In the infostealer ecosystem, there are communities of malware operators spreading its malicious builds in a daily basis, working under a common organization, more known as a team.
In this blog series I will be exposing very briefly the activity of some of these “traffers teams”: what they did, what are they doing and what they will do in the future. If possible, I’ll let them to talk freely in a quick interview.
Today, Raven Logs:
Raven Logs is a traffer team specialized at working with infostealers. There are records of his activity since October 15, 2022 and is still active. It is managed by some individuals such as “Oxxxy” or “MrRaven”
Heads— The interview
An staff from Raven Logs team (@ravenlogs) agreed to do a quick interview with me.
The interview was made in Russian. Since I was using a translator, questions will be shown in original english, and answers will be given both in original Russian (in case translation is misled) and translations to english.
What is Raven Logs?
Raven Logs — это не просто команда трафферов, а целая семья помогающая другу друга в работе и поддерживающая связь вне работы. У нас сложились дружеские отношения и мы можем полагаться друг на друга как в плане работы, так и лично. Вместе мы образуем единую команду, которая всегда поможет друг другу и не оставит в беде
How would you describe a team to someone who has never heard of them?
Команда поможет в любых трудностях, обучит новичков
Не даст Вас в обиду
Since when has Raven Logs been working?
Мы открылись еще в далеком 2021 году, после закрылись и открылись снова
How many workers there are in Raven Logs?
ТС, 2 саппорта, и кодер
Более 10k юзеров в команде Raven Logs
Is everyone welcomed to the team, or do you not want a foreigner there?
Мы приветствуем всех!
What do I need to do to start working on your team?
Всего лишь отправить заявку в нашего бота @raven_logs_bot
После рассмотрения заявки, Вы сможете спокойно работать в нашей команде и зарабатывать $
How many logs and profit has your team earned during this time?
Логов было получено более 1 миллиона, прибыль команды раскрывать не буду по понятным причинам
What is your favorite stealer at the moment?
Meta
Do you think you’ll try more stealers for the team in the future?
Да, конечно
Каждый день появляются новые стиллеры, которые превосходят друг друга, но стиллер RedLine всегда будет в нашей команде
What are you doing to stop researchers from infiltrating the team?
Исследователям? FBI? Cops?
haha, just people who want to look at your stuff
Конкуренты всегда присутствовали, и будут присутствовать в нашей команде — это не избежать)
Мы не скрываемся, принимаем всех
I saw in the news that the founder of Raven Logs was arrested in August 2023 in Moldova, is that true?
😂, нет)
Это просто ироничный пост, который сделал наш воркер 😁
Will 2024 be a better year to work than past years or not?
Да, ведь мы планируем добавлять новые функции в нашего бота и делать ее намного лучше, чем сейчас
Is now a good time to work?
Да, конечно. Если работать усердно, то не бывает плохих времен для работы
How do you see the future?
Для команды? Или в общем?
both
Для команды — топ 1 команда, не имеющая конкуренции. Мы работаем очень много, чтобы сделать все для этого.
В общем — мир прогрессирует, сейчас активно развивается ИИ. Думаю, что в будущем появится много разных технологий, много разных сфер для заработка. Технологии — это будущее!
What would you say to those information security experts who are trying to monitor the activities of Raven Logs?
Наши воркеры остаются анонимными, как и управляющий состав команды. Не нужно браться за нас, потеряете время
Tails — The overview
~ Advertisements
The “Raven Logs” team is advertised at Zelenka forum:
SEO — [TOP #1] RavenLogs | META/REDLINE | We don’t take away crypto — Social Engineering Forum — Zelenka.guru (Lolzteam)
It offers the opportunity to work with stealers (providing free crypted builds), and free SEO.
Your main profit will be from cryptocurrencies stolen from the victims logs you get (with no fee given to the team), and the team administration will get his profit from the USA bank logs records you get.
Everyone is invited to join the team, with or without prior experience.
The team down’t allow activity towards CIS victims, in fact, they were asked about this.
Furthermore, they have also a custom song made for the team (In Russian):
~ Managing the Telegram Bot
The operations of the team are managed by https://t.me/raven_logs_bot
Applying to join the team
To fill an application on the team you will be asked the following things:
💫 Введите ссылку на Ваш аккаунт на форуме (-, если нету):
🏰 У вас был опыт работы в подобных проектах?
💁🏻♂️ Если да, то расскажите вкратце о своём опыте:💫 Enter the link to your account on the forum (-, if not present):
🏰 Have you had experience working in similar projects?
💁🏻♂️ If yes, then tell us briefly about your experience:
After filling the information and a successful administration approval, you will be accepted into the team.
The functionality of the bot is written in Russian, I will be providing both original and translated screenshoots.
Everything is detailed by “manuals” written by the team administration (alhough they are kind of outdated):
Приветствую тебя в Raven Logs! | Приветствую тебя в Raven Logs! (gitbook.io)
Summarizing,
The bot has the following sections:
Rules are shown there:
🪦 Правила RavenLogs:
1. Запрещены инсталлы.
2. Запрещён слив билда на VT.
3. Запрещено оскорбление участников проекта и неуважительное отношение к администрации.
4. Мы имеем право заблокировать вас без объяснения причин.
5. В том случае, если вы пользуетесь заливом видео или поднятием SEO от RavenLogs, но льёте не на билд нашей команды, мы имеем право запросить арбитраж в размере 150$.
6. Запрещена искусственная накрутка логов.
7. Запрещена склейка билда с другими файлами.
8. Запрещено сливать билды 3-м лицам.💬 Правила для чата:
1. Запрещён контент 18+.
2. Запрещён шок-контент.
3. Запрещена реклама своих услуг.❗️Работая в нашей команде, вы автоматически соглашаетесь с данными правилами.
❌ Нарушение правил влечёт за собой полную блокировку в проекте.🪦 RavenLogs Rules:
1. Installations are prohibited.
2. It is prohibited to upload the build to VT.
3. Insulting project participants and disrespectful attitude towards the administration is prohibited.
4. We have the right to block you without giving any reason.
5. If you use video upload or SEO boost from RavenLogs, but do not use our team’s build, we have the right to request arbitration in the amount of $150.
6. Artificial cheating of logs is prohibited.
7. Gluing the build with other files is prohibited.
8. It is prohibited to leak builds to third parties.💬 Chat rules:
1. Content 18+ is prohibited.
2. Shock content is prohibited.
3. Advertising of your services is prohibited.❗️By working in our team, you automatically agree to these rules.
❌ Violation of the rules entails a complete blocking of the project.
The “get a build” section gives you the option to generate an infostealer build, protected with a crypter that you chose with only two clicks of effort, and ready to be used in the wild.
