Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: 07/14/10

Wednesday, July 14, 2010

Exploits, Malware, and Scareware Courtesy of AS6851, BKCNET, Sagade Ltd.

Never trust an AS whose abuse-mailbox is using a Gmail account ([email protected]), and in particular one that you've come across to during several malware campaigns over the past couple of month. It's AS6851, BKCNET "SIA" IZZI I'm referring to, also known as Sagade Ltd.

Let's dissect the currently ongoing malicious activity at that Latvian based AS, expose the exploit/malware/crimeware/scareware serving domain portfolios, sample some of the currently active binaries and emphasize on the hijacking of Google/Yahoo and Bing search engines, as well as take a brief retrospective of AS6851's activities profiled over the past couple of months.

What's so special about AS6851 anyway? It's the numerous times in which the AS popped-up in previously profiled campaigns (see related posts at the bottom of the post), next to a pretty interesting Koobface gang connection. An excerpt from a previous post:

"What's so special about AS6851, BKCNET "SIA" IZZI anyway? It's the Koobface gang connection in the face of urodinam.net, which is also hosted within AS6851, currently responding to 91.188.59.10. More details on urodinam.net:

Moreover, on the exact same IP where Koobface gang's urodinam.net is parked, we also have the currently active 1zabslwvn538n4i5tcjl.com - Email: [email protected], serving client side exploits using the Yes Malware Exploitation kit - 91.188.59.10 /temp/cache/PDF.php; admin panel at: 1zabslwvn538n4i5tcjl.com /temp/admin/index.php

The same [email protected] used to register 1zabslwvn538n4i5tcjl.com, was also profiled in the "Diverse Portfolio of Scareware/Blackhat SEO Redirectors Courtesy of the Koobface Gang" assessment."

Related data on AS6851, BKCNET/Sagade Ltd.:
netname:         ATECH-SAGADE
descr:           Sagade Ltd.
descr:           Latvia, Rezekne, Darzu 21
descr:           +371 20034981
remarks:         abuse-mailbox: [email protected]
country:         LV
admin-c:         JS1449-RIPE
tech-c:          JS1449-RIPE
status:          ASSIGNED PA
mnt-by:          AS6851-MNT
source:          RIPE # Filtered
person:          Juris Sahurovs
remarks:         Sagade Ltd.
address:         Latvia, Rezekne, Darzu 21
phone:           +371 20034981
abuse-mailbox:   [email protected]
nic-hdl:         JS1449-RIPE
mnt-by:          ATECH-MNT
source:          RIPE # Filtered

AS6851 advertises 15 prefixes:
* 62.84.0.0/19
* 62.84.22.0/23
* 84.38.128.0/20
* 85.234.160.0/19
* 91.123.64.0/20
* 91.188.32.0/19
* 91.188.41.0/24
* 91.188.44.0/23
* 91.188.46.0/24
* 91.188.48.0/23
* 91.188.50.0/24
* 91.188.52.0/23
* 91.188.56.0/24
* 109.110.0.0/19
* 195.244.128.0/20

Uplink courtesy of:
AS6747, LATTELEKOM Lattelekom
AS5518, TELIALATVIJA Telia Latvija SIA

Currently active exploits/malware/scareware serving domain portfolios within AS6851:
Parked at/responding to 85.234.190.15 are:
anrio.in - Email: [email protected]
brayx.in - Email: [email protected]
broyx.in - Email: [email protected]
brusd.in - Email: [email protected]
butuo.in - Email: [email protected]
butyx.in - Email: [email protected]
cogoo.in - Email: [email protected]
conyx.in - Email: [email protected]
eboyx.in - Email: [email protected]
ederm.in - Email: [email protected]
edois.in - Email: [email protected]
foryx.in - Email: [email protected]
liuyx.in - Email: [email protected]
moosd.in - Email: [email protected]
oserr.in - Email: [email protected]
ossce.in - Email: [email protected]
ostom.in - Email: [email protected]
purnv.in - Email: [email protected]
ragew.in - Email: [email protected]
relsd.in - Email: [email protected]
retnv.in - Email: [email protected]
sdali.in - Email: [email protected]
seedw.in - Email: [email protected]
shkey.in - Email: [email protected]
spkey.in - Email: [email protected]
thynv.in - Email: [email protected]
uitem.in - Email: [email protected]
wakey.in - Email: [email protected]
yxial.in - Email: [email protected]

