
hxxp://95.179.51.19
hxxp://222.129.32.66
hxxp://52.1.171.25
hxxp://77.123.14.31
hxxp://96.43.128.122
hxxp://178.234.151.11
hxxp://31.148.137.194
hxxp://176.194.178.116
hxxp://81.138.39.164
hxxp://194.61.3.231
hxxp://183.14.135.158
hxxp://178.234.164.25
hxxp://185.213.155.177
hxxp://45.142.122.175
hxxp://178.76.229.77
hxxp://31.41.59.36
hxxp://14.17.76.222
hxxp://124.31.48.7
hxxp://45.161.5.37
hxxp://114.99.165.252
hxxp://175.39.55.181
hxxp://183.89.78.52
hxxp://31.163.222.244
hxxp://82.117.228.138
hxxp://123.169.34.26
hxxp://217.65.247.127
hxxp://95.125.174.122
hxxp://36.225.248.175
hxxp://59.35.94.99
hxxp://59.41.146.98
hxxp://178.234.135.119
hxxp://31.23.226.15
hxxp://61.28.235.31
hxxp://118.249.53.26
hxxp://95.211.175.153
hxxp://34.147.27.244
hxxp://119.51.188.61
hxxp://122.171.125.4
hxxp://3.235.22.33
hxxp://3.87.118.74
hxxp://44.192.75.28
hxxp://34.229.139.87
hxxp://3.87.8.122
hxxp://18.234.48.172
hxxp://77.247.126.247
hxxp://189.245.78.26
hxxp://3.83.128.229
hxxp://3.238.153.156
hxxp://35.169.117.73
hxxp://54.164.168.12
hxxp://3.236.23.185
hxxp://3.92.178.45
hxxp://31.41.61.158
hxxp://35.173.35.155
Related web site defacements in terms of the current Russia and Ukraine cyber war include:
hxxp://glamourfashionshop.gr/Father.htm
hxxp://kavoshouse.com/Father.htm
hxxp://oceantrustltd.com/Father.htm
hxxp://azka.sa/xD.html
hxxp://bamaroof.co/xD.html
hxxp://alsalmi.com.sa/xD.html
Related leak URLs in terms of the current Russia and Ukraine cyber war include:
hxxp://mega.nz/file/U3JAGRKL#fvwxJOQgODvHTKK37d5vaU3eCi8E3B5atDe1fXu_Zjs
hxxp://drive.google.com/file/d/1zunU7atu3ahkT2wT2P-RzhTW3FgcrCnA/view
Related URls part of the campaign:
hxxp://ghostbin.com/ybHqw/barbby
Related URls for Ukraine’s IT ARMY of Ukraine:
hxxp://t.me/s/itarmyofukraine2022
hxxp://www.youtube.com/channel/UCEh2uMjzAMgznh4U5bnl6Ag
Email: itarmyua@gmail.com
Sample DDoS and DoS Tools part of the campaign:
hxxp://uatechpower.slack.com/
hxxp://drive.google.com/file/d/1SWlNHUeCDN9Hn7cOu0v533lm4MR7AdUd/view
MD5: 9805b0891351cd760012ce02d738dc63
Once executed the sample photos back to the following C&C server URL:
hxxp://107.191.47.116 – test.creativeagency.online – Email: jan.busz@wp.pl
Related known domain registrations by the same individual that registered the original C&C server domain:
hxxp://trojmiasto.online
hxxp://findapartment.online
hxxp://rentflats.online
hxxp://cheapflats.online
hxxp://3city.online
hxxp://findcars.online
hxxp://learnprogramming.online
hxxp://microflats.online
hxxp://findflat.online
hxxp://findflats.online
hxxp://findapartments.online
hxxp://mietpreisspiegel.online
hxxp://globalstock.online
hxxp://globalmarket.online
hxxp://qrtovc.com
hxxp://qr2vc.com
hxxp://karibou.net
hxxp://mininghost.online
hxxp://ssddrives.online
hxxp://blockchainserver.online
hxxp://herkules.online
hxxp://bestevents.online
hxxp://feiern.online