Also giving you the a free avcheck analysis
Under “Personal Area” section, you see this:
Your information, statistics, and options on the team allow you to get notifications on new logs received from your builds generated by the team, display your username in the general statistics, automatically check Youtube accounts from your logs and auto withdraw payments from cryptocurrencies stolen.
As you can see, this team has also a referral system:
👩💼 Если человек зайдёт в команду по вашей ссылке и наберёт 100 логов, то вы получите выплату в размере 500₽!
👩💼 If a person joins the team using your link and collects 100 logs, then you will receive a payment of 500₽!
In the information section, and you will find the channels and manuals of the team.
Manual: Приветствую тебя в Raven Logs! | Приветствую тебя в Raven Logs! (gitbook.io)
The Otctyk channel refers to the records that I discussed on the first release of this blog series, and we can also find a general chat for team members. Manual has been shared previously.
Also please find the announcements provided on the bot since August 2023:
August 4, 2023
✅ Работа полностью восстановлена. Старые билды стучат! Извиняемся за доставленные неудобства. (✅ Work has been fully restored. Old builds are knocking! We apologize for the inconvenience caused.)
August 11, 2023
💯 SEO WORK! Ждем ваши заявки. (💯 SEO WORK! We are waiting for your applications.)
August 30, 2023
✅ Замена IP адреса прокладки прошла успешно! Процент отстука стал выше.
❗️Получите новые билды! Старые НЕ стучат!
🖤 С уважением, команда RavenLogs.
(✅ Changing the IP address of the gasket was successful! The attrition rate has become higher.
❗️Get new builds! The old ones DO NOT knock!
🖤 Best regards, RavenLogs team.)
September 3, 2023
✅ Были небольшие проблемы, связанные с отстуком Raccoon Stealer. Исправили!
❗️Если вы пользуетесь ракуном, то получите новый билд в боте. Старые билды ракуна не стучат!!!
(✅ We were having some minor issues with Raccoon Stealer ping. Corrected!
❗️If you use Raccoon, you will get a new build in the bot. Old Raccoon builds don’t knock!!!)
September 10, 2023
✅ По непонятной нам причине ночью упал Meta Stealer. Сейчас все работает в штатном режиме. Извиняемся за доставленные неудобства. (✅ For some unknown reason, Meta Stealer fell at night. Now everything is working as normal. We apologize for the inconvenience caused.)
September 24, 2023
✅ Работа полностью восстановлена. Наблюдались проблемы с сервером. Извиняемся за доставленные неудобства.
(✅ Work has been fully restored. There were problems with the server. We apologize for the inconvenience caused.)
September 25, 2023
✅ Были небольшие проблемы с CryptoChecker. Исправили!
(✅ There were some problems with CryptoChecker. Corrected!)
September 28, 2023
✅ Команда работает в штатном режиме. Наблюдались незначительные проблемы на стороне хостера.
(✅ The team is working as usual. There were minor problems on the hosting side.)
October 4, 2023
❗️Временные проблемы на стороне Meta Stealer, панель не работает. Оповестим, как все наладится!
(❗️Temporary problems on the Meta Stealer side, the panel does not work. We’ll let you know how things get better!)
❗️✅ Всё работает в штатном режиме! Удачных проливов!
(❗️✅ Everything is working as normal! Happy straits!)
October 6, 2023
✅ Meta Stealer подняли свои сервера, стиллер снова работает.
(✅ Meta Stealer has raised its servers, the stealer is working again.)
October 12, 2023
❗️Последнее время крипточекер плохо чекает Метамаск, бывают пропуски! Поэтому если вам бот написал, что баланс нулевой, то в любом случае советуем проверять холодок вручную
(❗️Crypto checker has been bad at checking Metamask lately, there are some gaps! Therefore, if the bot wrote to you that the balance is zero, then in any case we advise you to check the chill manually)
October 16, 2023
🦊 AliceCrypt снова работает. (🦊 AliceCrypt is working again.)
October 31, 2023
🩸Redline снова в строю! (🩸Redline is back in action!)
November 8, 2023
🦊 Ответ всем тем, кто спрашивает, что случилось с AliceCrypt и почему он не работает. ❗️Проблема не на нашей стороне, т.к. сам сервис не функционирует в течение 2–3-х недель. Если что-то изменится, то мы вас обязательно оповестим. Пока что пользуйтесь EasyCrypter!
(🦊 Answer to all those who ask what happened to AliceCrypt and why it doesn’t work.❗️The problem is not on our side, because… the service itself does not function for 2–3 weeks. If anything changes, we will definitely notify you. For now, use EasyCrypter!)
November 10, 2023
✅ Работа восстановлена. Получите новые билды, старые не стучат. (✅ Work has been restored. Get new builds, the old ones don’t knock.)
November 24, 2023
✅ Работа полностью восстановлена. Извиняемся за доставленные неудобства.❗️Внимание, получите новые билды. Старые не стучат!
(✅ Work has been fully restored. We apologize for the inconvenience.❗️Attention, get new builds. Old people don’t knock!)
December 3, 2023
🎄 Давненько от нас не было новостей, исправляемся!Небольшое обновление:
- Из бота были убраны AliceCrypt и Raccoon Stealer в виду их неработоспособности.
- Исправили ошибку, возникающую при выгрузке логов. Теперь все работает корректно.
- Пофиксили множество мелких багов и оптимизировали работу бота.🖤 С уважением, администрация команды RavenLogs.
(🎄 There has been no news from us for a long time, we are correcting ourselves!Small update:
- AliceCrypt and Raccoon Stealer were removed from the bot due to their inoperability.
- Fixed an error that occurred when uploading logs. Now everything works correctly.
- Fixed many minor bugs and optimized the bot’s performance.🖤 Sincerely, administration of the RavenLogs team.)
December 5, 2023
❗️Обновите билды Meta Stealer. Старые не стучат. (❗️Update Meta Stealer builds. The old ones don’t knock.)
✅ Теперь при получении билда пишется количество детектов, как и раньше. (✅ Now, when receiving a build, the number of detections is written, as before.)
December 12, 2023
✅ Получение билдов снова работает в штатном режиме. (✅ Receiving builds works as normal again.)
December 21, 2023
✅ Meta Stealer работает в штатном режиме. Стиллер был обновлён.
🏮 RedLine также был обновлён до новейшей версии. (✅ Meta Stealer works as usual. Stiller has been updated.
🏮 RedLine has also been updated to the latest version.)
December 23, 2023
✅ На данный момент рекомендуем использовать RedLine. На стороне Meta наблюдаются проблемы. Как только Meta снова заработает корректно, мы вас оповестим. (✅ At the moment we recommend using RedLine. There are problems on the Meta side. We will notify you as soon as Meta is working correctly again.)
