Security Boulevard

A list of topics we covered in the week of March 16 to March 22 of 2026

The post A week in security (March 16 – March 22) appeared first on Security Boulevard.

Tom Eston interviews offensive AI researcher and PhD candidate Andrew Wilson, a former Bishop Fox partner who helped grow the firm from under 20 people to nearly 500, built award-winning AI solutions for SOC modernization, founded Cactus Con, and relocated his family to Guadalajara to open and scale a Bishop Fox office. They discuss Mexico’s […]

The post The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson appeared first on Shared Security Podcast.

The post The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson appeared first on Security Boulevard.

Dear blog readers,

In this post I'll provide actionable intelligence based on the research and analysis which I posted in my previous "Dissecting the RAMP (Russian Anonymous Marketplace) Ransomware Forum - An Analysis" blog post and will provide actionable intelligence on various domain portfolios manage and operated by members of the RAMP (Russian Anonymous Marketplace) forum with the idea to assist the security community and fellow researchers including U.S Law Enforcement on its way to properly track down and prosecute the individuals behind these communities.

Here's the actual compilation:

Source Entity Target Entity [email protected] nord-termo.site [email protected] nord-termo.space [email protected] nordtermo.space [email protected] nordtermo.website [email protected] 24hoursnews.co [email protected] dqhost.net [email protected] dqsolutions.info [email protected] mrn2003.ir [email protected] annerley.com.hk [email protected] memorials-usa.us [email protected] 1v4.cn [email protected] ckqlc.cn [email protected] astra-sport.com [email protected] euadult.com [email protected] lgtube.com [email protected] pornxvidios.com [email protected] qtrtube.com [email protected] torrentcloud.download [email protected] exfeg.com [email protected] ucofj.net [email protected] 3bed.dev [email protected] valeriobattagli.com [email protected] ww5.in [email protected] anonytor.cc [email protected] anonytor.com [email protected] ah18.su [email protected] blacksmm.su [email protected] esportalen.su [email protected] impfnachweis.su [email protected] leakshare.su [email protected] totalnutritions.us [email protected] ff979834.com [email protected] globalonlinelink.com [email protected] ulezcharge.co.uk [email protected] xe317970.com [email protected] xe317990.com [email protected] pietrodimaria.info [email protected] akstudios.fr [email protected] akzkidstore.com [email protected] us24work.us [email protected] zoomaps.us [email protected] mauadhotel.com.br [email protected] netdeep.com.br [email protected] vermelhorconsultoria.com.br [email protected] air-gouv.com [email protected] nelfllx-abonnement.com [email protected] nelfllx-abonnements.com [email protected] nelfllx-clients.com [email protected] parisclassenumerique.org [email protected] alarife.com [email protected] time2time.com.br [email protected] offllce365.com [email protected] aliooird.us [email protected] bazoinf.us [email protected] fatturapagamento.us [email protected] osdoiasda.us [email protected] pagamento.us [email protected] mira-orel.com [email protected] lactioncosmetique.com [email protected] mediatic.com [email protected] soin2beaute.com [email protected] westlaw-researches.com [email protected] westlaw-researchs.com [email protected] a-mark.us [email protected] photo4love.us [email protected] happyrainy.com [email protected] totalblacktv.com [email protected] elcrazyfrog.com [email protected] voidhere2023.com [email protected] dosette-douche.com [email protected] lebey.fr [email protected] purchaseprotection.us [email protected] cryptohedgefund.us [email protected] crystalwaveforge.com [email protected] disney-connexion.com [email protected] healthwiseadvantage.com [email protected] novarisinghorizon.com [email protected] dante110.pw [email protected] passwordverifys.com [email protected] huawei-oss.cn [email protected] cs2source.us [email protected] netflixverify.com [email protected] post-redelivery.com [email protected] redelivery-post.com [email protected] thiendaonet.us [email protected] derisiontest3.com [email protected] meutrackerr.com.br [email protected] ns-24.com [email protected] ns-365.com [email protected] darknet.ug [email protected] ebemlohov.ug [email protected] hrenzabanish.ug [email protected] legatopeople.lu [email protected] fastfire.org [email protected] confirm-post.com [email protected] elverdaderopetro.com [email protected] investigacionpetro.org [email protected] petristasarrepentidos.com [email protected] petroleaks.org [email protected] papa-john.space [email protected] kleinanzeneigen.vip [email protected] zksynk.us [email protected] adsfun.club [email protected] kampagne-tonline.com [email protected] 2b7e.org [email protected] gabrielebner.at [email protected] gebner.org [email protected] arshadplus.ir [email protected] paingamingteam.ir [email protected] badbank.com.br [email protected] disaster-assistance.us [email protected] iabor.us [email protected] laborscolorado.us [email protected] pa-gov.us [email protected] uia-michigan.us [email protected] boxes-win.com [email protected] versionstoreaccos.site [email protected] jobcool.fr [email protected] katelinajlowe.com [email protected] newsiteregistration.online [email protected] top5sitehotgirl.online [email protected] fruktshop.uz [email protected] usagrantsonline.com [email protected] loomclothing.in [email protected] fix7w.us [email protected] ccpvp.us [email protected] enbanking-bmi.net [email protected] tejarat-banek.net [email protected] tejarat-benk.net [email protected] online4-boa.com [email protected] onlinewells-connect.com [email protected] receive-mtb.com [email protected] visit01b0a.com [email protected] visit02b0a.com [email protected] matumba.xyz [email protected] carry-hotel.com [email protected] bsdfjsd.us [email protected] c4863ccd1070dd01d880667e578f85be.us [email protected] l6sz1.us [email protected] s6un.us [email protected] x5a4w.us [email protected] kembolle.com.br [email protected] ocomunitariomt.com.br [email protected] bostitch.su [email protected] dkgaminggear.com [email protected] abacuslab.us [email protected] muwop.us [email protected] oppastoppa.us [email protected] tigrislab.us [email protected] payload.su [email protected] windows-tech-support.su [email protected] lovebombi.ng [email protected] 3ds-site-com.online [email protected] lumenai.co.kr [email protected] manageupdates.com [email protected] techsavvy.pro [email protected] payksld.digital [email protected] payksld.world [email protected] clause.ws [email protected] marketsmix.com [email protected] zuchri.com [email protected] m3taki.com [email protected] twlttre.com [email protected] sockcon.us [email protected] araztm.in [email protected] araztm.ir [email protected] englishmatrix.ir [email protected] fcoin.ir [email protected] fta-tab.com [email protected] koroshcarpet.ir [email protected] shgypsum.com [email protected] cialis26.us [email protected] fitbudds.com [email protected] hyzaars.com [email protected] imitrex24.com [email protected] makino.info [email protected] slotwang.com [email protected] wholesalejerseysace.life [email protected] casino0777.us [email protected] goolg-e.com [email protected] hefaz-security.ir [email protected] vsec.ir [email protected] xn--arbnb-q81b.com [email protected] stopclock.eu [email protected] netfiix.org [email protected] hingeserver89.com [email protected] quotaflow.net [email protected] recovery-session.com [email protected] secure0web.icu [email protected] securei0.com [email protected] filever.info [email protected] filever.us [email protected] vnteg.com [email protected] 28team.org [email protected] oleolex98.com [email protected] contentcrux.us [email protected] guptacapitalgroup.us [email protected] midoceanpartners.us [email protected] motioncontentgroup.us [email protected] trevinoelectronics.us [email protected] etsoft.fr [email protected] nibifu-tijax.com [email protected] cryptoforexleads.pw [email protected] solutionsmanualpdf.space [email protected] sapport.co.in [email protected] sapport.in [email protected] sapport.nz [email protected] sapport.one [email protected] sapport.run [email protected] ccf-support.com [email protected] jepreis-euan.com.do [email protected] larsinatosabala-oeca.com.do [email protected] macomdue.com.do [email protected] r-8djjksz.com.do [email protected] changway.hk [email protected] www.changway.hk [email protected] dertyu.com [email protected] buxhianyi.com [email protected] reeves.su [email protected] serivice.com [email protected] dclofty.com [email protected] isecsecurity.com.br [email protected] ubje.com.br [email protected] m.talk.im [email protected] talk.im [email protected] escola.i9ead.com.br [email protected] i9ead.com.br [email protected] www.i9ead.com.br [email protected] uniccsh0p.mn [email protected] exchangersdirectory.com [email protected] sonyblueprint.com [email protected] uniselect.org [email protected] web-proserv.com [email protected] workblacks.com [email protected] caprocoin.pw [email protected] maxho.ru [email protected] tf6.ru [email protected] pgnewslot.net [email protected] vip.bookchestsolutions.com [email protected] vip.mdkprivatelawfirm.onyxprivseconline.com [email protected] vvip.phoenixpoststh.com [email protected] vvip.tynoxthailand.com [email protected] bet0b3n.com [email protected] creativefeed.fr [email protected] madebycf.com [email protected] i-kusbpartner.com [email protected] moa-consolidation.co.kr [email protected] readyon.xyz [email protected] sline-sblack.co.kr [email protected] alyar.ir [email protected] bigmall.ir [email protected] tuur724.com [email protected] vcons.ir [email protected] webcourses.ir [email protected] muhafazakar-otel.com.tr [email protected] otel-extra.com.tr [email protected] otelextra.com.tr [email protected] businessonbelgrademn.us [email protected] casadepazcolorado.us [email protected] lelandscholarship.us [email protected] palospowersoftball.us [email protected] pottersangelsrescue.us [email protected] au-applepay-recover.com [email protected] re-register-netcode.com [email protected] redeliver-sendle.com [email protected] reschedule-nz-post.com [email protected] reschedule-nzpost-delivery.com [email protected] excellentscore.at [email protected] ufa24h.us [email protected] sunthar.tech [email protected] chatgptdwnl.online [email protected] citrxapps.online [email protected] ctrxapps.online [email protected] shrafdg.online [email protected] vpnvpn.gives [email protected] durakplay.com [email protected] xlsmmdhla1.in [email protected] agtrbd.cn [email protected] amazom.org.cn [email protected] pasargadplast.org.cn [email protected] r2b3y.cn [email protected] vnbqwkz.cn [email protected] user-acces.com [email protected] opalormint.online [email protected] kudoswindows.co.uk [email protected] yn588.com [email protected] ophtalmologiste-annecy.fr [email protected] oxygenvision.fr [email protected] lucky7football.us [email protected] xshow.tv [email protected] xbcsupport.us [email protected] baao.com [email protected] ttfx.org [email protected] electreum.co.com [email protected] androidstreet.net

The post A Domains Portfolio Belonging to RAMP (Russian Anonymous Marketplace) Forum Members – A Compilation appeared first on Security Boulevard.