hxxp://goettingen.online
hxxp://ssdhost.online
hxxp://ssddrive.online
hxxp://ssdcloud.online
hxxp://wildungen.online
hxxp://ssdstorage.online
hxxp://portablessd.online
hxxp://ssdhosting.online
hxxp://roseoil.online
hxxp://miningdevices.online
hxxp://nordhesse.online
hxxp://miningserver.online
hxxp://mininghosting.online
hxxp://goetingen.online
hxxp://hofgeismar.online
hxxp://hersfeld.online
hxxp://baunatal.online
hxxp://ausgehen.online
hxxp://bestevent.online
hxxp://blockchainhost.online
hxxp://badhersfeld.online
hxxp://clockchainhost.online
hxxp://bestpartys.online
hxxp://americano.online
hxxp://rentflat.online
hxxp://3ddrucken.online
hxxp://savetaxes.online
hxxp://4ktv.online
hxxp://globally.online
hxxp://learnplaying.online
hxxp://learnmba.online
hxxp://learndriving.online
hxxp://reserviere.online
hxxp://thecheapest.online
hxxp://savetax.online
hxxp://rentoffice.online
hxxp://taxoffice.online
hxxp://uhdtv.online
hxxp://stockquote.online
hxxp://stockexchanges.online
hxxp://printing3d.online
hxxp://learnhtml.online
hxxp://learndancing.online
hxxp://globalmarkets.online
hxxp://learnsinging.online
hxxp://globalstocks.online
hxxp://drucke3d.online
hxxp://dnacode.online
hxxp://buszynski.com
hxxp://startupwithyourstartup.com
hxxp://mobiletoolsonline.com
hxxp://qrmake.com
hxxp://leave-america.com
hxxp://miet.online
hxxp://entwickler.online
hxxp://experte.online
hxxp://studiere.online
hxxp://advocates.online
hxxp://kup.biz
hxxp://a-r.biz
hxxp://handle.online
hxxp://mobiletools.online
hxxp://q-r.in
hxxp://productive.cloud
hxxp://webdesigner.cloud
hxxp://admins.cloud
hxxp://x-y.biz
hxxp://u-x.biz
hxxp://n-y.club
hxxp://u-k.club
hxxp://qualify.online
hxxp://l-l.biz
hxxp://s-a.biz
hxxp://smartwearables.biz
hxxp://i-t.co
hxxp://079.us
hxxp://rny.us
hxxp://vrp.us
hxxp://rmy.us
hxxp://rqr.us
hxxp://uio.biz
hxxp://uiw.biz
hxxp://uho.biz
hxxp://ueu.biz
hxxp://nho.biz
hxxp://s-f.biz
hxxp://smallqr.org
hxxp://v-b.biz
hxxp://qrtocv.com
hxxp://1sl.us
hxxp://qr2cv.com
hxxp://qrtoyou.com
hxxp://small-qr.com
hxxp://qrtome.com
hxxp://9kw.net
hxxp://smallqr.net
hxxp://0-b.net
hxxp://8va.net
hxxp://k3d.net
hxxp://zd3.net
hxxp://e-n.biz
hxxp://g-b.biz
hxxp://africanb2b.com
hxxp://technologia.online
hxxp://1-single-letter-domains.com
hxxp://cn.nf
hxxp://ai.nf
hxxp://vr.nf
hxxp://vergleiche.jetzt
hxxp://spiele.jetzt
hxxp://sport.jetzt
hxxp://pizza.jetzt
hxxp://made-in-eu.online
hxxp://madeineu.online
hxxp://madeineurope.online
hxxp://g.gl
hxxp://abyssinia.online
hxxp://e-u.space
hxxp://a-b.space
hxxp://u-s.space
hxxp://u-k.space
hxxp://zmiana.online
hxxp://taryfy.online
hxxp://sitcom.online
hxxp://wynajmij.online
hxxp://softwaredesign.online
hxxp://socialmediaagency.online
hxxp://tanz.online
hxxp://reklamuj.online
hxxp://serwer.online
hxxp://programmierer.online
hxxp://wejherowo.online
hxxp://weltweit.online
hxxp://programowanie.online
