Date Source Activity Links
June 2016
12th In an interview aired by ITV (one of the most popular terrestrial TV channels in the UK), Assange stated: "we have upcoming leaks in relation to Hillary Clinton which are great" and, when pressed whether WL had stuff "not yet in the public domain", confirmed "we have emails related to Hillary Clinton which are pending publication. That is correct." link | arch
14th DNC release a statement explaining that they've discovered their servers were hacked. - They make mention of "Trump Opposition Research".
link | arch
14th Crowd Strike produce a report onmalware that they found on the DNC's server during an investigation in May, evidence suggests the malware was injected by Russians. link | arch
15th Crowd Strike update a report onmalware that they found on the DNC's server during an investigation in May, evidence suggests the malware was injected by Russians. link | arch
15th Someone choosing to adopt the name of a hacker recently in the news ("Guccifer", whom was in court the previous month), steps forward, calling himself Guccifer2.0 and claiming responsibility for the hack. He affirms the DNC statement and claims to be a source for Wikileaks. The first 5 documents he posts are purposefully tainted with 'Russian Fingerprints' (and don't really appear to have been from the DNC) and the first of those documents just so happens to be the "Trump Opposition Research" the DNC announce on the previous day.

Guccifer 2.0 fabricated his evidence and lied about the source of his evidence. The fabrication and the lie conveniently corroborated claims made by CrowdStrike executives that were published just one day earlier.
link | arch
15th TheSmokingGun publishes article "DNC Hacker Releases Trump Oppo Report" by William Bastone, detailing an email they received from Guccifer2.0 claiming responsibility for the DNC hack - provding a document more damaging to Trump than the DNC as initial proof of being responsible for the breach. link | arch
15th Gawker also report that they've received files from Guccifer2.0 in an article title: "This Looks Like the DNC's Hacked Trump Oppo File" - The article notes the presence of "Felix Edmunovich" in Cyrillic letters within the metadata. link | arch
16th ArsTechnica publish article titled: "Lone wolf claims responsibility for DNC hack, dumps purported Trump smear file" link | arch
16th ArsTechnica publish article titled: "“Guccifer” leak of DNC Trump research has a Russian’s fingerprints on it" link | arch
17th Gawker post an article titled: "Contrary to DNC Claim, Hacked Data Contains a Ton of Personal Donor Information". It mentions that documents that they are provided include the names: "Ernesto Che" and "Felix Edmundovich" in the metadata. link | arch
17th ThreatConnect publish report titled "Rebooting Watergate: Tapping into the Democratic National Committee" link | arch
18th Posts blog entry titled: "New docs from DNC network: lots of financial reports and donors’ personal data" - Seems there's an intent to focus on the fact it has "personal" data, to quote G2: "including e-mail addresses and private cell phone numbers. Ha! Ha! Ha!" link | arch
20th link | arch
20th link | arch
20th Post blog entry titled: "Dossier on Hillary Clinton from DNC. Expect It". Promises to deliver on 21st June. Posts 2 screenshots of a memo (that looks like it was sent to a broad list of people anyway) with everything but a header blurred out showing the email purportedly from Brian Fallon acting as Press Secretary for HFA. Posts tweet linking to article. link | arch
21st Article published titled "We Spoke to DNC Hacker 'Guccifer 2.0'" by Lorenzo Franceschi-Bicchierai. link | arch
21st Articled published titled "Here's the Full Transcript of Our Interview With DNC Hacker 'Guccifer 2.0'" by Lorenzo Franceschi-Bicchierai. link | arch
21st Post blog entry title: "Dossier on Hillary Clinton from DNC" - Containing links to various, widely circulated and non-classified documents relating to the DNC and HRC. - Posted tweet linking to article. link | arch
21st TSG publishes article titled: "DNC Researched Clinton Speeches, Travel Records" link | arch
22nd Posts blog entry titled: "Want to know more about Guccifer 2.0?" link | arch
22nd link | arch
22nd link | arch
23rd Article published titled: "Why Does DNC Hacker 'Guccifer 2.0' Talk Like This?" posted by Lorenzo Franceschi-Bicchierai. Includes language analysis assessments from 3 different individuals. (We check out all of these claims and Guccifer2.0's overall use of language as well as look in more detail at the differences in language construction rather than just take assessments at face value) link | arch
27th Guccifer 2.0 communicates with Cassandra Fairbanks. link
27th TSG publishes article titled: "Tracking The Hackers Who Hit DNC, Clinton" in which Guccifer 2.0 falsely claims DCLeaks is a "sub-project" of WikiLeaks. link | arch
29th ThreatConnect publishes article titled: "The Shiйy ФbjЭkt?" / "Shiny Object? Guccifer 2.0 and the DNC Breach" link | arch
29th link | arch
30th Posts blog entry titled: "FAQ from Guccifer 2.0" link | arch
July 2016
4th link | arch
5th