Parked at/responding to 85.234.190.4 are:
anrio.in - Email: [email protected]
antsd.in - Email: [email protected]
appsd.in - Email: [email protected]
arsdh.in - Email: [email protected]
barui.in - Email: [email protected]
bkpuo.in - Email: [email protected]
bleui.in - Email: [email protected]
brayx.in - Email: [email protected]
broyx.in - Email: [email protected]
brusd.in - Email: [email protected]
bryhw.in - Email: [email protected]
butui.in - Email: [email protected]
butuo.in - Email: [email protected]
butyx.in - Email: [email protected]
cirui.in - Email: [email protected]
cogoo.in - Email: [email protected]
conuo.in - Email: [email protected]
conyx.in - Email: [email protected]
cusnv.in - Email: [email protected]
czkey.in - Email: [email protected]
degoo.in - Email: [email protected]
dugoo.in - Email: [email protected]
ecrio.in - Email: [email protected]
ectuo.in - Email: [email protected]
ederm.in - Email: [email protected]
edger.in - Email: [email protected]
edimp.in - Email: [email protected]
edois.in - Email: [email protected]
elrio.in - Email: [email protected]
enguo.in - Email: [email protected]
eqrio.in - Email: [email protected]
fibnv.in - Email: [email protected]
glouo.in - Email: [email protected]
habsd.in - Email: [email protected]
hecuo.in - Email: [email protected]
hekey.in - Email: [email protected]
hygos.in - Email: [email protected]
imbos.in - Email: [email protected]
intsd.in - Email: [email protected]
ionnv.in - Email: [email protected]
jamsd.in - Email: [email protected]
latuo.in - Email: [email protected]
linuo.in - Email: [email protected]
makey.in - Email: [email protected]
oscog.in - Email: [email protected]
oserr.in - Email: [email protected]
osmac.in - Email: [email protected]
osmot.in - Email: [email protected]
ospor.in - Email: [email protected]
ossce.in - Email: [email protected]
ossio.in - Email: [email protected]
ostab.in - Email: [email protected]
ostac.in - Email: [email protected]
ostio.in - Email: [email protected]
ouned.in - Email: [email protected]
purnv.in - Email: [email protected]
pxdmx.in - Email: [email protected]
rekey.in - Email: [email protected]
relsd.in - Email: [email protected]
retnv.in - Email: [email protected]
scoos.in - Email: [email protected]
sdali.in - Email: [email protected]
sdome.in - Email: [email protected]
shkey.in - Email: [email protected]
spkey.in - Email: [email protected]
sydos.in - Email: [email protected]
thynv.in - Email: [email protected]
ugiyx.in - Email: [email protected]
uirin.in - Email: [email protected]
uisap.in - Email: [email protected]
uitem.in - Email: [email protected]
uithi.in - Email: [email protected]
uityp.in - Email: [email protected]
uityr.in - Email: [email protected]
varyx.in - Email: [email protected]
wakey.in - Email: [email protected]
yokey.in - Email: [email protected]
yxiac.in - Email: [email protected]
yxial.in - Email: [email protected]

