Posted on 1 Comment

Want to know what private conversations between members of a sophisticated Russian cybergang look like. Well, here ya’ go.

image thumb7

It began on Sunday, February 27, 2022, when a new Twitter account, @ContiLeaks, began posting links to logs of internal chat messages been Conti members. Conti is a sophisticated and highly successful Russian-based ransomware gang. The leaks continued for days and are believed to be a reaction from one of the members to Russia’s invasion of Ukraine.

The chats are mostly mundane but focused analysis reveals much about Conti’s fairly organized structure. The cybergang has coders, testers, administrators, reverse engineers and pentesters/hackers. They have budgets, schedules, and even a semi-Human Resources department who interviews potential new hires. They are paid on the 1st and 15th of each month – in bitcoin. And they complain about how boring their jobs are.

Below are conversations from one of the leaked log files. They have been translated from Russian to English. The conversations are logged from July 2021 and are especially revealing – a rollcall is requested from a boss. I highlighted interesting snippets in red to save you from debilitating boredom.

Date: 2021-04-07T17:51:28.431Z
From: admin
Message: admin

Date: 2021-04-26T15:05:17.932Z
From: admin_NengohMahCh8
Message: admin_NengohMahCh8

Date: 2021-04-26T10:34:05.712Z
From: silver
Message: hello

Date: 2021-04-26T10:30:11.525Z
From: aries
Message: good afternoon everyone

Date: 2021-04-23T07:52:19.635Z

From: silver
Message: when will someone be here?

Date: 2021-04-21T12:48:32.131Z
From: admin
Message: hello

Date: 2021-04-21T12:48:11.247Z
From: silver
Message: hello

Date: 2021-04-21T12:41:12.197Z
From: admin
Message : :grin :

Date: 2021-04-21T12:41:01.802Z
From: frances
Message: I am Wol May Fuhrer

Date: 2021-04-21T12:40:39.521Z
From: admin
Message: I’ll write back as soon as I start, I’m waiting on Adam

Date: 2021-04-21T12:40:21.649Z
From: frances
Message: it was a workout)

Date: 2021-04-21T12:40:17.539Z
From: frances
Message : :grin :

Date: 2021-04-21T12:40:10.108Z
From: admin
Message: there is no one yet bro but us

Date: 2021-04-21T12:39:45.053Z
From: frances
Message: All new arrivals need to send me the following data in a personal message: Nickname, job responsibilities in brief, reserve jabber (on any public server ala jabber.ru xmpp.jp or analogues), nickname of your team leader, salary amount agreed on and the date of the last payment (if any).

I will issue you a PO. RFP we have 2 times a month, on the 1st and 15th of each month (+ – a couple of days)

Date: 2021-04-21T12:36:13.843Z
From: frances
Message: Peace to all locals :smile :

Date: 2021-04-21T12:06:19.151Z
From: silver
Message: silver

Date: 2021-04-21T12:05:33.643Z
From: frances
Message: frances

Date: 2021-04-21T13:40:49.874Z
From: john
Message: adam

Date: 2021-05-26T13:55:49.917Z
From: admin
Message: hello

Date: 2021-05-26T13:38:50.133Z
From: fish
Message: hello everyone

Date: 2021-05-26T13:33:30.307Z
From: fish
Message: fish

Date: 2021-05-24T12:49:16.539Z
From: silver
Message: hello

Date: 2021-05-24T12:48:49.211Z
From: biggie
Message: hello everyone

Date: 2021-05-24T08:26:45.592Z
From: biggie
Message: biggie

Date: 2021-05-21T14:37:01.222Z
From: admin
Message: @bones check if it works

Date: 2021-05-21T14:35:40.163Z
From: silver
Message: try to log out for now, flush the cache, change the torus node

Date: 2021-05-21T14:34:40.999Z
From: silver
Message: call admin

Date: 2021-05-21T14:34:38.116Z
From: silver
Message: then wait

Date: 2021-05-21T14:33:56.914Z
From: silver
Message: what about now?

Date: 2021-05-21T14:33:43.220Z
From: silver
Message: minute

Date: 2021-05-21T14:31:51.672Z
From: silver
Message: @bones do you see my messages?

Date: 2021-05-21T10:09:44.161Z
From: silver
Message: I wrote there in PM

Date: 2021-05-21T10:09:27.175Z
From: silver
Message: hello

Date: 2021-05-21T09:59:51.665Z
From: silver
Message: hello

Date: 2021-05-21T09:59:11.664Z
From: aries
Message: e

Date: 2021-05-21T09:59:08.742Z
From: aries
Message: was in another city

Date: 2021-05-21T09:58:53.001Z
From: aries
Message: I’m here

Date: 2021-05-20T11:27:39.234Z
From: silver
Message: this is for me

Date: 2021-05-20T11:27:37.804Z
From: silver
Message: hello

Date: 2021-05-20T08:52:55.024Z
From: silver
Message: give me half an hour )

Date: 2021-05-20T08:52:46.364Z
From: silver
Message: hello

Date: 2021-05-20T08:51:00.866Z
From: shark
Message: Hello everyone

Date: 2021-05-20T07:51:31.139Z
From: silver
Message: hello

Date: 2021-05-19T12:46:58.024Z
From: silver
Message: roll call, answer who is online

Date: 2021-05-19T12:46:53.488Z
From: silver
Message: hello everyone

Date: 2021-05-19T12:20:56.118Z
From: major
Message: major

Date: 2021-05-19T12:19:37.198Z
From: shark
Message: shark

Date: 2021-05-19T12:16:12.241Z
From: spuds
Message: spuds

Date: 2021-05-26T09:19:57.323Z
From: silver
Message: hello

Date: 2021-05-25T08:54:41.781Z
From: silver
Message: hello

Date: 2021-05-24T13:19:56.705Z
From: biggie
Message: deleted

Date: 2021-05-24T13:16:44.121Z
From: silver
Message: yes

Date: 2021-05-24T13:16:39.875Z
From: biggie
Message: 2 delete link?