6:45 PM EDT - Guccifer 2 NGP/VAN documents acquired

link
6th Posts blog entry titled: "Trumpocalypse and other DNC plans for July". Posts tweet linking to article. link | arch
7th link | arch
7th ThreatConnect publish article titled: "What's in a Name Server?" link | arch
8th link | arch
8th link | arch
8th Guccifer 2.0 communicates with Cassandra Fairbanks. link
10th Seth Rich murdered. - There are some who suspect Seth Rich may be related to the leaks. - This article isn't concerned with trying to support or refute that claim, we are only including this for sake of reference in the timeline. link | arch
11th link | arch
14th Posts blog entry titled: "New DNC docs" link | arch
17th link | arch
19th link | arch
19th link | arch
19th link | arch
19th link | arch
19th link | arch
19th link | arch
20th ThreatConnect publish report titled: "Guccifer 2.0: the Man, the Myth, the Legend? " link | arch
22nd Wikileaks start publishing the DNC emails. link | arch
22nd link | arch
26th Kevin Collier of Vocativ publishes article "Guccifer 2.0 Is Likely A Russian Begging Us To Write About DNC Hack" link | arch
26th Joe Uchill of The Hill posts article: "Evidence mounts linking DNC email hacker to Russia" and cites an email he shared with ThreatConnect from which they identify G2 is using a Russian VPN service. link | arch
26th ThreatConnect publish report titled "Guccifer 2.0: All Roads Lead to Russia" link | arch
27th

TAIA Global release a brief (and questionable) analysis asserting that Guccifer2.0 is likely Russian for a variety of contrived reasons quite a few of which require contorting through statistical likelihoods of noun usage between Russian and Romanian languages.

I think this particular effort was well intentioned but was heavily dependent on mathematical parameters (frequencies, averages, etc of word types, etc.) that made it insufficient to draw strong conclusions from in the way that an analysis of langauge flow, sentence construction and frequency of syntactical errors can provide.

arch only
29th ThreatConnect publish report titled "FANCY BEAR Has an (IT) Itch that They Can't Scratch" link | arch
August 2016
12th TSG Publish article by William Bastone titled: "Tracking The Hackers Who Hit DNC, Clinton". link | arch
12th TSG Publish article titled: "Hacker Publishes List Of Cell Phone Numbers, Private E-Mails For Most House Democrats" link | arch
12th ThreatConnect publish report titled "Does a BEAR Leak In The Woods?" which covers Guccifer 2.0's use of DCLeaks as an outlet. link | arch
12th Posts blog entry titled: "Guccifer 2.0 hacked DCCC" link | arch
12th link | arch
12th link | arch
14th Patrick Tucker, writing for Defense One publishes "Russian-Linked Group Leaks US Lawmakers’ Phone Numbers, Emails" - It makes a good, detailed collation of the arguments and assessments that suggest Guccifer2.0 is Russian, is Wikileaks source, is linked to APT-28/APT-29, etc. link | arch
14th link | arch
15th Posts blog entry titled: "DCCC Internal Docs on Primaries in Florida". Posts tweet linking to article (arch). link | arch
15th link | arch
15th Guccifer 2.0 communicates with Robbin Young. link
15th Guccifer 2.0 communicates with Roger Stone. link
16th Guccifer 2.0 communicates with Robbin Young. link
17th Guccifer 2.0 communicates with Roger Stone. link
17th link | arch
19th ThreatConnect publish article titled: "Russian Cyber Operations on Steroids" - Includes good example of a Russian trying to communicate in English. link | arch
21st Guccifer 2.0 communicates with Cassandra Fairbanks. link
21st Guccifer 2.0 communicates with Robbin Young. link
21st Posts blog entry titled: "DCCC Docs On Pensylvania". Posts tweet linking to article (arch). link | arch
25th Guccifer 2.0 communicates with Robbin Young. link
30th Guccifer 2.0 communicates with Robbin Young. link
30th Posts blog entry titled: "DCCC Docs from Pelosi’s PC". Posts tweet linking to article (arch). link | arch
30th link | arch
September 2016
1st