Parked at/responding to 91.188.60.225 are:
abrie.in - Email: [email protected]
agros.in - Email: [email protected]
alldh.in - Email: [email protected]
alodh.in - Email: [email protected]
anrio.in - Email: [email protected]
antsd.in - Email: [email protected]
aoxtv.in - Email: [email protected]
appsd.in - Email: [email protected]
aquui.in - Email: [email protected]
arrie.in - Email: [email protected]
arsdh.in - Email: [email protected]
balsd.in - Email: [email protected]
barui.in - Email: [email protected]
bikey.in - Email: [email protected]
bkpuo.in - Email: [email protected]
bleui.in - Email: [email protected]
brayx.in - Email: [email protected]
broyx.in - Email: [email protected]
brusd.in - Email: [email protected]
bryhw.in - Email: [email protected]
butui.in - Email: [email protected]
butuo.in - Email: [email protected]
butyx.in - Email: [email protected]
cated.in - Email: [email protected]
cedhw.in - Email: [email protected]
chrie.in - Email: [email protected]
chrio.in - Email: [email protected]
cirui.in - Email: [email protected]
clrio.in - Email: [email protected]
cogoo.in - Email: [email protected]
conuo.in - Email: [email protected]
conyx.in - Email: [email protected]
corie.in - Email: [email protected]
curie.in - Email: [email protected]
cusnv.in - Email: [email protected]
czkey.in - Email: [email protected]
degoo.in - Email: [email protected]
dennv.in - Email: [email protected]
dugoo.in - Email: [email protected]
eagoo.in - Email: [email protected]
eboyx.in - Email: [email protected]
ecrio.in - Email: [email protected]
ectuo.in - Email: [email protected]
edbal.in - Email: [email protected]
edban.in - Email: [email protected]
ederc.in - Email: [email protected]
ederm.in - Email: [email protected]
edger.in - Email: [email protected]
edimp.in - Email: [email protected]
edois.in - Email: [email protected]
elrio.in - Email: [email protected]
enguo.in - Email: [email protected]
eprio.in - Email: [email protected]
eqrio.in - Email: [email protected]
esrie.in - Email: [email protected]
fakey.in - Email: [email protected]
fegoo.in - Email: [email protected]
fibnv.in - Email: [email protected]
foryx.in - Email: [email protected]
franv.in - Email: [email protected]
fraos.in - Email: [email protected]
garie.in - Email: [email protected]
glouo.in - Email: [email protected]
guinv.in - Email: [email protected]
habsd.in - Email: [email protected]
hecuo.in - Email: [email protected]
hekey.in - Email: [email protected]
humos.in - Email: [email protected]
hygos.in - Email: [email protected]
hyrie.in - Email: [email protected]
imbos.in - Email: [email protected]
intsd.in - Email: [email protected]
ionnv.in - Email: [email protected]
jamsd.in - Email: [email protected]
jobos.in - Email: [email protected]
kykey.in - Email: [email protected]
latuo.in - Email: [email protected]
leunv.in - Email: [email protected]
linuo.in - Email: [email protected]
liuyx.in - Email: [email protected]
makey.in - Email: [email protected]
moosd.in - Email: [email protected]
naios.in - Email: [email protected]
nvenc.in - Email: [email protected]
oscog.in - Email: [email protected]
osenc.in - Email: [email protected]
oserr.in - Email: [email protected]
osmac.in - Email: [email protected]
osmot.in - Email: [email protected]
ospor.in - Email: [email protected]
ossce.in - Email: [email protected]
ossio.in - Email: [email protected]
ostab.in - Email: [email protected]
ostac.in - Email: [email protected]
ostio.in - Email: [email protected]
ostom.in - Email: [email protected]
ouned.in - Email: [email protected]
purnv.in - Email: [email protected]
pxdmx.in - Email: [email protected]
ragew.in - Email: [email protected]
rekey.in - Email: [email protected]
relsd.in - Email: [email protected]
retnv.in - Email: [email protected]
saled.in - Email: [email protected]
sated.in - Email: [email protected]
scoos.in - Email: [email protected]
sdali.in - Email: [email protected]
sdall.in - Email: [email protected]
sdayb.in - Email: [email protected]
sdaye.in - Email: [email protected]
sdayo.in - Email: [email protected]
sdene.in - Email: [email protected]
sdich.in - Email: [email protected]
sdome.in - Email: [email protected]
seedw.in - Email: [email protected]
shkey.in - Email: [email protected]
smoed.in - Email: [email protected]
soted.in - Email: [email protected]
spios.in - Email: [email protected]
spkey.in - Email: [email protected]
stteop.in - Email: [email protected]
sunyx.in - Email: [email protected]
sydos.in - Email: [email protected]
teaed.in - Email: [email protected]
thynv.in - Email: [email protected]
ugiyx.in - Email: [email protected]
uinei.in - Email: [email protected]
uinge.in - Email: [email protected]
uiren.in - Email: [email protected]
uirin.in - Email: [email protected]
uisap.in - Email: [email protected]
uisee.in - Email: [email protected]
uisma.in - Email: [email protected]
uitem.in - Email: [email protected]
uithi.in - Email: [email protected]
uityp.in - Email: [email protected]
uityr.in - Email: [email protected]
varyx.in - Email: [email protected]
veged.in - Email: [email protected]
wakey.in - Email: [email protected]
whasd.in - Email: [email protected]
wimed.in - Email: [email protected]
woonv.in - Email: [email protected]
yokey.in - Email: [email protected]
yxiac.in - Email: [email protected]
yxial.in - Email: [email protected]
yxiam.in - Email: [email protected]