December 31, 2023
🎄Дорогие друзья, команда RavenLogs поздравляет вас с Новым Годом!Желаем Вам, чтобы в Новом Году Вы стали намного счастливее, богаче и здоровее! Пусть 2024 станет Вашим самым лучшим годом!
Год был не самым простым и для сферы траффика, и для всего мира, но мы со всем справились!
🖤 Спасибо, что выбираете RavenLogs!
🥳 С Новым Годом!
(🎄Dear friends, the RavenLogs team wishes you a Happy New Year!We wish you to become much happier, richer and healthier in the New Year! May 2024 be your best year yet!
The year was not the easiest for the traffic sector and for the whole world, but we managed to cope with everything!
🖤 Thank you for choosing RavenLogs!
🥳 Happy New Year!)
January 2, 2024
✅ Все работает в штатном режиме. Meta Stealer по прежнему работает некорректно. Используйте пока Redline (✅ Everything is working as normal. Meta Stealer still does not work correctly. Use Redline for now)
January 5, 2024
✅ Друзья, мы с хорошими новостями!❄️ Meta Stealer снова работает! (✅ Friends, we have good news!❄️ Meta Stealer is working again!)
January 10, 2024
❄️ Meta Stealer был обновлён. (❄️ Meta Stealer has been updated.)
January 11, 2024
✅ Был почищен детект EasyCrypt! (✅ EasyCrypt detection has been cleaned!)
January 18, 2024
👻 Был почищен детект EasyCrypt! (👻 EasyCrypt detection has been cleaned!)
January 31, 2024
✅ Был почищен детект EasyCrypt! (✅ EasyCrypt detection has been cleaned!)
February 3, 2024
👻 Выдаём билды в форматах: *.vbs, *.js пользователям с логами.
(👻 We issue builds in the following formats: *.vbs, *.js to users with logs.)
February 6, 2024
✅ Исправили работу крипточекера! Сейчас все логи проверяются корректно.
💰Напоминимаем, что крипточекер чекает только следующие кошельки:
Metamask, Brave, Ronin, BinanceSmartChain, Tronlink, Coin98
Чек Atomic Wallet, Electrum, MyEtherWallet
Phantom Wallet
Exodus Wallet
Coinomi Wallet
Guarda Wallet
Keplr Wallet
(✅ Fixed the operation of the crypto checker! Now all logs are checked correctly.
💰We remind you that the crypto checker only checks the following wallets:
Metamask, Brave, Ronin, BinanceSmartChain, Tronlink, Coin98
Check Atomic Wallet, Electrum, MyEtherWallet
Phantom Wallet
Exodus Wallet
Coinomi Wallet
Guarda Wallet
Keplr Wallet)
February 8, 2024
❗️Если вы создавали билд сегодня или вчера, то мы настоятельно рекомендуем сделать ребилд! Была проблема на стороне криптера.
(❗️If you created a build today or yesterday, then we strongly recommend doing a rebuild! There was a problem on the cryptor’s side.)
February 9, 2024
👻 Небольшое обновление!
💰 Добавили более 50-ти кастомных крипто-кошельков для сбора в Meta Stealer, включая Manta, Bitget, Sui, XDEFI и многие другие, отсутствующие в стандартных настройках стиллера.
(👻 Small update!
💰 We have added more than 50 custom crypto wallets for collecting in Meta Stealer, including Manta, Bitget, Sui, XDEFI and many others that are not in the standard stealer settings.)
February 11, 2024
✅ Напоминаем, что есть возможность получить билды в формате .JS и .VBS (✅ We remind you that it is possible to get builds in .JS and .VBS format)
February 14, 2024
✅ Выдача билдов Redline работает корректно.
✅ При получении билда снова пишутся детекты.
(✅ Issuing Redline builds works correctly.
✅ Upon receipt of the build, detections are written again.)
February 17, 2024
✅ Был почищен детект EasyCrypt! (✅ EasyCrypt detection has been cleaned!)
March 3, 2024
✅ Работа команды полностью восстановлена. Извиняемся за доставленные неудобства. ❗️Если вы использовали Meta Stealer, то получите новые билды, старые не работают (у Meta было крупное обновление).
(✅ The team’s work has been fully restored. We apologize for the inconvenience caused. ❗️If you used Meta Stealer, you will get new builds, the old ones do not work (Meta had a major update).)
March 6, 2024
❗️Если вы используете Redline, то рекомендуем сделать ребилд. Старые билды могут работать некорректно!
(❗️If you use Redline, we recommend doing a rebuild. Old builds may not work correctly!)
~ Otctyk
The records on the Raven Logs Team otctyk channel looks like these ones:
English words are translations, original message are russian words
🪦 Ворон принёс новый лог! (Raven brought a new log!)
🎃 Воркер: (Worker:)
🌙 Стиллер: (Stealer:)
💢 Был ли в панели: (Was there in the panel:)
🌐 Страна: (Country:)Краткая информация о логе: (Brief information about the log:)
🔐:
🍪:
🧊:
💳:🔎 Запросы: (Requests:)
Запросы в паролях: (Password requests:)
Запросы в cookies: (Cookie requests:)
There are a total of 506889 records since October 15, 2022 until the day of writing this blog. A total amount of 403525 logs are unique.
Sadly, this team records doesn’t show the IP from the logs.