Date: 2021-05-24T13:14:43.666Z
From: silver
Message:
5?P8 c}_ p=xg%!6}jku
Download: https://qaz.im/load/Ye2fFZ/6A7SbK
Delete: https://qaz.im/index.php?a=delete&q=1735474595

Date: 2021-05-24T13:08:15.603Z
From: silver
Message: and some manuals

Date: 2021-05-24T13:08:07.984Z
From: silver
Message: I’ll send you the terms of reference for the project for now

Date: 2021-05-24T13:07:23.517Z
From: silver
Message: then I will take you to the next chat, because all communication on the project there

Date: 2021-05-24T13:07:13.525Z
From: silver
message: good

Date: 2021-05-24T13:07:09.854Z
From: biggie
Message: ok i’m ready

Date: 2021-05-24T13:06:50.833Z
From: silver
Message: something like this)

Date: 2021-05-24T13:06:48.262Z
From: silver
Message: there is no such obligation, but you need to hand in the work on time, be adequate and be in touch

Date: 2021-05-24T13:06:12.962Z
From: silver
Message: working day from 9 to 18 Moscow time, you can +- start-end

Date: 2021-05-24T13:05:42.564Z
From: silver
Message: zp black, transfer to a card or bitcoins (then you change it yourself)

Date: 2021-05-24T13:05:26.213Z
From: silver
Message: everything here is anonymous, the main direction of the company is software for pentesters

Date: 2021-05-24T13:04:57.152Z
From: silver
Message: the test task will be paid within a week (if not already paid), but most likely it will be within the next couple of days

Date: 2021-05-24T13:04:42.174Z
From: silver
Message: now about something else

Date: 2021-05-24T13:04:33.608Z
From: biggie
Message: understood, xs pull or not, but ready to try

Date: 2021-05-24T13:03:50.356Z
From: silver
Message: lower than TCP/UDP/ICMP

Date: 2021-05-24T13:03:44.540Z
From: silver
Message: so the answer to your question is that it works at the IP level

Date: 2021-05-24T13:03:06.233Z
From: silver
Message: on our and on the far end, commands are only given to start vpn tunnels. But to correctly form the parameters for the configs of these tunnels, connect the correct clients to the correct far ends (after all, there may be 100500 of them) – this is all the task of the bridge. Bridge is the coordinator

Date: 2021-05-24T13:02:07.817Z
From: silver
Message: all the magic on the bridge is its routing rules, iptables

Date: 2021-05-24T13:01:57.836Z
From: silver
Message: from our side, a vpn-tunnel is also rising to the bridge

Date: 2021-05-24T13:01:50.318Z
From: silver
Message: 3) that end. To which we cling vpn-ohm. An agent is working on it, raising the vpn tunnel to the bridge

Date: 2021-05-24T13:01:19.609Z
From: silver
Message: 2) bridge. We have Linux on the bridge, and a bunch of iptables / scripts / local storage

Date: 2021-05-24T13:01:01.890Z
From: silver
Message: 1) this is our client end, and on it we take the most common openvpn

Date: 2021-05-24T13:00:39.296Z
From: silver
Message: the system consists of three parts

Date: 2021-05-24T13:00:26.034Z
From: silver
Message: there’s juice in raw packet routing, regardless of layer 3 protocol

Date: 2021-05-24T13:00:10.974Z
From: silver
Message: no

Date: 2021-05-24T12:59:56.792Z
From: biggie
Message: does it all work over udp?

Date: 2021-05-24T12:58:57.187Z
From: silver
Message: pull?

Date: 2021-05-24T12:58:52.402Z
From: biggie
Message: yes

Date: 2021-05-24T12:58:45.343Z
From: silver
Message: Interested in this kind of work?

Date: 2021-05-24T12:58:21.380Z
From: silver
Message: ping her

Date: 2021-05-24T12:58:17.146Z
From: silver
Message: open her shares online

Date: 2021-05-24T12:58:10.771Z
From: silver
Message: you can not cling to the desktop of a remote machine at all, but see its entire network as your local

Date: 2021-05-24T12:57:41.693Z
From: silver
Message: if you carefully examine the teamviewer, then there is one very important and convenient thing called “vpn-tunnel”

Date: 2021-05-24T12:57:19.324Z
From: silver
Message: idea – completely ripped off vpn functionality in teamviewer

Date: 2021-05-24T12:57:00.752Z
From: silver
Message: this is a network vpn bridge

Date: 2021-05-24T12:56:55.954Z
From: silver
Message: the essence of the project is as follows

Date: 2021-05-24T12:56:50.670Z
From: silver
Message: all you need to do is understand it and pick it up for support