Parked at/responding to 91.188.60.3 are:
0checkingyourtraffic.com - Email: [email protected]
10checkingyourtraffic.com - Email: [email protected]
20checkingyourtraffic.com - Email: [email protected]
30checkingyourtraffic.com - Email: [email protected]
40checkingyourtraffic.com - Email: [email protected]
50checkingyourtraffic.com - Email: [email protected]
60checkingyourtraffic.com - Email: [email protected]
70checkingyourtraffic.com - Email: [email protected]
80checkingyourtraffic.com - Email: [email protected]
90checkingyourtraffic.com - Email: [email protected]
av-scaner-onlinemachine.com - Email: [email protected]
easy-ns-server.org - Email: [email protected]
fast-scanerr-online.org - Email: [email protected]
fast-scanneronline.org - Email: [email protected]
fastscanner-online.org - Email: [email protected]
fastscannerr-online.org - Email: [email protected]
myantivirsplus.org - Email: [email protected]
my-antivirsplus.org - Email: [email protected]
my-antivirusplus.org - Email: [email protected]
my-antivirus-plus.org - Email: [email protected]
myprotectonline.org - Email: [email protected]
my-protectonline.org - Email: [email protected]
my-protect-online.org - Email: [email protected]
sysprotectonline.org - Email: [email protected]
sys-protectonline.org - Email: [email protected]
sys-protect-online.org - Email: [email protected]

Parked at/responding to 91.188.59.74 are:
allforil1i.com - Email: [email protected]
alltubeforfree.com - Email: [email protected]
allxtubevids.net - Email: [email protected]
downloadfreenow.in - Email: [email protected]
enteri1llisec.in - Email: [email protected]
freeanalsextubemovies.com - Email: [email protected]
freetube06.com - Email: [email protected]
freeviewgogo.com - Email: [email protected]
homeamateurclips.com - Email: [email protected]
hot4youxxx.in - Email: [email protected]
hotxtube.in - Email: [email protected]
hotxxxtubevideo.com
iil10oil0.com
ilio01ili1.com
illinoli1l.in - Email: [email protected]
porntube2000.com - Email: [email protected]
porntubefast.com - Email: [email protected]
porn-tube-video.com - Email: [email protected]
viewnowfast.com - Email: [email protected]
viewxxxfreegall.net - Email: [email protected]
viiistifor1.com
xhuilil1ii.com - Email: [email protected]
youvideoxxx.com - Email: [email protected]

Parked at/responding to 85.234.190.16 are:
appsd.in - Email: [email protected]
bikey.in - Email: [email protected]
fibnv.in - Email: [email protected]
franv.in - Email: [email protected]
guinv.in - Email: [email protected]
hekey.in - Email: [email protected]
intsd.in - Email: [email protected]
ionnv.in - Email: [email protected]
jamsd.in - Email: [email protected]
leunv.in - Email: [email protected]
nvenc.in - Email: [email protected]
pxdmx.in - Email: [email protected]
uinei.in - Email: [email protected]
uinge.in - Email: [email protected]
uiren.in - Email: [email protected]
uirin.in - Email: [email protected]
uisap.in - Email: [email protected]
uisee.in - Email: [email protected]
woonv.in - Email: [email protected]
yxiam.in - Email: [email protected]

Detection rates for the currently active malware samples, including the HOSTS file modifications on infected hosts, for the purposely of redirecting users to cybercrime-friendly search engines, monetized through traffic trading affiliate programs.