Total amount of records (all), sorted by countries:
Brazil (BR) - 33728
United States (US) - 27239
India (IN) - 14916
Turkey (TR) - 13388
Germany (DE) - 12709
France (FR) - 12250
Philippines (PH) - 10442
Indonesia (ID) - 10439
Vietnam (VN) - 10017
Poland (PL) - 9001
Spain (ES) - 7930
Mexico (MX) - 7642
United Kingdom (GB) - 7617
Argentina (AR) - 6793
Italy (IT) - 6690
Thailand (TH) - 6652
Netherlands (NL) - 6310
Colombia (CO) - 5893
Peru (PE) - 5593
Pakistan (PK) - 4886
Egypt (EG) - 4653
Romania (RO) - 4538
Chile (CL) - 4244
Canada (CA) - 3991
Portugal (PT) - 3667
Morocco (MA) - 3351
Bangladesh (BD) - 2969
Malaysia (MY) - 2968
Algeria (DZ) - 2792
Czech Republic (CZ) - 2703
South Korea (KR) - 2611
China (CN) - 2593
Australia (AU) - 2340
Hungary (HU) - 2221
Belgium (BE) - 2132
Ecuador (EC) - 2129
Sweden (SE) - 2094
Serbia (RS) - 1943
Saudi Arabia (SA) - 1866
Venezuela (VE) - 1862
Israel - (IL) - 1767
Japan (JP) - 1728
Dominican Republic (DO) - 1636
United Arab Emirates (UA) - 1632
South Africa (ZA) - 1615
Greece (GR) - 1428
Bulgaria (BG) - 1412
Taiwan (TW) - 1377
Switzerland (CH) - 1358
Iraq (IQ) - 1343
Tunisia (TN) - 1303
Sri Lanka (LK) - 1279
Lithuania (LR) - 1193
Bolivia (BO) - 1159
Austria (AT) - 1114
Denmark (DK) - 1041
Nepal (NP) - 996
Slovakia (SK) - 968
Norway (NO) - 934
Georgia (GE) - 896
Uruguay (UY) - 860
Unkown (UNK) - 835
Finland (FI) - 830
Iran (IR) - 818
Kenya (KE) - 815
Nigeria (NG) - 747
Cambodia (KH) - 723
Jordan (JO) - 695
Singapore (SG) - 654
Bosnia and Herzegovina (BH) - 650
Croatia (HR) - 619
Mongolia (MN) - 594
Costa Rica (CR) - 582
Ghana (GH) - 580
Myanmar (MM) - 575
Kuwait (KW) - 544
New Zealand (NZ) - 543
Hong Kong (HK) - 539
Slovenia (SI) - 514
Ivory Coast (CI) - 490
Paraguay (PY) - 471
Palestine (PS) - 460
Ukraine (UA) - 455
Panama (PA) - 423
Ireland (IE) - 417
Guatemala (GT) - 411
Macedonia (MK) - 403
Ethiopia (ET) - 382
Latvia (LV) - 378
Estonia (EE) - 372
Lebanon (LB) - 342
Qatar (QA) - 335
Honduras (HN) - 310
Jamaica (JM) - 307
Puerto Rico (PR) - 299
Luxembourg (LU) - 282
Albania (AL) - 269
Angola (AO) - 269
Cuba (CU) - 260
Senegal (SN) - 260
Mozambique (MZ) - 257
El Salvador (SV) - 250
Cameroon (CM) - 223
Laos (LA) - 217
Bahrain (BH) - 204
Trinidad and Tobago (TT) - 199
Reunion (RE) - 190
Madagascar (MG) - 177
Oman (OM) - 173
Togo (TG) - 173
Nicaragua (NI) - 168
Malta (MT) - 160
Libya (LY) - 149
Moldova (MD) - 142
Cyprus (CY) - 139
Mauritius (MU) - 139
Uganda (UG) - 135
Tanzania (TZ) - 131
Zambia (ZM) - 126
Namibia (NA) - 122
Syria (SY) - 113
Benin (BJ) - 111
Uzbekistan (UZ) - 109
Mali (ML) - 100
Burkina Faso (BF) - 99
Montenegro (ME) - 99
Azerbaijan (AZ) - 97
Gabon (GA) - 96
Democratic Republic of the Congo (CD) - 80
Somalia (SO) - 77
Haiti (HT) - 73
Botswana (BW) - 63
Brunei (BN) - 62
Iceland (IS) - 61
French Polynesia (PF) - 59
Zimbabwe - 59
Guyana (GY) - 58
Rwanda (RW) - 58
Maldives (MV) - 56
Republic of the Congo (CG) - 56
Yemen (YE) - 55
Bahamas (BS) - 54
Papua New Guinea (PG) - 50
Barbados (BB) - 49
Sudan (SD) - 48
Cape Verde (CV) - 43
Afghanistan (AF) - 40
Jersey (JE) - 39
Belize (BZ) - 34
Macau (MO) - 33
Monaco (MO) - 33
Suriname (SR) - 33
Malawi (MW) - 30
Guinea (GN) - 28
Mauritania (MR) - 27
Armenia (AM) - 26
Fiji (FJ) - 26
Saint Lucia (LC) - 23
Djibouti (DJ) - 21
Sierra Leone (SL) - 21
Andorra (AD) - 20
Dominica (DM) - 18
Grenada (GD) - 17
New Caledonia (NC) - 16
Saint Kitts and Nevis (KN) - 16
Aruba (AW) - 15
Curacao (CW) - 15
Kyrgyzstan (KG) - 15
Bhutan (BT) - 14
Equatorial Guinea (GQ) - 14
Liberia (LR) - 13
Mayotte (MY) - 13
Seychelles (SC) - 13
Antigua and Barbuda (AG) - 12
U.S. Virgin Islands (VI) - 12
Faroe Islands (FO) - 11
Gambia (GM) - 11
Guam (GU) - 11
Niger (NE) - 11
Burundi (BI) - 9
Cayman Islands (KY) - 8
Solomon Islands (SB) - 8
Swaziland (SZ) - 8
East Timor (TL) - 7
Northern Mariana Islands (MP) - 7
Bermuda (BM) - 6
Chad (TD) - 6
Isle of Man (IM) - 6
Lesotho (LS) - 6
Sao Tome and Principe (ST) - 6
South Sudan (SS) - 6
Comoros (KM) - 5
Greenland (GL) - 5
Saint Vincent and the Grenadines (VC) - 5
Turks and Caicos Islands (TC) - 5
Guernsey (GG) - 4
Sint Maarten (SX) - 4
British Virgin Islands (VG) - 3
Samoa (WS) - 3
San Marino (SM) - 3
Tajikistan (TJ) - 3
Tonga (TO) - 3
Vanuatu (VU) - 3
Belarus (BY) - 2
Gibraltar (GI) - 2
Guinea-Bissau (GW) - 2
Kosovo (XK) - 2
Montserrat (MS) - 2
Saint Martin (MF) - 2
Saint Pierre and Miquelon (PM) - 2
Anguilla (AI) - 1
Central African Republic (CF) - 1
Kazakhstan (KZ) - 1
Liechtenstein (LI) - 1
Marshall Islands (MH) - 1
As you can see, workers from Raven Logs have acted against people from around the world.
These numbers make the total flow of infections an average of ~800 unique daily victims of the people working for this team.
Talking about stealers used, there are a total of 263361 records tagged as Redline logs, 303598 as Meta logs, and 61036 as Meta logs, 2708 as Raccoon and 4703 tagged as Aurora.
Some requests that are being checked on the log are:
“MONEY”, “PayPal”, “Amazon”, “FACEBOOK”, “GoogleAds”, “EPIC”, “STEAM“, ”BATTLE”, “GPAY”, “MINECRAFT”, “GENSHIN”, “SocialClub”, “EscapeFromTarkov”, “RIOT”, “BusFB”
There should be more
~ Workers
Please keep in mind that there is an option on this team to hide your username on the OTCTYK records, so most of the logs didn’t disclose an actual username, and also the possibility for users to change their username, so more than one username could refer to the same operator.