12:00 PM - 4:00 PM EDT - Material for Guccifer 2 ngp-van 7zip file collected

link
2nd ThreatConnect publish article titled "Can A BEAR Fit Down A Rabbit Hole?"

(It includes a perfect example of English language when written by Russians - difficulty with definite articles is a consistent trait rather than being an infrequent flaw, such as we see a lot of the time when Guccifer2 communicates.)
link | arch
2nd link | arch
2nd link | arch
2nd Guccifer 2.0 communicates with Cassandra Fairbanks. link
7th link | arch
9th Guccifer 2.0 communicates with Roger Stone. link
10th link | arch
11th link | arch
12th Jeffrey Carr publishes article titled: "The Guccifer2.0 Problem at the White House" at Medium. link | arch
12th link | arch
13th

Guccifer 2 releases NGP/VAN 7zip file

link
13th Article published titled: "Hacker Guccifer 2.0 Gives Rambling Speech at Cybersecurity Conference" - Includes full transcript of G2's statement for the Cybersecurity Conference. link | arch
15th Posts blog entry titled: "Dems Internal Workings in New Hampshire, Ohio, Illinois, North Carolina" link | arch
22nd link | arch
23rd Posts blog entry title: "Dossier on Ben Ray Lujan". Also posts tweet linking to the article (arch). link | arch
23rd Publishes article titled: "Guccifer 2.0 Releases Hacked Info On Democratic Congressman" by Kevin Collier. link | arch
25th link | arch
25th link | arch
25th link | arch
25th link | arch
25th link | arch
October 2016
4th Posts blog entry titled: "Guccifer 2.0 Hacked Clinton Foundation". Also posts tweet linking to article (arch). link | arch
4th link | arch
4th link | arch
4th link | arch
4th link | arch
4th link | arch
5th Sean Gallagher, for arsTechnica, posts article titled: "Guccifer 2.0 posts DCCC docs, says they’re from Clinton Foundation" link | arch
17th link | arch
18th Posts blog entry titled: "Trump’s taxes: Clinton campaign prepares a new provocation". Also posts Tweet linking to the article (arch). link | arch
25th Jeffrey Carr posts article titled: "The Yandex Domain Problem - Or Who In Russian Intelligence Doesn’t Speak Russian?" - Pointing out an apparent anomaly in the behavior of APT-28 aka "Fancy Bear" aka TF4127 in which it uses a Yandex email for phishing, from a Yandex domain typically used when someone registers from outside of Russia. link | arch
November 2016
4th Posts blog entry titled: "Info from inside the FEC: the Democrats may rig the elections" link | arch
4th link | arch
11th Article is published by DataBreaches.net titled "DCLeaks was a conspiracy to get Trump elected, but wait until you hear these Russian hackers’ motivation!" detailing an interesting story in which a persona with the name "BadVolf" claims to be behind DCLeaks and Guccifer 2.0 apparently turns up mid-conversation. However, BadVolf then struggles to demonstrate he has any real control of DCLeaks. (An article going into a lot more detail about BadVolf is here) link | arch
December 2016
8th ThreatConnect's Toni Gidwani provides a presentation for Duo Tech Talks covering ThreatConnect's findings in 2016 and covers details that confirm their assessment, albeit with a little cherry picking from 3rd party media articles where convenient, discounting the lack of Russian traits in the English language flaws of Guccifer2.0 (that is actually covered in the Vice article Toni cited), whom, they assess, may be a committee of Russians. link
29th ODNI/DHS "GRIZZLY STEPPE – Russian Malicious Cyber Activity" Report published. link | arch
January 2017
6th ODNI/DHS "Background to “Assessing Russian Activities and Intentions
in Recent US Elections”: The Analytic Process and Cyber
Incident Attribution" Report published.
link | mirror
12th Post article titled: "Here I am Again, My Friends!" and an accompanying Tweet (arch). link | arch