- 78490.jar - Result: 0/42 (0%)
File size: 209 bytes
MD5   : 64a19d9b7f0e81c7a5f6d63853a3ed49
SHA1 : 9f8f208c8cdb854cdc342d43a75a3d8672e87822

- ad3.exe - Result: 41/42 (97.62%)
File size: 2560 bytes
MD5...: 9362a3aee38102dde68211ccb63c3e07
SHA1..: 8758679540f48feba82d2b022b8d71756eb935e7

- a-fast.exe - Result: 36/42 (85.72%)
File size: 979968 bytes
MD5...: 69f3949141073679b77aa4d34e41a3e7
SHA1..: e074de46e4760eef522ab85737790058cc3f2fad

- dm.exe - Result: 37/42 (88.1%)
File size: 83968 bytes
MD5...: b658d9b812454e99b2915ab2e9594b94
SHA1..: 134bfb643ae2f161c99db14c448485e261e96c91

- iv.exe - Result: 8/42 (19.05%)
File size: 86016 bytes
MD5...: f94ed2f9d7a672fe3ff8bf077289b2d5
SHA1..: 2f78a296e1267ae1cf9ebd5c18de5b8d241c1306

- j2_t895.jar - Result: 0/42 (0%)
File size: 211 bytes
MD5...: 4b34618a0499a99e9c98e03aa79d53cf
SHA1..: d109babf78ec48ba8d7798bce784097ed26757db

- movie.exe - Result: 40/42 (95.24%)
File size: 64866 bytes
MD5...: 801f9fa958192b6714a5a4c2e2f92f07
SHA1..: 241bc9d7540d9d53cc1578e3d57c44be9931e418

- tst.exe - Result: 35/42 (83.34%)
File size: 356352 bytes
MD5...: b0ed4701af13f11089de850a1273d24f
SHA1..: 5e98000b60d0ca0b2adbd837feaf05f439f95c87

- wsc.exe - Result: 37/42 (88.1%)
File size: 24576 bytes
MD5...: 80427b754b11de653758dd5e1ba3de1c
SHA1..: 554e1331fdc050bd603f6f3628285008a91cba37
HOSTS file modification:
AS28753, NETDIRECT AS NETDIRECT Frankfurt, DE
89.149.210.109 www.google.com
89.149.210.109 www.google.de
89.149.210.109 www.google.fr
89.149.210.109 www.google.co.uk
89.149.210.109 www.google.com.br
89.149.210.109 www.google.it
89.149.210.109 www.google.es
89.149.210.109 www.google.co.jp
89.149.210.109 www.google.com.mx
89.149.210.109 www.google.ca
89.149.210.109 www.google.com.au
89.149.210.109 www.google.nl
89.149.210.109 www.google.co.za
89.149.210.109 www.google.be
89.149.210.109 www.google.gr
89.149.210.109 www.google.at
89.149.210.109 www.google.se
89.149.210.109 www.google.ch
89.149.210.109 www.google.pt
89.149.210.109 www.google.dk
89.149.210.109 www.google.fi
89.149.210.109 www.google.ie
89.149.210.109 www.google.no
89.149.210.109 search.yahoo.com
89.149.210.109 us.search.yahoo.com
89.149.210.109 uk.search.yahoo.com

- rc.exe - Result: 41/42 (97.62%)
File size: 2560 bytes
MD5...: 9362a3aee38102dde68211ccb63c3e07
SHA1..: 8758679540f48feba82d2b022b8d71756eb935e7
HOSTS file modification:
AS28753, NETDIRECT AS NETDIRECT Frankfurt, DE
89.149.249.196 www.google.com
89.149.249.196 www.google.de
89.149.249.196 www.google.fr
89.149.249.196 www.google.co.uk
89.149.249.196 www.google.com.br
89.149.249.196 www.google.it
89.149.249.196 www.google.es
89.149.249.196 www.google.co.jp
89.149.249.196 www.google.com.mx
89.149.249.196 www.google.ca
89.149.249.196 www.google.com.au
89.149.249.196 www.google.nl
89.149.249.196 www.google.co.za
89.149.249.196 www.google.be
89.149.249.196 www.google.gr
89.149.249.196 www.google.at
89.149.249.196 www.google.se
89.149.249.196 www.google.ch
89.149.249.196 www.google.pt
89.149.249.196 www.google.dk
89.149.249.196 www.google.fi
89.149.249.196 www.google.ie
89.149.249.196 www.google.no
89.149.249.196 www.google.co.in
89.149.249.196 search.yahoo.com
89.149.249.196 us.search.yahoo.com
89.149.249.196 uk.search.yahoo.com