Date: 2021-05-24T12:56:37.044Z
From: silver
Message: the project is fully written, but the developer got depressed and dropped out of the workflow

Date: 2021-05-24T12:56:14.968Z
From: silver
Message: and it looks like your software

Date: 2021-05-24T12:56:09.709Z
From: biggie
Message: ok

Date: 2021-05-24T12:56:04.821Z
From: silver
Message: there is now one very specific task

Date: 2021-05-24T12:55:47.606Z
From: silver
Message: on Linux – there are options to use libraries, but not on Windows

Date: 2021-05-24T12:55:34.494Z
From: silver
Message: mostly raw variants, as close to vinapi as possible

Date: 2021-05-24T12:55:22.209Z
From: silver
Message: we will not have 100% ASIO boost

Date: 2021-05-24T12:54:57.543Z
From: biggie
Message: worked with ASIO boost, winepi sockets and streams

Date: 2021-05-24T12:54:05.849Z
From: silver
Message: I’ll give you a hint for now – how are you with networking / multithreading / understanding packet routing / iptables ?

Date: 2021-05-24T12:53:50.023Z
From: biggie
Message: https://github.com/nikola131189/rdsvc

Date: 2021-05-24T12:53:13.894Z
From: silver
Message: come on

Date: 2021-05-24T12:53:07.195Z
From: biggie
Message: drop git?

Date: 2021-05-24T12:53:06.455Z
From: silver
Message: vnc

Date: 2021-05-24T12:52:55.603Z
From: biggie
Message: the latest program like teamviewer

Date: 2021-05-24T12:52:42.986Z
From: biggie
Message: not myself

Date: 2021-05-24T12:52:24.078Z
From: silver
Message: for sale?

Date: 2021-05-24T12:52:17.924Z
From: biggie
Message: well, I myself write programs on the pluses

Date: 2021-05-24T12:51:44.986Z
From: silver
Message: which one is there?

Date: 2021-05-24T12:51:39.293Z
From: biggie
Message: I have no commercial development experience

Date: 2021-05-24T12:51:34.585Z
From: silver
Message: what technology attracts you, what you like/dislike about programming/work in general
what are your strengths?
in free format

Date: 2021-05-24T12:50:59.810Z
From: silver
Message: I also looked at the summary, concisely)

Date: 2021-05-24T12:50:31.296Z
From: silver
Message: tz looked good

Date: 2021-05-24T12:50:22.241Z
From: biggie
Message: come on

Date: 2021-05-24T12:50:13.255Z
From: silver
Message: let’s talk?

Date: 2021-05-24T12:49:59.625Z
From: biggie
Message: yes

Date: 2021-05-24T12:49:44.825Z
From: silver
Message: Are messages visible?

Date: 2021-05-24T12:49:24.312Z
From: silver
Message: hello

Date: 2021-05-24T14:19:45.374Z
From: admin
Message: ok

Date: 2021-05-24T14:19:21.213Z
From: biggie
Message: logged in

Date: 2021-05-24T14:04:34.551Z
From: biggie
Message: I’ll try to update tor

Date: 2021-05-24T14:04:25.269Z
From: admin
Message: right now I’m logged in under your nickname

Date: 2021-05-24T14:03:28.710Z
From: admin
Message: mean?

Date: 2021-05-24T14:03:08.367Z
From: admin
Message: should go in, I went through it right now

Date: 2021-05-24T14:03:07.770Z
From: biggie
Message: if I create a new personality, will it be thrown out of the chat?

Date: 2021-05-24T14:02:30.623Z
From: biggie
Message: I’m sitting right there through the tor

Date: 2021-05-24T14:02:18.206Z
From: biggie
Message: yes

Date: 2021-05-24T14:02:11.520Z
From: admin
Message: strange, are you accessing through the tor browser?

Date: 2021-05-24T14:01:23.128Z
From: admin
Message: does it come into teas?

Date: 2021-05-24T14:01:22.374Z
From: biggie
Message: at https://xflemdsxjrjilw34dsxpvrxp5whnaut7hc5xejwuqs6eqrkt77bxkwid.onion/

Date: 2021-05-24T14:01:20.421Z
From: biggie
Message: no

Date: 2021-05-24T14:01:00.114Z
From: admin
Message: what is this for privatty ?

Date: 2021-05-24T14:00:42.812Z
From: biggie
Message: The connection was reset writes

Date: 2021-05-24T14:00:20.684Z
From: biggie
Message: does not pass

Date: 2021-05-24T14:00:04.296Z
From: admin
Message: second pass

Date: 2021-05-24T13:59:59.046Z
From: admin
Message: top link to chat

Date: 2021-05-24T13:59:08.343Z
From: admin
Message: https://privatty.com/en/n/yrvZV2KcAf#yCmlga57I

Date: 2021-05-24T13:58:38.175Z
From: admin
Message: https://xflemdsxjrjilw34dsxpvrxp5whnaut7hc5xejwuqs6eqrkt77bxkwid.onion

Date: 2021-05-24T13:58:00.693Z
From: admin
Message: sec

Date: 2021-05-24T13:57:53.279Z
From: biggie
Message: Can’t access the link

Date: 2021-05-24T13:55:26.375Z
From: admin
Message: same nickname

Date: 2021-05-24T13:55:23.091Z
From: admin
Message: https://qaz.im/zaq/rD6ddf58#anSF7H8n
https://qaz.im/zaq/74AQKb5R#RdfS6ZYs