There are a total of 1252 usernames, some of these usernames may be known to you. List:
@grehreherhre
@morphism_design
@maytee_o
@lovechechnya
@hasbulayt
@money_maniac
@stranger_karelli
@Aura_Lolz
@Non_sleeep
@shamelesssssssssssssss
@RipnDick
@recursively
@nesqe
@ravenlogs_support2
@talentlessmode
@laqo_page
@anon_umous
@fdslpoffkdskfdskfdsk
@sssinma
@danilkabugaga
@weakrat
@obscureobscureobscure
@webzzzz
@tommywaiso1
@asdasdasdasdasdddddddddddd
@Deadlydefender
@Dasdvhyf
@iopjklbnm21
@Ryuunosukeeeee
@steeladm
@mobilkadsd
@Okitahar
@bestBoy4141
@odidwa
@logscss
@FusikOnefersink
@xxxVolodya
@Kapusta7
@Fufikboy1
@ngxDyn
@Zairooo
@viktorpalma
@magiclzt
@Solalrit
@nullez
@govuaa
@WORLD_WORLD666
@waQunov
@Loos3rWork
@durnoyss
@assaasqqq
@DedushkaBoi
@alteredcarbonlolz
@Jon_Ton
@PREDATOR20531
@H430_1
@X3C5T
@bynikk
@AILNAISE
@freezqqq
@djlosdlsdlos
@harmening
@DoNotTouchMySquad
@el_sanya
@soft_manager_inside
@r1q234
@goldenvp
@qzqzqzqzqzqzqzq
@trustme1337
@wtfx30n
@sonlonaa
@saxt23
@psychokaizer88
@lumial
@LOKUSTU
@dedsgr
@Olwor
@mtz_zhyk
@poti9po4
@jozkiy
@nagibator35
@Alexandra_piiiter
@freezwww
@ccgrover
@LIndarRC12
@dashulya_bebe
@jampagasik
@asdfgikut
@Djoker1832
@lippy9
@Tolllk
@motorisss
@hshfqs22343
@geborgenhiet
@Neum33
@Udacha_77
@xanaxloki
@n00bys
@wianix
@aqvapopka
@Syr3xbon3
@sh1deo
@pisugan
@lolzopg
@Romanich999
@lolwhat007
@qwertyqwerty12333
@bykyratova
@skeyli1
@vitman2014
@richmonth
@DedushkaBoii
@one_win4ik
@hxrqg
@jdjfjejrj
@bloodyrain12
@sakur4sawa
@Macd0nald
@chfrshstjfznfnhrhfhfm_1
@SamCampbel1
@exhenrietta
@feozz
@ychamizyzu6
@grehr
@liejrtgvg
@zuyza
@Yato_Hatake
@jewseyglock
@DermaX432
@moriwWs
@Illum999
@saaatan666
@gizmohuizmo
@BeLover777
@bestBoy10
@leoniker
@CRYYXU
@mobilkasdsd
@ImmiFn
@fomicvell
@lolzcoder_starv
@Lookkkkkkkks
@Azart_626
@DevilUnq
@dsadasdasd1
@sergo_mango
@Larriik
@guru_sev
@youngboymoney
@woodi_esp
@Kakukluni
@RonaldMers
@negrlzt
@Forester_Linar
@BATON7979
@Tolikk_Top
@SPKRFRQR
@scamquerto
@alkhsfhlkh12
@scetxxx
@OGFlexxx
@Holodecshrenom
@OnlyBTCx
@kurvalogs
@YoungJesly
@macaoyyy
@stonjkeee
@fokit
@kikimoradon
@adanysh
@sevalolz
@shishiomakato
@KatychkaP0rno
@laveelii
@Hellyat
@MaT1LdaSSS
@netisabuser
@GreenMorph
@Yakoblolz
@Deletzaykaaa
@cvrseddd
@Ex1steLUV
@Skeelance
@watrixxx6
@ByrakObama
@al1ggator
@kochetchka
@k3aso4ka
@WEONi0N
@Laaarriik
@aleoda
@ass_beater
@Trigoonn
@fondnesssw
@NekoChan815
@OTbiyy
@Maks1mka_2
@miniarstg
@MegaGnida0
@EEEEQQQWWW
@sleepmods
@sniffer96
@sc6ut
@JamessXXXL
@markuS1us
@n166a_n199a
@tr_asherrr
@CPUBLD_SUPPORT
@bybenzino
@Lolzikcrew
@hug0b0ss88
@airlessshop
@frizenss
@x0xl1nka
@voidlttt
@xanthe1000
@Nominalooo
@Kaonashi937
@lordes1
@TozzSenpai
@ikuyukii
@StayAway777
@panchancat
@upbagadf
@Domky23
@dllez
@blssssdsavip
@Oxxxy_lzt
@topdatingas
@sarph1n
@tem0pe0ra0ture
@DEVil1037
@MerteDente
@lzt33
@dalbaebya11122
@ezor2
@ConorADSMcGregor
@Zinar2223
@dakqp
@elsumi1337
@frank556573200
@NaaGryaznom
@nixs171211
@GIVEMEMYGUN
@ytseo02
@lubitel_vina
@zzpkpk
@avolohov91
@Ell7o
@Bagerte_me
@beast_m0dz
@axeponat
@Seks1Pup0k
@Qadrate
@RandyJuno0
@freeoness
@theraiwy
@bigstanley01
@PsychoNekksi
@zerol58
@cryptordreff
@bufferokda
@verdadee
@rocksylolz
@tpaxatb
@Amogus3534535
@bl0drud
@EasyCrypterSupport
@paint_drying
@En_vy666
@gxxdboyy
@brazilecro
@S3109QL
@darzzzzii
@Naralust
@NiDambo
@avganchik
@barnak_ok
@norikkkuk
@usoppik
@erLrust
@Deletzaykaaaaa
@Dunkyyyyyy
@OnlyTLOVEx
@Fentiq1
@staff1st
@logscloud
@valertyu
@Sentetik
@filantop
@oasfiasjfwlalffhnfnfnfaxda
@Marnisz
@aiottocrash
@sadhotnezz
@Shadowfiend12344
@romaaqq
@Goshanu
@Maxutka228ozvuchalka
@mojomojo1889
@paymeBTC
@spajr
@ehorqa
@B3ZDAR6lz
@asautman
@MarattamYT
@Durak9876
@kumarchikz
@colla_developer
@nepaxalvpole
@Nominaloooo
@ALEKSANDRo78
@ARZpppr
@yurinobu
@delphem
@worker_004
@moneyinthetokyo
@zalerochek
@NelloyLolz
@Skira123
@helflogs
@dkymvxxl
@Tarrikks
@Red9xX_X
@anwo18sfga
@antonvlasov
@H0NESTFOX
@fuckkkkkme
@HELLRAISS
@webkhacker
@bibiz9nkaka
@GestasTV
@lUndeanonedl
