<aside> 💡

Profiling ‘Chucky’, the owner of leakbase.io

</aside>

Period: 2024/11/25 (Mon) ~

2024/12/15 (Sun) (21 days)

(After work, using weekend time)

Ⅰ. Executive Summary

• leakbase.io is directly operated or supported by the cybercrime organization 'ARES', and Chucky, the operator (Owner) within the leakbase.io domain, is presumed to be a simple IT/system administrator
• Appeared in June 2021 using the nickname chucky as the operator of the LeakBase domain
• Chucky sells various types and ranges of data and software through leakbase.io, including DB data leaks from Chinese mobile manufacturers, Spanish IT companies, the Indian government, and American companies, logs, malware, SQL dumps, and cracked paid security software, through membership.
• leakbase.io is characterized by prohibiting the sharing of data related to Russia, which may be a strategic choice to avoid conflict with Russian state agencies and hackers, avoid tracking, or sympathize with a specific cybercrime community
• Cybercrime organization 'ARES' actively cooperates and employs cybercriminal individuals or organizations worldwide to systematically operate, and possesses technological capabilities ranging from hacking advice, penetration testing, company data to zero-day attacks, and government and military data leaks, so caution is advised.

Ⅱ. Detailed Analysis

<aside> 💡

The entire profiling process was performed as follows: 1. Initial Planning and Preparation → 2. Data Collection → 3. Behavioral Profiling → 4. Visualizing Connections → 5. Report Preparation → 6. Writing Report. Please refer to Appendix for detailed profiling process.

</aside>

1. OSINT results for ‘Chucky’ user

• Results of profiling analysis of confirmed chucky users' IDs, emails, messengers, etc.

※ PGP Key, GitHub, X, Threads, etc. require Cross-Referencing to match Chucky's activity information.