Date: 2021-05-24T13:55:10.240Z
From: admin
Message: keep from second chat creds

Date: 2021-05-24T13:54:44.033Z
From: biggie
Message: hello

Date: 2021-05-24T13:54:26.950Z
From: admin
Message: bro hello

Date: 2021-06-03T07:50:49.489Z
From: silver
Message: hello

Date: 2021-06-02T13:29:55.242Z
From: dash
Message: dash

Date: 2021-05-31T08:02:05.738Z
From: frances
Message: hello to everyone who did not receive the salary, but should already receive it – unsubscribe in PM

Date: 2021-06-15T13:25:21.778Z
From: frances
Message: Hello everyone! You can send a wallet and an amount in BTC for payment in PM 🙂

Date: 2021-06-14T05:07:27.886Z
From: frances
Message: and your responsibilities (coder, project admin, etc. in short)

Date: 2021-06-14T05:06:34.239Z
From: frances
Message: Hello everyone! Guys, today\tomorrow RFP, so who recently got a job – send in a personal date with which you work, an external backup jabber and who is your team leader. Whom I don’t add to the lists, they won’t receive a salary 🙂 Happy Monday everyone 🙂

Date: 2021-06-10T13:22:21.774Z
From: doc
Message: doc

Date: 2021-06-08T16:22:04.776Z
From: fox
Message: fox

Date: 2021-06-08T15:09:42.645Z
From: brick
Message: brick

Date: 2021-06-22T10:36:35.553Z
From: silver
Message: This is pyro

Date: 2021-06-22T10:36:31.660Z
From: silver
Message: hello

Date: 2021-06-22T10:35:29.092Z
From: frances
Message: who has recently connected – write in a personal..

Date: 2021-06-22T10:35:17.858Z
From: frances
Message: hello everyone!

Date: 2021-06-21T13:52:15.892Z
From: pyro
Message: stout, hello.

Date: 2021-06-21T13:42:10.233Z
From: stout
Message: Hello @pyro

Date: 2021-06-21T13:14:46.447Z
From: pyro
Message: hello

Date: 2021-06-21T12:55:14.290Z
From: pyro
Message: pyro

Date: 2021-06-16T09:29:51.714Z
From: stout
Message: stout

Date: 2021-07-05T16:50:51.026Z
From: stout
Message: Attention everyone, just a reminder. For direct communication in a private chat (in PM), you need to enable OTR at the beginning of the dialogue (three dots on the top right -> OTR -> Start OTR). After reconnects, it is worth updating refresh keys. It may not immediately work smoothly, get it to work)

Date: 2021-07-05T12:01:38.363Z
From: cobra
Message: cobra

Date: 2021-07-05T11:59:21.925Z
From: Quentin
Message: Quentin

Date: 2021-07-02T10:54:40.814Z
From: silver
Message: there are none

Date: 2021-07-02T10:48:39.646Z
From: frances
Message: Guys, everyone who joined this week – write me a PM!

Date: 2021-07-01T16:16:28.241Z
From: frances
Message: to all recently joined – send a PM, let’s get to know each other

Date: 2021-07-01T16:16:05.723Z
From: frances
Message: Hello everyone, send wallets in PM for RFP and amount in BTC

Date: 2021-07-01T12:47:32.996Z
From: gibby
Message: gibby

Date: 2021-06-30T12:05:02.958Z
From:oxy
Message: oxy

Date: 2021-06-30T12:04:23.000Z
From: skippy
Message: skippy

Date: 2021-06-30T12:03:28.083Z
From: blade
Message: blade

Date: 2021-06-28T11:48:05.635Z
From: frances
Message: Hello everyone! Guys who have recently got a job – send in a personal date with which you work, an external backup jabber and who is your team leader,
and your responsibilities (coder, project admin, etc. in short)

Date: 2021-06-28T11:36:01.349Z
From: little
Message: little

Date: 2021-07-15T11:38:01.709Z
From: stout
Message: Recorded myself, thanks

Date: 2021-07-14T12:27:50.813Z
From: stout
Message: Somehow, apparently, Biden didn’t think of just demanding before)

Date: 2021-07-14T12:25:58.963Z
From: fish
Message: scary things are happening

Date: 2021-07-14T12:25:31.162Z
From: fish
Message:
REvil ransomware hackers linked to Russia suddenly disappeared from the darknet Shortly before this, Biden demanded that Putin stop the activities of such groups

Date: 2021-07-14T04:59:00.962Z
From: frances
Message: guys who have recently connected – send me the following data in private messages, this is necessary for the RFP
Your backup jabber on a public server (exploit.im for example) Who is your team leader, the date from which you work, and what salary agreed with the team leader
and actually your skills / responsibilities

Date: 2021-07-14T04:58:44.019Z
From: frances
Message: Hey!

