A DNS Investigation of the Phobos Ransomware 8Base Attack | WhoisXML API

Threat Reports

A DNS Investigation of the Phobos Ransomware 8Base Attack

Phobos ransomware, distributed via the ransomware-as-a-service (RaaS) business model, reemerged in connection to an 8Base attack.1

A total of 63 indicators of compromise (IoCs) comprising 46 domains and 17 IP addresses have been made public on 5 March 2024. The WhoisXML API research team sought to find out more about the 8Base Phobos ransomware campaign aided by our comprehensive DNS intelligence.

Our in-depth analysis found:

  • 368 email-connected domains
  • Three additional IP addresses, one of which is already tagged as malicious
  • 13 IP-connected domains
  • 20 string-connected domains

Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response.

  • [1] https://medium.com/@Intel_Ops/phobos-ransomware-analysing-associated-infrastructure-used-by-8base-646560302a8d
Try our WhoisXML API for free
Get started