Stripping Down the BlackSuit Ransomware Network Aided by DNS Data
WhoisXML API found 280 artifacts that could be connected to the latest BlackSuit ransomware attack. Download the threat research materials now.
Continue reading Download reportInspecting Konfety’s Evil Twin Apps through the DNS Lens
Taking time out to duplicate mobile apps to create “evil twins” instead of just poisoning the versions available for download on marketplaces is a relatively novel infection tactic—one the threat actors behind Konfety used.1 At least 250 mobile apps on Google Play alone have been affected so far and that could lead to ad fraud, unwanted browser extension installation, illicit web search monitoring, and sideloading malicious code onto devices.
A report published 23 indicators of compromise (IoCs) related to the attack. By expanding the current IoC list, WhoisXML API found potentially connected artifacts, including:
- 302 email-connected domains
- Five additional IP addresses, two of which turned out to be malicious
- Eight IP-connected domains, one of which turned out to be associated with malware distribution
- 326 string-connected domains, one of which turned out to be connected with malware distribution
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-konfety-spreads-evil-twin-apps-for-multiple-fraud-schemes