Date: 2021-07-13T20:54:56.934Z
From: dash
Message: Hi)

Date: 2021-07-13T19:34:45.126Z
From: austin
Message: Hello everyone

Date: 2021-07-13T19:12:50.868Z
From: frances
Message: @all guys who recently connected – send me the following data in private messages, this is needed for the RFP
Your backup jabber on a public server (exploit.im for example) Who is your team leader, the date from which you work, and what salary agreed with the team leader
and actually your skills / responsibilities

Date: 2021-07-13T16:34:49.787Z
From: stout
Message: It’s hot today…

Date: 2021-07-13T16:27:12.688Z
From: austin
Message: austin

Date: 2021-07-12T10:18:59.887Z
From: frances
Message: guys who have recently connected – send me the following data in private messages, this is necessary for the RFP
Your backup jabber on a public server (exploit.im for example) Who is your team leader, the date from which you work, and what salary agreed with the team leader
and actually your skills / responsibilities

Date: 2021-07-12T10:18:54.580Z
From: frances
Message: @all

Date: 2021-07-12T10:18:37.920Z
From: frances
Message: Hello!

Date: 2021-07-12T09:24:54.583Z
From: jade
Message: jade

Date: 2021-07-12T08:23:09.470Z
From: frances
Message: and actually your skills / responsibilities

Date: 2021-07-12T08:22:56.352Z
From: frances
Message: Your backup jabber on the public server (exploit.im for example) Who is your team leader, the date from which you work, and what salary agreed with the team leader

Date: 2021-07-12T08:22:39.974Z
From: fuzz
Message: fuzz

Date: 2021-07-12T08:21:34.448Z
From: frances
Message: guys who have recently connected – send me the following data in private messages, this is necessary for the RFP

Date: 2021-07-12T08:21:14.352Z
From: frances
Message: hello everyone!

Date: 2021-07-09T09:32:25.534Z
From: admin
Message: I’ll give access to another toad right now

Date: 2021-07-09T09:31:58.481Z
From: admin
Message: if that reserve toad I have bormental@31337.life
if suddenly there is no access here, knock on this toad

Date: 2021-07-09T09:29:58.994Z
From: silver
Message: in case the old server is no longer available, and the new one is not yet available

Date: 2021-07-09T09:29:46.302Z
From: silver
Message: everyone – exchange backup contacts with admin and stout

Date: 2021-07-09T09:28:49.141Z
From: admin
Message: the guys don’t want to move the server to v3 yet, I’m working on it

Date: 2021-07-09T08:50:02.203Z
From: silver
Message: I will appear occasionally

Date: 2021-07-09T08:49:58.004Z
From: silver
Message: your senior @stout for all questions to them

Date: 2021-07-09T08:49:51.361Z
From: silver
Message: I’m on vacation for 2 weeks from Mon

Date: 2021-07-09T08:49:46.335Z
From: silver
Message: Another announcement

Date: 2021-07-09T08:43:47.748Z
From: pyro
Message: Hello.

Date: 2021-07-09T08:43:32.894Z
From: pyro
Message: Understood.

Date: 2021-07-09T08:18:10.600Z
From: silver
Message: @admin will make an announcement

Date: 2021-07-09T08:11:45.152Z
From: silver
Message: site address will be changed soon

Date: 2021-07-09T08:11:35.028Z
From: silver
Message: hello @all

Date: 2021-07-08T07:59:11.423Z
From: pyro
Message: I saw it too – tor browser was updated in the morning.

Date: 2021-07-08T07:58:12.384Z
From: stout
Message: We are already working on this, the address will be updated soon, I have it under control

Date: 2021-07-08T07:57:35.797Z
From: fish
Message: Version 2 Onion Sites will be deprecated soon

This onion site will not be reachable soon. Please contact the site administrator and encourage them to upgrade.

Tor is ending its support for version 2 onion services beginning in July 2021, and this onion site will no longer be reachable at this address. If you are the site administrator, upgrade to a version 3 onion service soon.

Date: 2021-07-08T07:48:28.454Z
From: stout
Message: hello

Date: 2021-07-08T07:45:14.987Z
From: silver
Message: hello

Date: 2021-07-08T07:45:01.111Z
From: pyro
Message: Hello

Date: 2021-07-08T06:51:23.176Z
From: dash
Message: Hello

Date: 2021-07-07T22:09:20.479Z
From: frances
Message: Hello!

Date: 2021-07-07T18:55:54.164Z
From: rags
Message: hello everyone

Date: 2021-07-07T18:22:30.638Z
From: rags
Message: rags

Date: 2021-07-23T16:57:46.618Z
From: dash
Message: Hello

Date: 2021-07-23T16:23:26.468Z
From: stout
Message: Hello

Date: 2021-07-23T16:22:45.312Z
From: zanzi
Message: hello everyone

Date: 2021-07-23T12:40:58.212Z
From: zanzi
Message: zanzi

Date: 2021-07-22T14:26:15.950Z
From: stout
Message: @gibby , give the admin a gill

Date: 2021-07-22T07:26:29.125Z
From: admin
Message: Those who sent before – duplicate again.
@ all

Date: 2021-07-22T07:25:29.018Z
From: admin
Message: @all Greetings. Write to me in a personal your backup toads. As soon as possible

Date: 2021-07-19T11:51:27.482Z
From: mark
Message: Hello

Date: 2021-07-19T11:43:01.116Z
From: frances
Message: Hello everyone! send the wallet and the amount in btc to the salary in the pm!