14th Mike Wendling of the BBC posts an article titled: "Conversations with a hacker: What Guccifer 2.0 told me" detailing messages sent back and forth between Mike and Guccifer2.0 in October 2016. link | arch
February 2017
8th "Guccifer2.0: Game Over" site is launched. -
10th ODNI/DHS release "Enhanced Analysis of Grizzly Steppe Activity", Guccifer2.0 is only referenced in relation to ThreatConnect tracing him to a Russian VPN. This, however, is unduly conflated with APT28. link | arch
17th tvor_22 posts article highlighting the flaws in reporting on Guccifer2.0 and reports on a discovery made concerning matching RSIDs found in several documents (suggesting the "Russian Fingerprints" may have been applied to several of the documents in an intentional manner.) link | arch
22nd Dave Levinthal of PublicIntegrity.org tweets a screenshot of an email from the FEC's Information Office originally from November 4th in relation to Guccifer2.0's claims to have acquired information from inside the FEC. link | arch
March 2017
5th Publishes article titled: "Hunting the DNC hackers: how Crowdstrike found proof Russia hacked the Democrats" link | arch
8th tvor_22 posts article titled "This Fancy Bear's House is Made of Cards: Russian Fools or Russian Frame-Up" covering the topics of DCLeaks, APT28 and Guccifer 2.0. link | arch
April 2017
3rd Steve Cunningham has an article published in The Gateway Pundit highlighting assumptions made in Thomas Ridt's testimony as well as covering a part of a Twitter DM conversation in which Guccifer 2.0 makes a statement about Seth Rich to Robbin Young. link | arch
11th Steve Cunningham published in The American Thinker covering Kevin Mandia (of FireEye) concession that there is no evidence linking Guccifer 2.0 to the DNC hack. link | arch
May 2017
25th Article title: "Florida GOP consultant admits he worked with Guccifer 2.0, analyzing hacked data" - A recycling of an article originally out in December, main difference, it's a GOP operative called Aaron Nevins rather than the pseudonym "Mark Mieword". link | arch
July 2017
5th The Washington Post publishes an article titled: "Hacked computer server that handled DNC email remains out of reach of Russia investigators" - CrowdStrike, in an attempt to defend themselves, cite disk-images given to the FBI, what they don't say, is whether those images covered the point in time when the emails were exfiltrated from the DNC's network (and it's very likely they don't). link | arch
9th The Forensicator emerges and publishes his first article titled "Guccifer 2.0 NGP/VAN Metadata Analysis" link | arch
14th publishes "Just Six Days After Trump Jr.’s Meeting, Guccifer 2.0 Emailed Me — But There Was One Key Difference" - Pulling Rob Goldstone into the mix on the basis that the Clinton/Russia stuff offered (by a Brit) was a few days apart from Guccifer 2.0's activities. link | arch
September 2017
18th Stephen McIntyre publishes "Time zone of Guccifer 2 cf.7z", an analysis of the archive released by Guccifer 2.0 on October 4, 2016 revealing that the files there appear to have been handled in the CDT time zone. link | arch
19th Forensicator publishes "Guccifer 2.0 CF Files Metadata Analysis". Following on from the analysis and discoveries made by Stephen McIntyre. link | arch
19th Stephen McIntyre publishes: "Guccifer 2 Email Time Zone", highlighting an apparent CDT timezone for Guccifer 2.0 that was possible to determine from an email chain between the persona and The Smoking Gun that originally took place on June 27, 2016. link | arch
23rd Stephen McIntyre publishes "Guccifer 2 and 'Russian' Metadata". link | arch
November 2017
4th publishes "Inside story: How Russians hacked the Democrats’ emails" that details how, in late June 2016, Guccifer 2.0 had pointed reporters to the DCLeaks site. link | arch
       