Dear blog readers,

In this post I'll provide actionable intelligence on all the BitCoin wallet addresses from the RAMP (Russian Anonymous Marketplace) forum members with the idea to assist the security community fellow researchers and U.S Law Enforcement on its way to properly track down and prosecute the individuals behind these campaigns.

Here's the compilation:

 
bc1q0hv5p5gygrqqahj7ds8ssk2kajykjz5rxmspj6 | User: admin | Source: DM ID 4984 (Conv 1298)
bc1q0nrnvcqlty00ymr9c6qxvchdyr0w95px5rhtdk | User: admin | Source: DM ID 5151 (Conv 308)
bc1q3z6fsegsq79k2lcsgkwrez6tcwsvq2uylewp8s | User: Support | Source: DM ID 833 (Conv 172)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq | User: Mafia | Source: DM ID 723 (Conv 158)
bc1q87akg05wjnfmxwyj6j6ars9c0q0va6m0xu68xe | User: tyman | Source: Post ID 3604 (Thread 61)
bc1q8y97gq3apqsmfr808lhcj3uggujcd7786cpfau | User: N0_Esc4pe | Source: DM ID 5920 (Conv 1533)
bc1q9jvaemgc9262g0lzpsx0ke7z0lpj7yvpl6hfmv | User: Stallman | Source: DM ID 981 (Conv 189)
bc1qa4s3zlrdrjs9a5rjlveswzj0e7c37ptl4aqluf | User: admin | Source: DM ID 6016 (Conv 1316)
bc1qavkc796mfrrvsyjenvx8ef5xzn6zlrufv4rd7c | User: el84 | Source: DM ID 5087 (Conv 1328)
bc1qc2k5hhz5y53ppxyl2n5yhhz2pju3pqnnpn3h3w | User: RATNICK | Source: DM ID 6401 (Conv 1670)
bc1qcvh05dvca25k56k9nclpnq56h9x427fvmcdshy | User: Mafia | Source: DM ID 841 (Conv 158)
bc1qfz6jesmux9qps5svlnnk87z86vdnp4l5qqu98s | User: admin | Source: DM ID 6943 (Conv 1298)
bc1qg6cc8dmcvqqpvjz99hsjyt58rzccvtdn8hevr8 | User: admin | Source: DM ID 7167 (Conv 1830)
bc1qgfsvtpuaaf86zsrcnmhckjk6dv3a9mul9dveve | User: tyman | Source: Post ID 3604 (Thread 61)
bc1qjneykg4m2hctafyp9tr05mld2m2tn8rjaycze7 | User: Nero | Source: DM ID 4701 (Conv 1219)
bc1qjqugxy6agwujvtyqs5ht8h70cgsf296ekc0ez6 | User: eloncrypto | Source: DM ID 6980 (Conv 1802)
bc1qjvclt6q7d56t4uxhn7u0xhtcp0ef4kjmc4zzjf | User: admin | Source: DM ID 5040 (Conv 1316)
bc1qk3rh7c0h5pv02rluscjnyrce6kv0n5hv8neaxw | User: CheckZilla | Source: DM ID 2274 (Conv 308)
bc1qlkltuywcqs03wxu46elh6w2d5e0fvsdw4ddcfd | User: admin | Source: DM ID 4066 (Conv 1065)
bc1qllt6vt3zxuclfwng3wfy7grk8kf4rt89cyc5l5 | User: admin | Source: DM ID 6944 (Conv 1781)
bc1qm4kc76vckhdu5xp54natj3fd72wwujl6j9fa3q | User: Krendel | Source: DM ID 6065 (Conv 1590)
bc1qm6snul7z4lkyxvdlu9uavfzrnfqpxern6w42tj | User: Krendel | Source: DM ID 6070 (Conv 1590)
bc1qmczxy6qsm80xfkl9f24xqtr0d5d0fpwzy4s3t5 | User: hotri | Source: DM ID 3710 (Conv 928)
bc1qmmc7mps82elp6q78d8xc2u8wk0gwnqjcftk3tt | User: vAz | Source: DM ID 4673 (Conv 1207)
bc1qp9c26z9cw3qqfy0fx32kl598dnknx7wf3ck3te | User: admin | Source: DM ID 2699 (Conv 308)
bc1qpjftnrmahzc8cjs23snk2rq0vt6l0ehu4gqxus | User: Nowheretogo | Source: Post ID 3645 (Thread 717)
bc1qqt6jjknwe48wc8ewt0nywj7usl30uz4gdxux5w | User: spyboy | Source: DM ID 4155 (Conv 1082)
bc1qsdlnkkk9tpp6fe89ntdwk6hxqvf6ydmjj8lpkr | User: el84 | Source: DM ID 5520 (Conv 1456)
bc1qtzejuulhpsjfghz5q2a9h4vptfd4h5n008m5js | User: admin | Source: DM ID 5206 (Conv 1350)
bc1quuwkwzrpuwnyzt9tjqpt2u0sunqyxrrrua5x6l | User: admin | Source: DM ID 1000 (Conv 170)
bc1qvt60ku3zumfjljqy3nyxq4xrkncfekze8au3y2 | User: admin | Source: DM ID 2621 (Conv 668)
bc1qwgswrxaxxkme88zy7ydvpx43pmca6mqy7sh7q7 | User: admin | Source: DM ID 5363 (Conv 1396)
bc1qx2ptp5rtru0745as8lxaqhmymxu82mz5zw3kn9 | User: boxi | Source: Post ID 3309 (Thread 612)
bc1qxzu4esrm69tucfrpm22nm0s6yt74vysp0qsgzh | User: admin | Source: DM ID 2542 (Conv 633)
bc1qy0gz9dhhck0nwg2nm5feeufczjms7m0vyvsmss | User: tyman | Source: Post ID 3604 (Thread 61)