@karolinochkaaaaaaaa
@x4c5t
@silenceofthenightvi
@sipiha
@dyneror
@extenz
@djjdisi
@pupo4e4ec
@HOLA_bo
@nftmanager1
@godplsk1llme
@orchea
@BUTAJI9
@bmw_e39_540i_m5
@nolitol
@moneyinwebsite
@lano4ka_22
@fentdev
@kaSSablanka
@tony_tonight1
@WhiteCrypt_support
@thebesotrab
@rise4prove
@lojkaya
@lookaway78
@UniqPRSN
@skekkw
@www633
@grishadobriy
@itzdarth
@udieiejfjfkekd
@heis999
@youmaskis
@gestaslinoff
@stake_loco
@MatMoroz
@heysnlo
@Defadly777
@Traffbaza
@PoHAH
@darknetdox
@impatbateman
@kumavr
@Kxssxng
@howrlybang
@Averdar
@Sanjik1111
@sxdsad
@LilChillW
@jekon555666
@MailsRow
@more_million_dollars
@vxdpa
@v2345op8345bp345o
@hsabhaashdhdhasasdhtryme
@longerfx
@LIxzxc
@Anonimusiu
@egornight
@SawoXx
@rastiktt
@CedRaaaa
@jdhdhdhdjdjrhr
@ip12jsjakwka
@ksyhha1
@OLEBABASSIK
@zhabazelenaya
@Tommy_159
@Uppluu
@gegebos62
@arabemirats
@sm0keallday
@metamask0ff
@ludovik1488
@cryptobitts
@PusKarta
@BarbieGosling
@Niger109
@Lut1zzz
@nixnixnix6
@cryptovizz
@lil_nefor
@OC06OHAKYPEH
@Lolzteam0ne0uts
@llIlIlIllIlIlI
@deadside014
@cwxrl
@Tomas_232
@kokakola2078
@redalert_lolz
@cryptoloshped
@uebanishe385
@x1ps0ff
@Lifehack153
@Lohudric2
@Zyk1k1
@palexxv
@JoeBidenUSAAA
@chrisdime_lolz
@arinamash0655
@tehnoanton
@jesisleo
@xwrllk
@NeVorishka
@bittrexserhii
@b1iodegradable
@DMC073
@Hello0W0rld
@qwertyj0ke
@anonpuk
@Wrangle4
@Alaskiap
@Forlz100
@sdaaaawf
@hydra7330
@Eman461
@D9_Dark
@TALTALdcsad
@glfgcvf
@refand_steam
@babywalker777
@realy_lzt
@ptrv_dev
@pizdatvoeimateri
@tim_coocker
@whyjohnywonker
@danniqq
@qery_x
@djemhd
@xios13
@apple_rab
@Kabanifzeeee
@zxcsdsd
@yakooovvvvv
@number_oneBC
@kastizi
@undeqinerlzt
@Vlzga2917
@ihfrjbfdjjvrjjdtjv
@ommoi
@DEADLOLL1
@BOPK_BCEM
@JackobFlo
@gglul32
@squzziewearebeats
@hqkqz
@Yo_how_is_it_going
@Cheraa14
@Genadi_Marlboro
@villgett
@winfoudgkdbojdvojvojrb
@lox0zavr
@XMRGOD
@nepessimist
@ar1hant
@blissieblood
@yandexpromooperator
@totsam6
@wiielll
@fdgsdgserwsdfgs
@tsukauch1
@kcufsor
@jason12333
@SDark666
@benzylmorphine
@killdrugs
@HelperBot1
@vitiozk
@dntsss
@traxoeb4000
@zxcenter
@dropmelogs
@almazik218
@Luso1q
@verkow1
@PumPumPon
@qatrol
@jesussexus
@bugobiob
@Lunnayan
@nulleto
@De0niss
@imkingtheporno
@Xcorder
@SykaLogs
@KingBeaze
@Readilzarab
@exmonex_sup
@Djdjskh
@cuppy1337
@Kami133lol
@Haillrake41
@shintasenshi
@zoro_one
@ozabo4en
@refaundtop
@typewarrior
@ADSKIY_HALYAVSHIK
@gglul34
@Psihovany
@cashvkarmani
@ICELOGSADMIN
@skimmer_card
@jozkiy1
@Ju2dex
@bindba453
@wewantmoneymb
@smert_smert8
@aqua1337
@violatex
@originalgizmo
@danonez7
@keshiki221
@wadillerou
@alenisyours
@Vestorn16
@krskyy
@zxclonger
@JDSFRY
@k3d11
@yamashir0
@Sani0xxx
@itxly
@dev1lin
@LuckyClever_lzt
@Lolz1st
@tttyujkg
@xrgtq
@z3rkk
@Ombrre
@udgkdbojdvojvojrb
@clownxyz1337
@xrafaet
@bombaster11
@ahgwio_89
@Traffer228
@YamyChopper
@higevs
@nemoyYangra300
@plafon4ic
@voice_enable_1
@MerchD
@abudhabidealer
@sodsl
@spikeeeeeeeeeeeeee
@Andrewskiss
@gorshpek
@Antoxa4211
@fenz11k
@asotryrbe
@miniarsxxd
@accxunt_1
@arcteryxlzt
@lolzallert
@N0LIKTRAFF
@xelesp
@solarten
@dvlmncrbby
@dodge222
@DyadyaProMax
@Sm3tanabeat
@hillarydea2
@kuduntu
@foruman
@sjbin8
@almaketty
@northon_nightly
@lovedevo4ek
@chikes11
@Gulevx6
@VALI696
@OTRABIKSHOP
@shmaIsaIa_bot
@centaur
@suportekb
@WORKS_P2P
@big_lebwski
@ididjsjsid
@Housto_N_n
@Br0keeee
@dfhwork
@sdfjhnsadjasdjans
@kristofer_atlanta
@exploit_user
@sharaut1312
@Wblackheisenberg
@waalaah
@gghostbuster
@Name237
@Lordexxxx
@Fldkdkdkelkeej
@Ernesto1928qq
@amazon_ebal
@Luffy_God
@uuuuwuuuuy
@moquent
@lalu_lin
@xVezYn4ikx
@qloacid
@sinuros
@samexada_god
@Yhgsazbh
@almazxs00
@facedx
@desotrayer
@causenaffect
@scamwaIIet
@SanJveto
@Embrionix
@Kikon11
@DennitsaFalleny
@night_zl1v
@H43O1
@R2r3r4r5r_lzt
@Shermi7
@Pepegin
@zoniksx
@speedik1337
@cvvmolly
@gdydudgekspdiegeiehdvdifhdg
@workerlolz
@ledgeroww
@deadlyparkourkiller2012
@disparadisse
@XX735
@menixlolzteam
@dotaeng5
@kir1Il
@RAIDFORMYLIFE
@TheMissingMemory
@XXXANDRIXXX
@rocktheroll
@itnerritz
@samexada_dog
@flopys21
@darkascens1on
@neforlab
