Stripping Down the BlackSuit Ransomware Network Aided by DNS Data
WhoisXML API found 280 artifacts that could be connected to the latest BlackSuit ransomware attack. Download the threat research materials now.
Continue reading Download reportA DNS Deep Dive into the NetSupport RAT Campaign
NetSupport RAT,1 the weaponized version of legitimate remote device administration tool NetSupport Manager, is no longer a newbie when it comes to cyber attacks. It was first used in November 2023 and then again in January 2024.
Security researchers have performed in-depth analyses on the tool, in the process identifying nine domain names as indicators of compromise (IoCs).2
The WhoisXML API research team sought to uncover more potentially connected artifacts by expanding the current list of IoCs. Our DNS deep dive into the NetSupport RAT campaign led to the discovery of:
- 239 email-connected domains
- 1,010 registrant-connected domains
- Three IP addresses, all of which turned out to be malicious
- Two string-connected domains
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://blog.talosintelligence.com/detecting-evolving-threats-netsupport-rat/
- [2] https://github.com/Cisco-Talos/IOCs/blob/main/2024/08/detecting-evolving-threats-netsupport-rat.txt