Related BitCoin wallet addresses for RAMP Ransomware Forum:

Wallet Address     Crypto Type     User     Source Location
39WorQNB1BR6oEJQVvVRPrEqn3U1mvLRCS     Bitcoin (Legacy/P2SH)     Nero     DM ID 4610 (Conv 1168)
3JMkKMnoYW1r1vWMrkKmjHmb1tPfZMajcm     Bitcoin (Legacy/P2SH)     Nowheretogo     Post ID 3063 (Thread 545)
1Fzdh15YCAc97Q148VQgLCZYNqoxvp5xKh     Bitcoin (Legacy/P2SH)     Nowheretogo     Post ID 5159 (Thread 1095)
1DLYfCoRJgyWodjaVm13D43x9ViyiWrvbM     Bitcoin (Legacy/P2SH)     RATNICK     DM ID 7483 (Conv 1813)
1Bc4NkmoQb7a5eA1M2PCChFre8AcETyUBC     Bitcoin (Legacy/P2SH)     Stallman     DM ID 867 (Conv 158)
19g7mbR9d6uGUyFPewV1oMz28ciEFdhXQm     Bitcoin (Legacy/P2SH)     Stallman     DM ID 981 (Conv 189)
19g7mbR9d6uGUyFPewV1oMz28ciEFdhXQm     Bitcoin (Legacy/P2SH)     Stallman     DM ID 982 (Conv 190)
1EBZrrGtXA5kcf88CC1RhzsZKWe2CioWVy     Bitcoin (Legacy/P2SH)     Vism     DM ID 581 (Conv 128)
19g7mbR9d6uGUyFPewV1oMz28ciEFdhXQm     Bitcoin (Legacy/P2SH)     Whop-Whop     DM ID 978 (Conv 189)
14A7TFD5v2M6QGQZM7yqz7F9wDQEh7FqzM     Bitcoin (Legacy/P2SH)     cocacola     DM ID 7359 (Conv 1875)
1EiyWbX9F9YP1SMuSYc3ZsYK1cV4jkodo     Bitcoin (Legacy/P2SH)     cocacola     DM ID 7359 (Conv 1875)
1GQcCAPhzQCxcNA3f5RX89NLMjVaMEi16m     Bitcoin (Legacy/P2SH)     el84     DM ID 3283 (Conv 832)
1Bc4NkmoQb7a5eA1M2PCChFre8AcETyUBC     Bitcoin (Legacy/P2SH)     johndoe     DM ID 844 (Conv 158)
13mpQcVR35pddrdT8YkKyrDiRgou1imhGe     Bitcoin (Legacy/P2SH)     tyman     Post ID 3604 (Thread 61)
19iqYbeATe4RxghQZJnYVFU4mjUUu76EA6     Bitcoin (Legacy/P2SH)     tyman     Post ID 3604 (Thread 61)
1C7msoqUG6GKPuAxg84FWtxGFRH68YiXkJ     Bitcoin (Legacy/P2SH)     tyman     Post ID 3604 (Thread 61)
1JuhgScB7ikMPudVm7PfdMNEzjmoNz9G49     Bitcoin (Legacy/P2SH)     tyman     Post ID 3604 (Thread 61)
16yQbH8hXxSZNASr2ntW21qQewcRgEJf9R     Bitcoin (Legacy/P2SH)     ☠xrahitel☠     DM ID 7401 (Conv 1247)
bc1qk3rh7c0h5pv02rluscjnyrce6kv0n5hv8neaxw     Bitcoin (SegWit)     CheckZilla     DM ID 2274 (Conv 308)
bc1qm4kc76vckhdu5xp54natj3fd72wwujl6j9fa3q     Bitcoin (SegWit)     Krendel     DM ID 6065 (Conv 1590)
bc1qm6snul7z4lkyxvdlu9uavfzrnfqpxern6w42tj     Bitcoin (SegWit)     Krendel     DM ID 6070 (Conv 1590)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq     Bitcoin (SegWit)     Mafia     DM ID 723 (Conv 158)
bc1qcvh05dvca25k56k9nclpnq56h9x427fvmcdshy     Bitcoin (SegWit)     Mafia     DM ID 841 (Conv 158)
bc1q8y97gq3apqsmfr808lhcj3uggujcd7786cpfau     Bitcoin (SegWit)     N0_Esc4pe     DM ID 5920 (Conv 1533)
bc1qjneykg4m2hctafyp9tr05mld2m2tn8rjaycze7     Bitcoin (SegWit)     Nero     DM ID 4701 (Conv 1219)
bc1qjneykg4m2hctafyp9tr05mld2m2tn8rjaycze7     Bitcoin (SegWit)     Nero     DM ID 4841 (Conv 1258)
bc1qjneykg4m2hctafyp9tr05mld2m2tn8rjaycze7     Bitcoin (SegWit)     Nero     DM ID 4842 (Conv 1260)
bc1qpjftnrmahzc8cjs23snk2rq0vt6l0ehu4gqxus     Bitcoin (SegWit)     Nowheretogo     Post ID 3645 (Thread 717)
bc1qc2k5hhz5y53ppxyl2n5yhhz2pju3pqnnpn3h3w     Bitcoin (SegWit)     RATNICK     DM ID 6401 (Conv 1670)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq     Bitcoin (SegWit)     Stallman     DM ID 696 (Conv 158)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq     Bitcoin (SegWit)     Stallman     DM ID 717 (Conv 158)
bc1qcvh05dvca25k56k9nclpnq56h9x427fvmcdshy     Bitcoin (SegWit)     Stallman     DM ID 867 (Conv 158)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq     Bitcoin (SegWit)     Stallman     DM ID 918 (Conv 189)
bc1q6j6g9j24cfkg57hrhz6yev9ym6pleuhtpekkgq     Bitcoin (SegWit)     Stallman     DM ID 919 (Conv 190)
bc1q9jvaemgc9262g0lzpsx0ke7z0lpj7yvpl6hfmv     Bitcoin (SegWit)     Stallman     DM ID 981 (Conv 189)
bc1q9jvaemgc9262g0lzpsx0ke7z0lpj7yvpl6hfmv     Bitcoin (SegWit)     Stallman     DM ID 982 (Conv 190)
bc1q3z6fsegsq79k2lcsgkwrez6tcwsvq2uylewp8s     Bitcoin (SegWit)     Support     DM ID 833 (Conv 172)
bc1quuwkwzrpuwnyzt9tjqpt2u0sunqyxrrrua5x6l     Bitcoin (SegWit)     admin     DM ID 1000 (Conv 170)
bc1qk3rh7c0h5pv02rluscjnyrce6kv0n5hv8neaxw     Bitcoin (SegWit)     admin     DM ID 1613 (Conv 308)
bc1qk3rh7c0h5pv02rluscjnyrce6kv0n5hv8neaxw     Bitcoin (SegWit)     admin     DM ID 2268 (Conv 308)
bc1qxzu4esrm69tucfrpm22nm0s6yt74vysp0qsgzh     Bitcoin (SegWit)     admin     DM ID 2542 (Conv 633)
bc1qvt60ku3zumfjljqy3nyxq4xrkncfekze8au3y2     Bitcoin (SegWit)     admin     DM ID 2621 (Conv 668)
bc1qxzu4esrm69tucfrpm22nm0s6yt74vysp0qsgzh     Bitcoin (SegWit)     admin     DM ID 2647 (Conv 656)
bc1qp9c26z9cw3qqfy0fx32kl598dnknx7wf3ck3te     Bitcoin (SegWit)     admin     DM ID 2699 (Conv 308)
bc1qp9c26z9cw3qqfy0fx32kl598dnknx7wf3ck3te     Bitcoin (SegWit)     admin     DM ID 2727 (Conv 308)
bc1qlkltuywcqs03wxu46elh6w2d5e0fvsdw4ddcfd     Bitcoin (SegWit)     admin     DM ID 4066 (Conv 1065)
bc1q0hv5p5gygrqqahj7ds8ssk2kajykjz5rxmspj6     Bitcoin (SegWit)     admin     DM ID 4984 (Conv 1298)
bc1qjvclt6q7d56t4uxhn7u0xhtcp0ef4kjmc4zzjf     Bitcoin (SegWit)     admin     DM ID 5040 (Conv 1316)
bc1q0hv5p5gygrqqahj7ds8ssk2kajykjz5rxmspj6     Bitcoin (SegWit)     admin     DM ID 5105 (Conv 1298)
bc1q0nrnvcqlty00ymr9c6qxvchdyr0w95px5rhtdk     Bitcoin (SegWit)     admin     DM ID 5151 (Conv 308)
bc1qtzejuulhpsjfghz5q2a9h4vptfd4h5n008m5js     Bitcoin (SegWit)     admin     DM ID 5206 (Conv 1350)
bc1qwgswrxaxxkme88zy7ydvpx43pmca6mqy7sh7q7     Bitcoin (SegWit)     admin     DM ID 5363 (Conv 1396)
bc1qa4s3zlrdrjs9a5rjlveswzj0e7c37ptl4aqluf     Bitcoin (SegWit)     admin     DM ID 6016 (Conv 1316)
bc1qfz6jesmux9qps5svlnnk87z86vdnp4l5qqu98s     Bitcoin (SegWit)     admin     DM ID 6943 (Conv 1298)
bc1qllt6vt3zxuclfwng3wfy7grk8kf4rt89cyc5l5     Bitcoin (SegWit)     admin     DM ID 6944 (Conv 1781)
bc1qllt6vt3zxuclfwng3wfy7grk8kf4rt89cyc5l5     Bitcoin (SegWit)     admin     DM ID 6945 (Conv 1802)
bc1qg6cc8dmcvqqpvjz99hsjyt58rzccvtdn8hevr8     Bitcoin (SegWit)     admin     DM ID 7167 (Conv 1830)
bc1qx2ptp5rtru0745as8lxaqhmymxu82mz5zw3kn9     Bitcoin (SegWit)     boxi     Post ID 3309 (Thread 612)
bc1qavkc796mfrrvsyjenvx8ef5xzn6zlrufv4rd7c     Bitcoin (SegWit)     el84     DM ID 5087 (Conv 1328)
bc1qsdlnkkk9tpp6fe89ntdwk6hxqvf6ydmjj8lpkr     Bitcoin (SegWit)     el84     DM ID 5520 (Conv 1456)
bc1qsdlnkkk9tpp6fe89ntdwk6hxqvf6ydmjj8lpkr     Bitcoin (SegWit)     el84     DM ID 5540 (Conv 1460)
bc1q9jvaemgc9262g0lzpsx0ke7z0lpj7yvpl6hfmv     Bitcoin (SegWit)     eliotto     DM ID 922 (Conv 190)
bc1qm6snul7z4lkyxvdlu9uavfzrnfqpxern6w42tj     Bitcoin (SegWit)     ellisjDG     DM ID 6084 (Conv 1590)
bc1qllt6vt3zxuclfwng3wfy7grk8kf4rt89cyc5l5     Bitcoin (SegWit)     eloncrypto     DM ID 6952 (Conv 1782)
bc1qjqugxy6agwujvtyqs5ht8h70cgsf296ekc0ez6     Bitcoin (SegWit)     eloncrypto     DM ID 6980 (Conv 1802)
bc1qmczxy6qsm80xfkl9f24xqtr0d5d0fpwzy4s3t5     Bitcoin (SegWit)     hotri     DM ID 3710 (Conv 928)
bc1qx2ptp5rtru0745as8lxaqhmymxu82mz5zw3kn9     Bitcoin (SegWit)     michael     Post ID 3311 (Thread 612)
bc1q0hv5p5gygrqqahj7ds8ssk2kajykjz5rxmspj6     Bitcoin (SegWit)     o1oo1     DM ID 5104 (Conv 1298)
bc1qqt6jjknwe48wc8ewt0nywj7usl30uz4gdxux5w     Bitcoin (SegWit)     spyboy     DM ID 4155 (Conv 1082)
bc1q87akg05wjnfmxwyj6j6ars9c0q0va6m0xu68xe     Bitcoin (SegWit)     tyman     Post ID 3604 (Thread 61)
bc1qgfsvtpuaaf86zsrcnmhckjk6dv3a9mul9dveve     Bitcoin (SegWit)     tyman     Post ID 3604 (Thread 61)
bc1qy0gz9dhhck0nwg2nm5feeufczjms7m0vyvsmss     Bitcoin (SegWit)     tyman     Post ID 3604 (Thread 61)

