From Counties to Banks: Tracing the Footprint of Ransomware Attack IoCs
On 11 September 2022, a U.S. country announced that it fell prey to a cyber attack. SecurityScorecard believes the Cryxos trojan may be involved and published an in-depth analysis,1 which included three IP addresses tagged as indicators of compromise (IoCs).
WhoisXML API researchers built on the report in a two-part investigation where we looked into the IoCs involved in the U.S. county attack and those connected to the Cryxos trojan. Our key findings include:
- One of the IP addresses tagged as an IoC had one resolving domain whose WHOIS history led us to 4,400+ potential artifacts.
- We found 390+ domains connected to the Cryxos IoCs, some of which were malicious and targeted banks.
- We uncovered 1,400+ Chase Bank typosquatting properties, nearly half of which were malicious.
Get access to our findings and uncover more on your own. Download the report now.
-  https://securityscorecard.com/research/cyber-risk-intelligence-county-government-cyber-incident-may-have-involved-social-engineering-and-targeting-of-vulnerable-ssh-services