@AmountLogs
@rahulcha001
@RichardMille2122
@Doc_Sec
@krutyshkin
@romadanlzt
@Cempes
@ekfiherbfjejfj
@supp_lsps
@bigmachonok
@rukoeb_3000
@nevermoredie_lzt
@knutson11
@N1l1Z
@FuckYouStupidBich
@slepolrt
@HATEYEYO
@Cyb9rAdmin
@naralust1
@pagekop
@nechikarb
@nipples_lzt
@nawum
@literallyeblon
@whatonewill
@PieceofAndy
@aaa091238
@steamkryt
@qunved
@zxcriu
@cacosi
@iiiuji
@guntersubs
@kilIakitty
@follhash
@buswithoutm7
@NLE_NLE
@trendexxter
@xmrnoofence
@arcana35
@zZscrollZz
@nip_ples
@sqxwell
@sqadzode
@FUD026
@LZTGUDETAMA
@solkeer
@hw309
@spspdijdjskeoshdh
@Jladona
@eth_magnat
@boobaboba
@nzt888
@worldwillansweryou
@pro77grand
@kIrosse
@skeetv3
@ethhte
@Blessvvene
@mishanin5
@y1k35
@quattromerto
@menegka
@GIGAJIIIRR
@kissdetou
@Cripfox
@onehoursleep
@WARNING_LZT
@qxzman
@Mokutonnn
@ownerADS
@uvn000
@Gebbelsman
@ssk7141
@plmoknijbuhvx
@kitsuneq1
@seosex
@aschotic
@promanier
@MarsSellers12
@Cfrue
@AlvinHackerTwink
@ispolnitelweb3
@X_Store_support
@officialbtc_bs
@asdg1617
@mavrodi_crypto
@alexgood228
@LOGS_KING
@runawayfromheree
@tyhdhi
@popoppopou
@nokein
@eanist
@miawilliz
@thcmefalpha
@Z1Pik
@menta_disorder
@KenshiMane
@Larsadep
@Qushke
@pussy_killer11
@alekwa
@Johnlolzguru
@bezprovodnoy
@xdesignerlzt
@Blessentotake
@fkkkkkkk666
@wayne228lil
@hokageui
@imhacka
@dkdkjfjdoeldj
@SkyExas
@chilgrall
@nicalaitchh
@erc20_lzt
@shenichrime
@Remo4kaaa
@mylifebelikeeeee
@naralust0
@tomik59
@thatscelestial
@nxghtlxvell
@swegby
@whoerne
@Gevorgyan143
@dy478
@TerranGames
@SanyaChel
@girlsuckshelp
@ashewince
@poruter
@vsehvato
@Jojoraid666
@gloompain
@hagaiZu
@neakovv1
@vulnerabilityzeroday
@Fantiq1
@netybo
@qiwa_lzt
@sorrybouttthat
@krestovik_121
@danu120
@MajaMance
@HustleGreed
@blaze_DEV
@derrwork
@zxz668
@keymeki
@xyiblyatw
@sta4s
@FobiaGames
@Alberto_ebalio
@gears5555
@itSwYpl
@NXBDJSJWHWUU
@btwnota42
@lovemeansdeath
@nemoyYangra
@FrauGarden
@ev1lux228
@benjaminlinys
@merancy
@n1l45l
@nbayngb
@q_q_9_7
@kl1qq
@bodzgod
@satan1C2
@Zdnnras
@ChiefKiefik
@volandbbh
@Pi55_0ff
@niples
@etozhezhe
@DashaLonely
@Mass1ve29
@EstetikaSell
@makssszxc12
@GermanPrice
@gsjejj
@LiylicaxLandairee_Zal
@auto_worker
@Krinch2
@Andreyy770
@gfdg342gfdgfd235
@AKRIM001
@Artimonzxc
@Fakelogo
@Aegis1337
@nuggetssslayer
@Vulgar322
@whyisdreff
@antonio7555
@misteralove
@gghhgghhq
@Zaykaaaaa2
@neoldd
@HomeAloneLzt
@kuvaldaq
@ZanoSikMain
@maiweee
@unsignedexe
@lolka2020
@e0neee
@LZT_MKPK_LZT
@yatochkabtw
@mindamage
@tumbleragaa
@Sid_Jordan48w
@dfffsss11
@cahektgb
@d3737361
@platinalzt
@wagnerbtc
@ekata_a
@miral00
@platinumslzt
@heisenberggb
@breanch228
@thumbh
@indiandev1
@Boomer_modz
@kqwesx
@Jelouad_easy
@mamont0w
@coff228
@shinzokua
@Mranger
@uglysenator
@airrxn
@dave0x_dev
@sxemabyrtk
@x2xtwo
@F3WPN
@murmau4
@Mirolain1370
@b0lno
@mortinacist
@Chtoim
@NanachiYES
@kapubaraqq
@handsomewigga
@antarioo
@Finger_m
@jeanwaterlfg
@gibridLZT
@fsocietyd
@helsenbergg
@fsocietyw
@whomrak
@sxgnem
@oksd9
@pav_durov
@sazaxanz
@aeeeeeeeeeeaeeee
@Ivanivanovich70
@LoveRoadsss
@BeatifulStevie
@Stonjs
@GuardThe
@AuzyK
@zarq215
@Mass1vexdd
@Vissywork
@jsudiii
@Eskaming
@Vaaldw
@BIGBOSS934
@Vaalws
@Walirani
@boycee_frm
@hehehohoq
@AlinkaChoker
@borog
@kristoforyoumama
@catboykami32
@GrayDuke
@niggxrsthisnight
@harismwaw
@MarkF7
@tyspump
@vepr911
@trrrxxx
@fregath
@awfulminded
@daniljeyjey
@logstops2212
@nensi_346
@Joeblack1337
@lazy_face
@labterr
@ZZyyzajczxsss
@Signatyre
@nigmaeth
@ChillWorkWW
@adderGods
@raskvandos
@mag1sty
@GODBOT25
@lesnichokc
@mmmbvpp
@arcnite
@n1pple5
@Tatti9ss
@ge45gv45
@yolupko
@burberrygirloff
@i4l3n
@ExploitNinja
@set1gee
@nighmaredarkness
@framy_lzt
@natyjnye
@loqgkl4
@pipecpopapisa
@BeatifulStefie
@lamajey
@arctic_dev
@hatiko_999
@M1Nt4r1q
@iniuria_otto
@typahacker
@losharaipanaya
@Watashee
@vasek349291
@GeFzo1
@topmanager2
@rollemen
@DefrostDegrod
@Wenlers
@ffffffffffbbbbb
@cardfuccker
@modieXD
@canadas3
@md4td
@FeolaG
@aighkaput
@werrtqyu
@mass1vexdd
@johen_baf
@Filmora11Crac
@Azureeth
@chaooooooooooo
@grubusl
@cloudnever_admin
@mnepoxuydolbaeb