The post A Compilation of BitCoin Wallet Addresses from the RAMP (Russian Anonymous Marketplace) Forum Members – A Compilation appeared first on Security Boulevard.

Dear blog readers,

 Continuing the "When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com - Part Two" blog post series in this post I'll continue analyzing the next malicious software binary which I obtained by data mining Conti Leaks with a lot of success. 

The actual malicious software binary location URL:

hxxp://shighil.com/dl2.exe

MD5: c2055b7fbaa041d9f68b9d5df9b45edd
SHA-1: e4bd443bd4ce9029290dcd4bb47cb1a01f3b1b06
SHA-256: 342f04c4720590c40d24078d46d9b19d8175565f0af460598171d58f5ffc48f3

Here's the actual analysis.

Executive Summary

dl2.exe is a Windows x86_64 PE executable (849.5 KB) exhibiting characteristics consistent with malicious software. The binary demonstrates sophisticated capabilities including registry manipulation, dynamic API resolution, file system operations, and system information gathering. Analysis identified multiple high-risk behaviors typical of malware, particularly around persistence mechanisms and anti-analysis techniques.

Key Findings Critical Capabilities (High Severity)

1. Registry Manipulation

• Functions: sub_419118, sub_419228, sub_419198, sub_4192e8, sub_4193c4, sub_40da8c, sub_422ef4, sub_418ffc
• APIs Used: RegOpenKeyA, RegSetValue, RegCreateKey, RegQueryValue
• Registry Keys Accessed:
  • Software\Microsoft\Windows\CurrentVersion
  • RestrictRun and NoRun keys (policy restriction keys)
• Risk: High - Can modify system configuration and establish persistence

2. Dynamic API Resolution

• Function: sub_40b868 (0x40b868)
• APIs Used: GetProcAddress, LoadLibrary, GetModuleHandle
• Risk: High - Common evasion technique to bypass static analysis and API monitoring
• Details: Dynamically resolves function addresses at runtime, making static detection more difficult

Medium Severity Capabilities

3. File System Operations

• Functions: sub_423718, sub_4228a4, sub_423360, sub_41aeec
• APIs Used: CreateFile, DeleteFile, MoveFile, CopyFile, FindFirstFile, FindNextFile, GetFileAttributes
• Risk: Medium - Can manipulate files on the system

4. System Information Gathering

• Functions: sub_4542b0, sub_40f0ac, sub_46df44, sub_46d3bc
• APIs Used: GetVersionExA, GetSystemInfo, GetComputerName, GetUserName
• Risk: Medium - Fingerprints the system, likely for profiling or anti-VM checks

5. Memory Manipulation

• Functions: sub_4540e0, sub_453df0, sub_453d10, sub_453b50
• APIs Used: VirtualAlloc, VirtualProtect, HeapAlloc, HeapFree
• Risk: Medium - Can change memory protection flags, potentially indicating code injection or unpacking behavior

6. Mutex Creation

• Function: sub_46be50 (0x46be50)
• API Used: CreateMutex
• Risk: Medium - Commonly used for single-instance enforcement in malware

Security Features (Informational)

7. Stack Protection Mechanisms

• Stack Cookie Initialization (sub_45ca90 at 0x45ca90): Uses multiple entropy sources (GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter) to generate stack cookies
• Stack Guard Pages (sub_4540e0 at 0x4540e0): Implements guard pages using VirtualQuery, VirtualAlloc, and VirtualProtect

Notable Observations

• Entry Point: 0x4545a0 (_start)
• Main Function: 0x46d9f4 (jumps to 0x46da1c)
• Imported Libraries: ADVAPI32.dll, GDI32.dll, KERNEL32.dll, OLEAUT32.dll, SHELL32.dll, SHLWAPI.dll, USER32.dll, WINSPOOL.DRV, comdlg32.dll, ole32.dll, oledlg.dll
• Total Functions Identified: 2,616
• No Network APIs Detected: No direct socket, HTTP, or network communication APIs were found in the analyzed functions (analysis incomplete)
• No Obvious Encryption Strings: No strings matching common encryption algorithm names were found

Malware Classification

Based on identified capabilities, this binary exhibits behaviors consistent with:

• System modification malware (registry manipulation, file operations)
• Information stealer (system information gathering)
• Potentially a dropper/loader (dynamic API resolution, memory manipulation)

Critical Malicious Capabilities Identified

1. Windows Policy Restriction Manipulation (HIGH SEVERITY)

The binary targets multiple Windows policy registry keys designed to restrict user actions:

Registry Keys Targeted:

• Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • NoRun - Prevents running programs via Run dialog
  • RestrictRun - Restricts which programs can execute
  • NoDrives - Hides/restricts drive access
  • NoNetConnectDisconnect - Prevents network connections/disconnections
  • NoRecentDocsHistory - Disables recent documents
  • NoClose - Prevents closing windows
• Software\Microsoft\Windows\CurrentVersion\Policies\Network
  • NoEntireNetwork - Restricts network browsing
• Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
  • Common dialog restrictions

Functions Involved:

• sub_419228 (0x419228) - Writes DWORD registry values
• sub_4192e8 (0x4192e8) - Writes/deletes registry string values and keys
• sub_419198 (0x419198) - Reads registry integer values
• sub_4193c4 (0x4193c4) - Reads registry string values
• sub_419118 (0x419118) - Opens registry keys
• sub_40b0d4 (0x40b0d4) - Saves settings to registry
• sub_432610 (0x432610) - Batch registry operations

2. Console Output Manipulation

• sub_46be50 (0x46be50) - Opens CONOUT$ device handle, likely for output redirection or hiding console output

3. Persistence & Configuration

The binary uses both registry and INI file storage for configuration, with registry taking precedence. This dual-storage approach suggests:

• Fallback mechanisms for different environments
• Ability to persist settings across system changes

Summary of Malicious Findings

This binary is highly malicious with the following critical behaviors:

Primary Threat: System Restriction Malware

The binary manipulates Windows Group Policy registry keys to:

• Disable the Run dialog (NoRun)
• Restrict program execution (RestrictRun)
• Hide/disable drives (NoDrives)
• Prevent network operations (NoNetConnectDisconnect, NoEntireNetwork)
• Disable system features (NoClose, NoRecentDocsHistory)

This behavior is characteristic of ransomware preparation, system lockers, or destructive malware that prevents users from:

• Running recovery tools
• Accessing safe mode
• Using system utilities
• Connecting to networks for help

Additional Malicious Capabilities:

1. Dynamic API resolution - Evades static analysis
2. Dual persistence - Registry + INI file storage
3. Console manipulation - Hides output/errors
4. File system operations - Can modify/delete files
5. Memory manipulation - Can inject code or unpack payloads
6. System fingerprinting - Profiles victim environment

The post When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Three appeared first on Security Boulevard.

Author, Creator & Presenter: Seth Law, Founder of Redpoint Security

Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.

The post BSidesSLC 2025 – Faces In The Fog – Seth Law On Unconventional User Enumeration appeared first on Security Boulevard.

The authentication layer that corporate America spent a decade building is now a liability.

Listen to the podcast:The day MFA became the problem

That’s the blunt assessment of Kevin Surace, chairman of Token, a Rochester, N.Y.-based security company … (more…)

The post FIRESIDE CHAT: In the AI age, your MFA, authentication apps can be compromised in minutes first appeared on The Last Watchdog.

The post FIRESIDE CHAT: In the AI age, your MFA, authentication apps can be compromised in minutes appeared first on Security Boulevard.

From Davos insights to state readiness, let‘s explore how robotics and sensors are moving artificial intelligence into the physical world.

The post What Is Physical AI, and What Does It Mean for Government? appeared first on Security Boulevard.