Date: 2021-07-19T11:38:24.804Z
From: mark
Message: mark

Date: 2021-07-16T17:11:27.286Z
From: dash
Message: Hi) thanks for writing)

Date: 2021-07-17T09:02:19.124Z
From: frances
Message: @all Brothers due to technical reasons RFP is transferred to PND. Please do not boil, in PND everything will be reinforced concrete, the BTC is frozen, and maybe the weekend is ahead – most likely we are transferring to PND. If something happens sooner, I’ll let you know right away. If it comes today tomorrow – I’ll be in touch all weekend! We do not boil!

Date: 2021-08-04T08:58:16.405Z
From: admin
Message: @austin

Date: 2021-07-27T08:19:50.603Z
From: frances
Message: Hello everyone! Who recently joined – unsubscribe in PM.

The day the leak occurred, there was a skirmish in the group.

{
“ts”: “2022-02-27T09:07:30.628614”,
“from”: “grant@q3mcco35auwcstmt.onion”,
“to”: “derek@q3mcco35auwcstmt.onion”,
“body”: “ping”
}
{
“ts”: “2022-02-27T17:11:13.927775”,
“from”: “admin@q3mcco35auwcstmt.onion”,
“to”: “zevs@q3mcco35auwcstmt.onion”,
“body”: “ping”
}
{
“ts”: “2022-02-27T18:29:32.446454”,
“from”: “zevs@q3mcco35auwcstmt.onion”,
“to”: “admin@q3mcco35auwcstmt.onion”,
“body”: “ku{backslash}{backslash}{backslash}”
}
{
“ts”: “2022-02-27T18:29:34.064477”,
“from”: “zevs@q3mcco35auwcstmt.onion”,
“to”: “admin@q3mcco35auwcstmt.onion”,
“body”: “yes”
}
{
“ts”: “2022-02-27T18:30:15.913998”,
“from”: “admin@q3mcco35auwcstmt.onion”,
“to”: “zevs@q3mcco35auwcstmt.onion”,
“body”: “ash”
}
{
“ts”: “2022-02-27T18:30:16.760096”,
“from”: “zevs@q3mcco35auwcstmt.onion”,
“to”: “admin@q3mcco35auwcstmt.onion”,
“body”: “ku”
}
{
“ts”: “2022-02-27T18:30:18.618992”,
“from”: “admin@q3mcco35auwcstmt.onion”,
“to”: “zevs@q3mcco35auwcstmt.onion”,
“body”: “you’re not leaving yet”
}
{
“ts”: “2022-02-27T18:30:21.310664”,
“from”: “admin@q3mcco35auwcstmt.onion”,
“to”: “zevs@q3mcco35auwcstmt.onion”,
“body”: “on the phone”
}
{
“ts”: “2022-02-27T18:31:19.047207”,
“from”: “zevs@q3mcco35auwcstmt.onion”,
“to”: “admin@q3mcco35auwcstmt.onion”,
“body”: “I’ll give you a cart.”
}
{
“ts”: “2022-02-27T19:12:11.513107”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “trampych, three companies are scheduled for publication tomorrow: UMC, BeaulieuCanada and Shapiro”
}
{
“ts”: “2022-02-27T19:12:48.908123”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “by the way, when’s the paycheck coming? I think they paid something already.”
}
{
“ts”: “2022-02-27T19:14:44.713606”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “soon”
}
{
“ts”: “2022-02-27T19:17:29.235966”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “BUHCK and LP also tomorrow. All 5 companies will be published at 2am our time.”
}
{
“ts”: “2022-02-27T19:18:27.466657”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “and in case you forgot – Gruop Angelino will be published today in 5 hours!!!!!”
}
{
“ts”: “2022-02-27T19:18:51.754092”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “https://www.angelantoni.com – here’s their website”
}
{
“ts”: “2022-02-27T19:19:15.998761”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “yes I know that”
}
{
“ts”: “2022-02-27T19:19:18.887181”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “all this I’m watching”
}
{
“ts”: “2022-02-27T19:19:26.681557”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “I’m only interested in one company so far.”
}
{
“ts”: “2022-02-27T19:19:31.984438”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “which one?”
}
{
“ts”: “2022-02-27T19:19:42.336785”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “ACSNET”
}
{
“ts”: “2022-02-27T19:19:45.870724”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “say I’ll take her under special control”
}
{
“ts”: “2022-02-27T19:20:03.205297”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “well, there she is angelantoni”
}
{
“ts”: “2022-02-27T19:20:20.162354”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “in 5 hours.”
}
{
“ts”: “2022-02-27T19:20:42.577561”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “here’s my cat: bc1qq6mq20rx2h7u77hp5azyqn9qrr2009quqvdld3”
}
{
“ts”: “2022-02-27T19:20:49.966714”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “when you have time, translate please.”
}
{
“ts”: “2022-02-27T19:21:35.451034”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “ok”
}
{
“ts”: “2022-02-27T20:43:12.359268”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “9e7267dd89a3082626db8f4e9f4045c61144aa9ff8029d4ce38697423b97ffbf”
}
{
“ts”: “2022-02-27T20:43:40.395140”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “well not the whole amount”
}
{
“ts”: “2022-02-27T20:43:49.977365”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “half only”
}
{
“ts”: “2022-02-27T20:44:15.121061”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “tramp, I thought you were an honest man”
}
{
“ts”: “2022-02-27T20:44:25.124874”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”:”-0.746645″
}
{
“ts”: “2022-02-27T20:44:30.724788”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “for what?”
}
{
“ts”: “2022-02-27T20:44:34.704619”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “yes, but no more 1%”
}
{
“ts”: “2022-02-27T20:44:45.976567”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “will be 0.5 for blogs”
}
{
“ts”: “2022-02-27T20:44:55.434197”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “but not if it doesn’t, let’s go with new companies then.”
}
{
“ts”: “2022-02-27T20:44:56.936205”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “tramp, I thought you were an honest man – what is this ?”
}
{
“ts”: “2022-02-27T20:44:58.986812”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “and these I drove.”
}
{
“ts”: “2022-02-27T20:45:08.085540”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “together with you”
}
{
“ts”: “2022-02-27T20:45:29.282203”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “no, I don’t like the way you entered.”
}
{
“ts”: “2022-02-27T20:45:36.982894”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “therefore I have made this decision.”