February 2018
15th
Image
TBA
David Jonathan Blake publishes "Doc 1 – Part One: Manipulations, Fonts & Fakery", providing a look at Guccifer 2.0's first document and documenting the discovery of a GMT+3 indicator. link | arch
15th
Image
TBA
David Jonathan Blake publishes "Doc 1 Part 2: Binary Chunks", providing a look at Guccifer 2.0's first document and documenting the discovery of a GMT+3 indicator. link | arch
March 2018
22nd Daily Beast publishes article about Guccifer 2.0 "slipping up" and leaving behind a Moscow IP address (however, the subsequent Mueller report suggests this was a proxy that was logged into by whoever was behind Guccifer 2.0 rather than a genuine slip-up exposing Guccifer 2.0's real end-point as the Beast story seems to be arguing). link | arch
       
April 2018
30th Forensicator publishes: "Did Guccifer 2.0 fabricate his Russian fingerprints?" - An analysis of Guccifer 2.0's first batch of fabricated documents. link | arch
       
May 2018
10th Forensicator publishes: "Media Mishaps: Early Guccifer 2.0 Coverage". link | arch
29th Forensicator publishes: "Guccifer 2's West Coast Fingerprint" which looks at documents with track changes enabled where a PDT timezone indication was left behind. link | arch
       
August 2018
12th
Image
TBA
Bruce Leidl published "The HRC_pass..zip documents" reporting on the discovery of a CDT time zone indicator discovered in an archive that Guccifer 2.0 had originally released on June 21, 2016. link | arch
       
November 2018
26th Forensicator publishes: "Guccifer 2's Russian Breadcrumbs" - An extensive analysis of Guccifer 2.0's other Russian breadcrumbs. link |arch
       
December 2018
8th Forensicator publishes: "Guccifer 2 Returns To The East Coast" which looks at an EDT timezone indication left behind by Guccifer on July 6, 2016. link | arch
       
April 2019
18th The Mueller Report is published. It attributes Guccifer 2.0 to the GRU but fails to produce compelling evidence to support the attribution. It also reveals that the Moscow IP previously reported on by the Daily Beast was a proxy (that we are to assume was used by GRU officers) but doesn't disclose the IP address, making the claim difficult to scrutinize and impossible to falsify. link
22nd Forensicator publishes: "A Closer Look At Guccifer 2's DNC email attachments". link | arch
29th Forensicator publishes: "More Evidence That Guccifer 2 Planted His Russian Breadcrumbs" - a look at locale indicator conflicts discovered in many documents Guccifer 2.0 released in July 2017. link | arch
       
May 2019
6th G2GO article: "The Mueller Report - Expensive Estimations And Elusive Evidence" is published, detailing the shortcomings and lack of evidence in relation to the technical portions of the Mueller report. link
27th Forensicator publishes: "Transfer Rate Suggests Guccifer 2 used a Thumb Drive in the US Central Timezone" - a closer look at Guccifer 2’s HRC_pass.zip file reaching the surprising conclusion that its source data was likely copied from a thumb drive, at a location somewhere in the US. link | arch
       
June 2019
17th Forensicator publishes "The Campbell Coincidence", a response to Duncan Campbell's timestamp tampering theory arguing that transfer durations and outliers were ignored. link | arch
October 2019
29th G2GO article: "Why Were Miranda's Mails Missed By Mueller?" questions a troubling absence of evidence relating to the acquisition of the DNC's emails. link
December 2019
20th G2GO article: "Guccifer 2.0: Evidence Versus GRU Attribution" is published (likely to be the final detailed summary of discoveries to be published by the project). link
April 2020
29th Roger Stone's FBI arrest warrant application is released into the public domain. The document reveals dialog between Guccifer 2.0 and WikiLeaks that wasn't previously known. link
May 2020
21st Article titled "Guccifer 2.0's Hidden Agenda" published in Consortium News looks at Guccifer 2.0's efforts to associate itself with WikiLeaks in the context of what we know about the persona [disclosure: article authored by myself]. link