Company Profile ZeroPath is an AI-native application security startup founded in 2024, and its core products also use the eponymous brand ZeroPath. The company focuses on using AI to automatically discover, verify and fix code vulnerabilities, trying to break through the limitations of traditional SAST, SCA, Secrets scanning and IaC scanning that are fighting each […]

The post RSAC 2026 Innovation Sandbox | ZeroPath: From Alarm Accumulation to Executable Fixes appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post RSAC 2026 Innovation Sandbox | ZeroPath: From Alarm Accumulation to Executable Fixes appeared first on Security Boulevard.

Is Your Organization’s Non-Human Identity Strategy Robust Enough? What if the backbone of your organization’s cybersecurity strategy is more susceptible to breaches than you think? Where machine identities increasingly outnumber human ones, focusing on Non-Human Identities (NHIs) is critical. NHIs serve as the “tourists” navigating through vast cloud environments. Much like human identities, they require […]

The post Does your NHI system deliver essential value appeared first on Entro.

The post Does your NHI system deliver essential value appeared first on Security Boulevard.

What Are Non-Human Identities (NHIs) and Why Are They Critical in Cybersecurity? How do we ensure the security of these interactions? The concept of Non-Human Identities (NHIs) offers a compelling solution. NHIs, an advanced concept in cybersecurity, are designed to safeguard machine identities, ensuring that their actions are secure from creation to decommissioning. The Relevance […]

The post Is your Agentic AI optimized for latest threats appeared first on Entro.

The post Is your Agentic AI optimized for latest threats appeared first on Security Boulevard.

Are You Confident in Your Secrets Vaulting Strategy? The management of machine identities—what the industry terms Non-Human Identities (NHIs)—has become a linchpin in safeguarding cloud environments. When organizations increasingly transition to cloud-based architectures, ensuring the security of NHIs and their associated secrets is paramount. But how can organizations feel truly reassured in their secrets vaulting […]

The post How relieved are you with your secrets vaulting strategy appeared first on Entro.

The post How relieved are you with your secrets vaulting strategy appeared first on Security Boulevard.

On March 20, 2026 at 20:45 UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden malicious code. What they had caught was CanisterWorm, a self-spreading npm worm deployed by the threat actor group TeamPCP. We track this […]

The post CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive appeared first on Security Boulevard.

Author, Creator & Presenter: Bryson Loughmiller - Principal Platform Security Architect At Entrata

Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.

Permalink

The post BSidesSLC 2025 – • Al Red Teaming For Artificial Dummies appeared first on Security Boulevard.

Executive Overview Cyber threats are evolving rapidly, becoming more stealthy, automated, and difficult to detect using traditional security approaches. Attackers increasingly rely on legitimate system tools, encrypted communication, and internal reconnaissance to bypass defenses and operate unnoticed within enterprise environments. Modern organizations must shift toward intelligence-driven security that focuses on behavior, context, and correlation rather

The post Real Attack Alert Analysis: From Hidden Indicators to Actionable Threat Intelligence appeared first on Seceon Inc.

The post Real Attack Alert Analysis: From Hidden Indicators to Actionable Threat Intelligence appeared first on Security Boulevard.

SAN FRANCISCO — RSAC 2026 opens here Monday at Moscone Center, with upwards of 40,000 cybersecurity professionals, executives, and policy leaders, myself among them, filing in to take stock of an industry under acute pressure.

Related: RSAC 2026’s full agenda… (more…)

The post MY TAKE: As RSAC 2026 opens, AI has bifurcated cybersecurity into two wars—the clock is running first appeared on The Last Watchdog.

The post MY TAKE: As RSAC 2026 opens, AI has bifurcated cybersecurity into two wars—the clock is running appeared first on Security Boulevard.

Use OTP authentication to secure HVAC appointments, payments, and service confirmations while improving customer trust and service efficiency.

The post How OTP Authentication Streamlines Service Delivery for HVAC Companies appeared first on Security Boulevard.

Most organizations assume breaches happen because of sophisticated zero-day exploits or highly advanced attackers. The reality is far less dramatic and far more risky. Nearly 73% of breaches stem from weak Governance, Risk, and Compliance (GRC) practices. This means attackers are not breaking in, they’re walking through open doors created by poor risk visibility, weak […]

The post 73% of Breaches Happen Due to Weak GRC – Implement It The Right Way appeared first on Kratikal Blogs.

The post 73% of Breaches Happen Due to Weak GRC – Implement It The Right Way appeared first on Security Boulevard.

6 min readMost organizations still treat credentials as something that must be protected, stored, and rotated. But a second model is quietly reshaping how machine authentication works: eliminate static secrets altogether and authenticate workloads using identity and just-in-time access.

The post Secrets Management vs. Secrets Elimination: Where Should You Invest? appeared first on Aembit.

The post Secrets Management vs. Secrets Elimination: Where Should You Invest? appeared first on Security Boulevard.

6 min readThe OWASP Top 10 for LLM Applications is the most widely referenced framework for understanding these risks. First released in 2023, OWASP updated the list in late 2024 to reflect real-world incidents, emerging attack techniques and the rapid growth of agentic AI.

The post The OWASP Top 10 for LLM Applications (2025): Explained Simply appeared first on Aembit.

The post The OWASP Top 10 for LLM Applications (2025): Explained Simply appeared first on Security Boulevard.