}
{
“ts”: “2022-02-27T20:45:44.048720”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “want to discuss this?”
}
{
“ts”: “2022-02-27T20:46:08.770452”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “you’re wrong tramp. you threw me out just before you paid these two companies”
}
{
“ts”: “2022-02-27T20:46:26.321427”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “and in the last one it was me who negotiated the amount of 4,850.”
}
{
“ts”: “2022-02-27T20:46:29.669593”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “you’ve learned how to blog properly, so keep doing it.”
}
{
“ts”: “2022-02-27T20:46:52.936427”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “be honest trump. at least pay extra for this company last”
}
{
“ts”: “2022-02-27T20:47:02.914527”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “and then we’ll work for 0.5”
}
{
“ts”: “2022-02-27T20:47:10.130398”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “and in the last one it was me who negotiated the amount of 4850 – well who asked you to give them such discounts ? they would have taken more from them”
}
{
“ts”: “2022-02-27T20:47:24.298844”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “you put up x3”
}
{
“ts”: “2022-02-27T20:47:29.940375”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “that was 5kk”
}
{
“ts”: “2022-02-27T20:47:36.343351”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “I dropped 150k”
}
{
“ts”: “2022-02-27T20:47:42.041706”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “as you and I decided”
}
{
“ts”: “2022-02-27T20:47:48.906189”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “friend stop now”
}
{
“ts”: “2022-02-27T20:47:56.597389”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “or stop all work now”
}
{
“ts”: “2022-02-27T20:48:08.180545”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “I can do my own blogs.”
}
{
“ts”: “2022-02-27T20:48:18.300051”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “you messed up there a couple of times so I decided 0.5”
}
{
“ts”: “2022-02-27T20:48:23.815959”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “this is not negotiable”
}
{
“ts”: “2022-02-27T20:48:45.297958”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “in general, one more word and it’s over. better not continue.”
}
{
“ts”: “2022-02-27T20:48:58.717948”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “cybergangster@q3mcco35auwcstmt.onion”,
“body”: “hello”
}
{
“ts”: “2022-02-27T20:49:03.880562”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “cybergangster@q3mcco35auwcstmt.onion”,
“body”: “here?”
}
{
“ts”: “2022-02-27T20:52:25.397151”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “cybergangster@q3mcco35auwcstmt.onion”,
“body”: “you once said you have a lot of teams working for you. do they have a need for people, operator or blogs to do?”
}
{
“ts”: “2022-02-27T20:54:50.722731”,
“from”: “tramp@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “a39395a368e87783498cccfd9460ecca6ed39f2d376b2af63a0b50a8b23c8a24”
}
{
“ts”: “2022-02-27T20:58:10.582105”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “cybergangster@q3mcco35auwcstmt.onion”,
“body”: “Trump and I parted ways, if you’re interested you can read the correspondence, there’s not much here.”
}
{
“ts”: “2022-02-27T20:58:27.165756”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “cybergangster@q3mcco35auwcstmt.onion”,
“body”: “[23:43:40] well not the whole amount {backslash}n[23:43:49] half only {backslash}n[23:44:15] tramp, I thought you were an honest man {backslash}n[23:44:25] -0.746645 {backslash}n[23:44:30] for what? {backslash}n[23:44:35] yes, but no more 1% {backslash}n[23:44:46] will be 0.5 for blogs {backslash}n[23:44:55] but not if not, then come from new companies {backslash}n[23:44:57] tramp, I thought you were an honest man – is that ? {backslash}n[23:44:58] and these are the ones I drove {backslash}n[23:45:07] with you {backslash}n[23:45:30] no, the way you entered I don’t like {backslash}n[23:45:37] so I made this decision {backslash}n[23:45:44] you want to discuss it? {backslash}n[23:46:08] you’re wrong tramp. you threw me out just before I paid for these two companies {backslash}n[23:46:26] and I was the one who negotiated the 4,850 {backslash}n[23:46:30] you learned how to blog properly so keep doing it {backslash}n[23:46:52] be honest tramp. pay at least for this last company {backslash}n[23:47:02] and then we’ll work for 0.5 {backslash}n[23:47:10] and in the last one I negotiated for 4850 – well who asked you to give them such discounts? they would have charged more {backslash}n[23:47:24] you put up x3 {backslash}n[23:47:29] it was 5k {backslash}n[23:47:35] I discounted 150k {backslash}n[23:47:41] like you and I decided {backslash}n[23:47:49] friend stop now {backslash}n[23: 47:57] or stop all work now {backslash}n[23:48:08] I can do the blogs myself {backslash}n[23:48:19] you messed up there a couple times so I decided 0. 5 {backslash}n[23:48:24] it’s not negotiable {backslash}n[23:48:46] anyway one more word and it’s all over. better not continue{backslash}the same amount {backslash}n[23:55:08] a39395a368e87783498ccfd9460ecca6ed39f2d376b2af63a0b50a8b23c8a24 {backslash}n[23:55:18] why? {backslash}n[23:55:23] 1% {backslash}n[23:55:29] expense after that {backslash}n[23:55:42] as you soot {backslash}n[23:55:56] that’s the end of the job.”
}
{
“ts”: “2022-02-27T21:00:10.967953”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “cybergangster@q3mcco35auwcstmt.onion”,
“body”: “well, you get the point. i’d appreciate it if you’d put me on another team. thank you.”
}
{
“ts”: “2022-02-27T21:04:22.889245”,
“from”: “cybergangster@q3mcco35auwcstmt.onion”,
“to”: “pumba@q3mcco35auwcstmt.onion”,
“body”: “hello”
}
{
“ts”: “2022-02-27T21:05:47.782989”,
“from”: “pumba@q3mcco35auwcstmt.onion”,
“to”: “cybergangster@q3mcco35auwcstmt.onion”,
“body”: “hello”
}
{
“ts”: “2022-02-27T21:40:24.065982”,
“from”: “hash@q3mcco35auwcstmt.onion”,
“to”: “terry@q3mcco35auwcstmt.onion”,
“body”: “drop”
}

