Peering into Midnight Blizzard’s DNS Footprint
WhoisXML API found 160 artifacts that could be connected to Midnight Blizzard. Download the threat research materials now.
Continue reading Download reportStripping Down the BlackSuit Ransomware Network Aided by DNS Data
Ransomware attacks are among the biggest threats organizations face, potentially costing them millions of dollars. One of the most recent campaigns involves the BlackSuit ransomware, a rebranded version of Royal ransomware. BlackSuit actors stole and exposed 1 million individuals’ full names, Social Security numbers (SSNs), birthdays, and insurance claim details.1
In response, the Cybersecurity and Infrastructure Security Agency (CISA) updated its BlackSuit ransomware advisory, which now includes 91 indicators of compromise (IoCs) comprising 14 domain names, five subdomains, and 72 IP addresses.2
Our researchers expanded the list of IoCs to uncover more potentially connected artifacts. Using WHOIS, IP, and DNS intelligence, our analysis led to the discovery of:
- 112 email-connected domains
- 10 additional IP addresses, five of which were found to be malicious
- 21 IP-connected domains
- 137 string-connected domains
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://www.bleepingcomputer.com/news/security/blacksuit-ransomware-stole-data-of-950-000-from-software-vendor/
- [2] https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a