Thanks digininja & digip for the constructive comments, so the original IP address from steam sent via email was not the Russian location I tracked the attacker back to but how I did that is not important, yes the original IP was a VPN but none the less I am curious about how theoretically I could proceed from there as I have NO intention of actually following through since my accounts were immediately secured (and for the record they are old accounts I don't use, Amazon just happened to still have valid card details on it)
Basically my question is what would YOU do if you had a confirmed attacker IP address and knew that it had an open UDP port?