- installer.0028.exe - Result: 9/42 (21.43%)
File size: 43735 bytes
MD5...: a6d7073b8b9bc0dc539605914c853da2
SHA1..: 1940b6a6b2f93b44633ef04eab900e0a9dc6fa64
HOSTS file modification:
AS28753, NETDIRECT AS NETDIRECT Frankfurt, DE
84.16.244.60 www.google.com
84.16.244.60 us.search.yahoo.com
84.16.244.60 uk.search.yahoo.com
84.16.244.60 search.yahoo.com
84.16.244.60 www.google.com.br
84.16.244.60 www.google.it
84.16.244.60 www.google.es
84.16.244.60 www.google.co.jp
84.16.244.60 www.google.com.mx
84.16.244.60 www.google.ca
84.16.244.60 www.google.com.au
84.16.244.60 www.google.nl
84.16.244.60 www.google.co.za
84.16.244.60 www.google.be
84.16.244.60 www.google.gr
84.16.244.60 www.google.at
84.16.244.60 www.google.se
84.16.244.60 www.google.ch
84.16.244.60 www.google.pt
84.16.244.60 www.google.dk
84.16.244.60 www.google.fi
84.16.244.60 www.google.ie
84.16.244.60 www.google.no
84.16.244.60 www.google.de
84.16.244.60 www.google.fr
84.16.244.60 www.google.co.uk
84.16.244.60 www.bing.com

- installer.0022.exe - Result: 9/42 (21.43%)
File size: 43731 bytes
MD5...: 62464b9e367a9edb06541a2a90931157
SHA1..: 425c859a883900ccf5cf7b8a6a5f6bc9279d763c
HOSTS file modification:
AS28753, NETDIRECT AS NETDIRECT Frankfurt, DE
84.16.244.15 www.google.com
84.16.244.15 us.search.yahoo.com
84.16.244.15 uk.search.yahoo.com
84.16.244.15 search.yahoo.com
84.16.244.15 www.google.com.br
84.16.244.15 www.google.it
84.16.244.15 www.google.es
84.16.244.15 www.google.co.jp
84.16.244.15 www.google.com.mx
84.16.244.15 www.google.ca
84.16.244.15 www.google.com.au
84.16.244.15 www.google.nl
84.16.244.15 www.google.co.za
84.16.244.15 www.google.be
84.16.244.15 www.google.gr
84.16.244.15 www.google.at
84.16.244.15 www.google.se
84.16.244.15 www.google.ch
84.16.244.15 www.google.pt
84.16.244.15 www.google.dk
84.16.244.15 www.google.fi
84.16.244.15 www.google.ie
84.16.244.15 www.google.no
84.16.244.15 www.google.de
84.16.244.15 www.google.fr
84.16.244.15 www.google.co.uk
84.16.244.15 www.bing.com

The payment gateway structure+related domains for the scareware campaigns:
- fast-payments.com/index.php?prodid=antus_02_01&afid= - 91.188.59.27 - Email: [email protected]
    - ns1.fastsecurebilling.com - 91.188.59.26 - Email: [email protected]
        - easypayments-online.com - 91.188.59.28 - Email: [email protected]
        - fast-payments.com - 91.188.59.27 - Email: [email protected]
        - billingonline.net - 91.188.59.29 - Email: [email protected]
        - billsolutions.net - 91.188.59.25

In respect to the IPs used in HOSTS file modification, one is of particular interest - 89.149.210.109, as it was first profiled in November, 2009's "Koobface Botnet's Scareware Business Model - Part Two" with MD5: 0fbf1a9f8e6e305138151440da58b4f1 modifying HOSTS file using the same IP, and also phoning back to the Koobface gang's 1.0 hardcore C&C - urodinam.net/8732489273.php

When it comes to cybercrime, there's no such thing as a coincidence. What's static is the interaction between the usual suspects, systematically switching hosting providers, introducing new domains, and conveniently denying their monetization tactics.

You wish.

Profiled AS6851, BKCNET/Sagade Ltd. activity:
GoDaddy's Mass WordPress Blogs Compromise Serving Scareware
Dissecting the Mass DreamHost Sites Compromise
Spamvertised iTunes Gift Certificates and CV Themed Malware Campaigns
Dissecting the 100,000+ Scareware Serving Fake YouTube Pages Campaign
Facebook Photo Album Themed Malware Campaign, Mass SQL Injection Attacks Courtesy of AS42560

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at [email protected]