A day after the leaks began. Members began to have trouble logging into the Conti admin environment. They began communicating through an anonymous encrypted service.

{
“ts”: “2022-02-28T04:26:06.409424”,
“from”: “ford@q3mcco35auwcstmt.onion”,
“to”: “hash@q3mcco35auwcstmt.onion”,
“body”: “hello”
}
{
“ts”: “2022-02-28T11:12:43.131210”,
“from”: “cybergangster@q3mcco35auwcstmt.onion”,
“to”: “starfall@q3mcco35auwcstmt.onion”,
“body”: “I need to make a notification sound when a new chat message is posted”
}
{
“ts”: “2022-02-28T12:22:42.942153”,
“from”: “skippy@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “hello”
}
{
“ts”: “2022-02-28T12:22:44.753773”,
“from”: “skippy@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “what is”
}
{
“ts”: “2022-02-28T12:22:50.261241”,
“from”: “skippy@q3mcco35auwcstmt.onion”,
“to”: “tramp@q3mcco35auwcstmt.onion”,
“body”: “can’t get into admin”
}
{
“ts”: “2022-02-28T12:58:06.452041”,
“from”: “pin@q3mcco35auwcstmt.onion”,
“to”: “tiniles@q3mcco35auwcstmt.onion”,
“body”: “hello”
}
{
“ts”: “2022-02-28T14:02:33.631449”,
“from”: “modnik@q3mcco35auwcstmt.onion”,
“to”: “sepvilk@q3mcco35auwcstmt.onion”,
“body”: “https://privnote.com/o7hCAu0o#KLnXW3wgO”
}
{
“ts”: “2022-02-28T14:02:33.633336”,
“from”: “modnik@q3mcco35auwcstmt.onion”,
“to”: “sepvilk@q3mcco35auwcstmt.onion”,
“body”: “https://privnote.com/KIrjo7tc#96p20yEXB”
}
{
“ts”: “2022-02-28T14:02:33.634635”,
“from”: “modnik@q3mcco35auwcstmt.onion”,
“to”: “sepvilk@q3mcco35auwcstmt.onion”,
“body”: “https://privnote.com/4n8PxDZz#0GqNmZhjF”
}
{
“ts”: “2022-02-28T14:02:33.636092”,
“from”: “modnik@q3mcco35auwcstmt.onion”,
“to”: “sepvilk@q3mcco35auwcstmt.onion”,
“body”: “https://privnote.com/RhQhlmev#crlkvxl7O”
}
{
“ts”: “2022-02-28T14:02:33.637431”,
“from”: “modnik@q3mcco35auwcstmt.onion”,
“to”: “sepvilk@q3mcco35auwcstmt.onion”,
“body”: “https://privnote.com/twFpyJ0b#QhoigRLEo”
}
{
“ts”: “2022-02-28T17:20:44.353494”,
“from”: “wind@q3mcco35auwcstmt.onion”,
“to”: “specter@q3mcco35auwcstmt.onion”,
“body”: “name or else block”
}
{
“ts”: “2022-02-28T18:38:00.439660”,
“from”: “baget@q3mcco35auwcstmt.onion”,
“to”: “defender@q3mcco35auwcstmt.onion”,
“body”: “Hi.”
}
{
“ts”: “2022-02-28T18:38:04.917143”,
“from”: “baget@q3mcco35auwcstmt.onion”,
“to”: “defender@q3mcco35auwcstmt.onion”,
“body”: “Here?”
}

1 thought on “Want to know what private conversations between members of a sophisticated Russian cybergang look like. Well, here ya’ go.

  1. so dope

Geeks talk back