@zuzlichonok
@kotiks8
@dedalann
@sxciofobia
@aza555za
@KejikKejik
@whynot_ow
@Genji_GrandeLatte
@breasticles
@fffppkll
@BangBang777
@YourCryptoDady
@Hekkimarue
@cashsharing_lzt
@xdenthe
@bazelinds
@fermer_345
@generator_idei_popkaa
@niktonikogdanevernetsyav2007god
@richard_levins
@wyawyd
@ppqpqpqppqh
@Zomyx1
@mf_jeff
@FerrariCloudSup
@scannersupport
@yranla
@useyyoou
@kulksiz
@fi1re_slayer
@cloudnever_adm
@jeff_the_killer_97
@siifjejwishjwkwowhwkwidhdjueh
@Kalatila49
@yoshi_work
@nuIex
@escrowlolz
@galka1703
@vigerrry
@wowseneswatter
@Whoesosq
@zerolightss
@kokosovii1
@Wqrrey
@Wovix872
@Breiku1
@lamezxc
@yodeo
@wh0needs
@BiletArmii
@payment_726
@black_dollarsS
@ya_huylan
@karnevi
@radvi_lz
@kwezex
@zxcwr_work
@koptuo
@lildoohs
@aneurysmq
@chekr1na
@h3dra
@juciefy
@adam41kz
@idgottaxlive
@sneaker1911
@Cyb9rAdminn
@DarkUngels
@Alphabet_Incorporation
@PackLab_root
@tsokitsoki
@MRSKRASH
@assaasqqqq
@bladee_official
@Right_store_support
@MaticBridge
@Alena_Fish
@majahead69
@devill_666
@adsfasdfasdfasfasdfa
@Ginza_88
@sdfggffdg
@vortexdaun
@CryptoPigv
@robeertx
@MJParanoya
@Ndndjdhbfd
@real_mateko
@tolik1697
@reTSaMaTG
@polirqi
@flamelos
@fee1so1one1y
@Velialprod
@PhantomCash
@Lustjuju
@nothinqmind
@audirss7
@ratwarp
@lovebscsmart
@PaniniTaskano
@PhantomCashBio
@dsudjj
@manakyzy
@Meneger_EXotus
@Hisenberg_BB
@Vikyle4ikaaa
@negationtrip
@set1gee3
@huaiqiq
@woeeelzt
@Coupehr
@fsociety0x
@allexbuttler
@klayZ3
@viruslzt
@ksnzksls
@china2111q
@LABS_REVISOR
@MaxSqw
@geniy_bets
@vortexhuh
@wwwxDPO
@MXDNXGHTzz
@fafafafa2131
@BobloxExe
@kishlakaconcert
@InstressX
@ggfaidy
@CryptoPiga
@ccodw
@BogdanBomiLLL
@zagaaz
@thertiis12
@tuordefrance
@beebopforreal
@keltuckerbro
@kok48
@exort101
@sdf23ok4s
@thornywayy
@CryptobiamSupp
@woro2key
@xyisoska2284
@corrnella
@hylsi
@vk_seller1234
@cryptobarck
@oogwayy666
@otstan_plz
@okhnVI
@StatigsLol
@wendezy
@Tregs0
@anastyqiwjx
@K3lmz
@SinorikOtrapik
@misterpetrushka
@exe64
@RobIoxOwner
@carrera_blanca
@Matsudoka
@bublest
@qlysqu
@XKekysX
@hoodrttt
@andre_chen1
@anon0404nigga
@evelynmyer
@w0rk_scm
@imsot1r3d
@Sinsinbabizyana
@DontCryMen
@cherniflag3
@yellowman222
@nwoHqY6B1P
@D3athByD3sign
@zxcsmithle
@chch25
@LordGeron
@McLarenLZT
@x0111x
@cuu81n
@Fastik9091
@discordpusher
@KrechInf
@laswegaskoko
@THESALAMO
@neformalavpered
@slujbabezopasnosti
@mothervess
@cosmos773
@owner_powercloud
@tapzens
@wsup2
@putklamu
@zeleniybigpencil
@twitter_tavern_sup
@WORK_P2E
@DreamFisher
@cult22_22
@dxrkshine
@exchangedevils
@Osyrisiz
@RazvedchikLzt
@yarixzjkeeeee
@whofellsme
@blzous
@andre148
@egormoonsxx
@wreck_leaguePR
@kelvin1488
@shivagod666
@Depolol
@GeorgeFetch
@observerCC
@trip_tenz
@hunktv0_0
@prsvt6666
@aoekzn
@Tregs1
@otsosalXDD
@Filantropchik
@qxzxf
@shivag0d
@lord_andwhy
@thekomugi1
@jeromelamb
@mansuregg
@imhatetelegram
@inavaf
@exe87
@vladonelove2313
@annfigma_lzt
@yanH2O
In the Statistics shown in the Telegram Bot, there is only one undisclosed username left, user NekoChan815 (with 11052 logs) at the time of writing this.
Some of these usernames have been seen at infostealers traffic working with the builds from this team, also working under other teams or working with his own builds from a private panel. Tracking the activity of each individual would be a massive task that is out of my capabilities atm.
~ Builds
A Redline (Easycrypt) build from the Telegram Bot of this team was generated by me. Find it at:
MalwareBazaar | SHA256 7b83d01bda56da72e299f2343cf237b4fdc03ac033d429d4af3ba3fddc84be01 (abuse.ch)
The current C2 of Redline builds on the Raven Logs Team is 45.15.156.127:48665
Detonation of my build: Analysis 7b83d01bda56da72e299f2343cf237b4fdc03ac033d429d4af3ba3fddc84be01.exe (MD5: 001F3102CADFBBBEDB7178D1B01F4E45) Malicious activity — Interactive analysis ANY.RUN
As you can see, the build is also loading more binaries, interacting with the website joxi.net, which I believe screenshots from log victims are stored.
Doing CTI rocks 😎. I got a log back from a sandbox machine