hxxp://professions.online
hxxp://starte.online
hxxp://sztuka.online
hxxp://optymalizacja.online
hxxp://staatsanleihen.online
hxxp://wgzimmer.online
hxxp://oblicz.online
hxxp://optimierung.online
hxxp://oprogramowanie.online
hxxp://programista.online
hxxp://musterbrief.online
hxxp://versichere.online
hxxp://softwaredesigner.online
hxxp://onlinecommunity.online
hxxp://untermiete.online
hxxp://smartapps.online
hxxp://wzory.online
hxxp://ulgi.online
hxxp://tausche.online
hxxp://softwareentwickler.online
hxxp://sprachenschule.online
hxxp://mobiledeveloper.online
hxxp://umowa.online
hxxp://softwaredesigners.online
hxxp://vertragsmuster.online
hxxp://nativeapp.online
hxxp://grafikdesigner.online
hxxp://fremdenzimmer.online
hxxp://internetagency.online
hxxp://handluj.online
hxxp://mediaagency.online
hxxp://memy.online
hxxp://appsdesigners.online
hxxp://malerei.online
hxxp://internety.online
hxxp://appsdeveloper.online
hxxp://loudspeakers.online
hxxp://aufladung.online
hxxp://investiere.online
hxxp://formulas.online
hxxp://musterbriefe.online
hxxp://musterschreiben.online
hxxp://effektiv.online
hxxp://najtaniej.online
hxxp://e-u.online
hxxp://barometer.online
hxxp://formeln.online
hxxp://appsdesigner.online
hxxp://digitalsignature.online
hxxp://detektive.online
hxxp://discos.online
hxxp://designagency.online
hxxp://detektyw.online
hxxp://darlehn.online
hxxp://dawaj.online
hxxp://corporatedesign.online
hxxp://creativeagency.online
hxxp://biznesplan.online
hxxp://barometr.online
hxxp://kanzleien.online
hxxp://mobiledevelopers.online
hxxp://baterie.online
hxxp://akcesoria.online
hxxp://appdesigner.online
hxxp://appdesigners.online
hxxp://appsdesign.online
hxxp://akcje.online
hxxp://h.nf
hxxp://g.nf
hxxp://i.nf
hxxp://decoders.online
hxxp://decoder.online
hxxp://zahle.online
hxxp://biete.online
hxxp://lade.online
hxxp://arbeite.online
hxxp://akkus.online
hxxp://abyssiniabusiness.com
hxxp://n-a-j.com
hxxp://businessadvice247.com
hxxp://itadvice247.com
hxxp://lawadvice247.com
hxxp://aupair247.com
hxxp://lawadvice24.com
hxxp://democracykey.com
hxxp://bourenina.com
hxxp://karinabourenina.com
hxxp://karina-burenina.com
hxxp://irinaseller.com
hxxp://irina-seller.com
hxxp://karinaburenina.com
Related DDoS including DoS tools part of the current campaign include:
hxxp://twitter.com/thedisbalancer
Bitcoin: 0xAca4ab40238Ef71dd86b343506447941EDec4b7e
hxxp://foundation.app/@strikeart/stopwar/1
hxxp://t.me/s/disBalancer_Official
hxxp://t.me/disbalancer_group
hxxp://t.me/+EU89jLuhOrwxYTgy
Related DDoS including DoS tools part of the current campaign include:
hxxp://norussian.tk/
hxxp://stop-russian-desinformation.near.page/
hxxp://kuzelovi.cz/FuckPutin.html
hxxp://vug.pl/takeRussiaDown.html
MD5: f67f5d78f263ddf92749f09d3d478e4e
MD5: db8fdd09ed4a350cf509a241b76f46c1
hxxp://github.com/ajax-lives/NoRussian
Stay tuned!
