Exposing the New Potential Ways Royal Ransomware Gets Delivered
A threat actor Microsoft dubbed “DEV-0569” found new ways to deploy Royal ransomware.1 One is right up our alley, as the tactic involved using typosquatting domains.
WhoisXML API researchers built on Microsoft’s report and conducted a three-part investigation, revealing:
- 50+ domains connected to a Royal ransomware IoC through their WHOIS records
- 3,000+ typosquatting domains targeting software typically impersonated by DEV-0569
- Dozens of malicious artifacts, some of which had unredacted registrant email addresses also used to register 380+ other suspicious domains
Get access to our findings and uncover more on your own. Download the report now.
—
- [1] https://www.microsoft.com/en-us/security/blog/2022/11/17/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads/