SBN

Exposing BG Worm – A Bulgaria-Based Web Site Defacement Group – An OSINT Analysis

An image is worth a thousand words.

EvilHack -> http://www.youtube.com/user/AnonymousEvilHack/about -> http://cyber-code.tk/ -> BG Cyber Army -> http://www.zone-h.org/archive/notifier=Bulgarian%20Cyber%20Army 

-> https://www.facebook.com/bgcyberarmy

Bca-group.org – Email: [email protected]

BG Cyber Army – Cyber Root, Cyber King, iNCUBUS, JoKeR, MoonSpire

– [Pa3pyxA, FuckOFF, CyberKing, CyberLord]

CyberLord: [email protected] :: [OK] [+] CyberKing: [email protected] :: [OK]

Pa3pyxA: [email protected]

Anonymous BG’s main forum URL: http://anonbg.info

Group member handles: rootheR_, Hades, NoTolerance, EvilHack, PsychoPatternz.

Forum postings for ID-ed member PsychoPatternz: http://anonbg.info/member.php?34-PsychoPatternz

Forum postings for ID-ed member EvilHack: http://anonbg.info/member.php?13-EvilHack

EvilHack’s real name: Genadi

Skype: genadi_97

Skype: anonymous_evilhack

City: Veliko Turnovo or Tutrakan

Associated emails:

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

URL he maintains:

https://www.facebook.com/pages/EvilHack-Programs

http://anonymous-world.free.bg/page-8.html

http://web-dangerous.free.bg/page-9.html

http://evilhack-official.blogspot.com/

http://www.podariavam.com/user/GenadiD

PsychoPatternz’s name: Asparuh Naydenov

City:: Plovdiv

Skype: asparuh1231

URLs he maintains:

http://psychopatternz.blogspot.com/

https://www.facebook.com/hakhz/timeline

Facebook profile:

https://www.facebook.com/Psychopatternz

EvilHack appears to be also a member of a newly emerged group, namely, Bulgarian Cyber Army.

Connection: EvilHack -> http://www.youtube.com/user/AnonymousEvilHack/about -> http://cyber-code.tk/ -> BG Cyber Army -> http://www.zone-h.org/archive/notifier=Bulgarian%20Cyber%20Army

-> https://www.facebook.com/bgcyberarmy

Official Web site: bca-group.org – Email: [email protected]

Related group emails: [email protected]; [email protected]

Current members: Cyber Root, Cyber King, iNCUBUS, JoKeR, MoonSpire

Ex-members: Pa3pyxA, FuckOFF, CyberKing, CyberLord

Group members’ associated emails:

CyberLord – [email protected]

CyberKing – [email protected]

Pa3pyxA – [email protected]

Group’s Name: Hack3D TeaM” or “MTH Soft

Facebook: https://www.facebook.com/hack3dteam;

https://www.facebook.com/bgworm.info

Vimeo account: http://vimeo.com/user16145338/videos

Forum: http://hakerstvo.informe.com/

Zone-H Archive: http://zone-h.org/archive/notifier=MaStErChO/page=1

Hackdb Archive: http://www.hack-db.com/hacker/r00tkit/all.html

Google Plus Profile: https://plus.google.com/104878573752624522053/photos

Group Members: r00tkit, MaStErChO AloneWolf, Sspdf11, razora911, Metalqear

Shout outs most commonly given to — on the basis of multiple defaced

page assessments –MaStErHaCk, – RTFM -The Godfather-(tm)(R) PanteliX (R)(tm) –

(tm)W!PS(tm) – Tiger(tm) – Slackera – TraferA – 3ikmy – N3x0R.

Known group domains’ reconnaissance:

hxxp://bgworm.com – Email: [email protected] –  name: “Mastercho

Hoomie” same as the Google Plus account

hxxp://bgworm.info – historical WHOIS emails: Email: [email protected];

Email: [email protected]

Group member profile: Anton Nikolaev (MaStErChO)

Email: [email protected] – email used from the forum’s registration confirmation

Secondary email: [email protected] – Reference:

Skype: ko.ti.puka

Mobile: 0895373102

Second Mobile: 0887565357

Birth date: March 25, 1992 or 17 July, 1990

Stay tuned!

*** This is a Security Bloggers Network syndicated blog from Dancho Danchev's Blog - Mind Streams of Information Security Knowledge authored by Dancho Danchev. Read the original post at: http://feedproxy.google.com/~r/danchodanchevonsecurityandnewmedia/~3/QnD-nR7u6x0/exposing-bg-worm-bulgaria-based-web.html