Expanding the Conti Ransomware IoCs | WhoisXML API

Threat Reports

Expanding the Conti Ransomware IoCs Using WHOIS and IP Clues

Conti ransomware continues to gain traction via the ransomware-as-a-service (RaaS) business model, with threat actors launching more than 1,000 attacks against various organizations worldwide. In March 2022, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Conti ransomware alert page with close to 100 domain indicators of compromise (IoCs).1

WhoisXML API researchers built on these additional domains to look for more artifacts that could be part of the Conti ransomware network. Our findings include:

  • 270+ domains added since 1 March 2022 that share the same or similar WHOIS details with the domain IoCs
  • 25+ unique IP address resolutions of the 98 domain IoCs
  • 300+ additional domains resolving to the same IP addresses as the domain IoCs
  • More than a dozen connected domains flagged as malicious

Download a sample of the threat research materials now or contact us for accessing the complete research materials.

Try our WhoisXML API for free
Get started