Call For Data Samples - BTC Sextortion Scam E-mails

I’m working on a blog post after some Twitter interaction spurred me to dig a bit deeper into the recent scourge of my phishing offenders at dayjob; sextortion BTC scam e-mails. Y’know, the ones that look like the below example, do ye kennit?

I’ve got one volunteer from Twitter and a decent retweet I’m hoping garners additional submissions, but I’d love for the 0x00sec fam to get involved and share with me any of these e-mails they might have received or noticed within the realms of their delegation. I want to compile all the data into a single database and gather stats on top sending ASNs, wallet values over time, etc.

So, hit me up if you’ve got some samples to share. You can redact whatever you want. I am mainly interested in the BTC addresses, but sending IPs and e-mails would be appreciated, too.

Thanks!

1 Like

https://krebsonsecurity.com/2018/08/the-year-targeted-phishing-went-mainstream/

Thanks. I know it is something that has been covered, but I really want to do this for the community effort and experience. Plus, who knows how many new BTC addresses are added every day? I can add an additional set of IOCs to the Internet to be indexed by search engines. I have extremely small or zero readership of my blog, but I’ve still seen people use some of the data I post in their research. I’d rather get more data on threats out there… and maybe learn something in the process (database development, frontend development, data analysis, etc.)

Here’s the short version of the one I got:

  • From: “Per conto di: [email protected][email protected]
  • BTC Address: 1BARBfTXdwaRenZjcG8t2LAsbQm6abfw13
  • Received: from smtps.pec.aruba.it (smtpecsmallgo02.pec.aruba.it. [80.88.94.32])

Send me a DM if you want the full e-mail. I think my account is too new to send DMs?

1 Like

What’s the name of your blog, mate?.

I got your DM. Thanks for sharing!

Feel free to take a look here: https://www.presumptuouscommoner.com

I (we) encountered this infamous sextortion scam where I was working. I honestly wish I could remember some of those BTC addresses because there was some insane stuff discovered after only a little digging, following the trail, and some OSINT. Each email appeared to have a different address, but would send money to some extremely shady (understatement) accounts. I didn’t get too far into the rabbit hole, but, like I said, I wish I had some of those addresses.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.