Stripping Down the BlackSuit Ransomware Network Aided by DNS Data
WhoisXML API found 280 artifacts that could be connected to the latest BlackSuit ransomware attack. Download the threat research materials now.
Continue reading Download reportTracking the DNS Footprint of the Polyfill Supply Chain Attackers
Threat actors will always find a way to get into their targets’ networks, even if they have to go through indirect channels. Such was the story behind the Polyfill supply chain attack.
Users of the content delivery network (CDN) service worldwide ended up with compromised networks courtesy of a malicious JavaScript code the cyber attackers injected.
Many cybersecurity researchers looked into the attack and identified several indicators of compromise (IoCs) in their reports. The WhoisXML API research team got hold of a list of six domains identified as such and examined them more closely to identify other potentially connected artifacts.1 Our IoC list expansion led to the discovery of:
- Six IP addresses, two of which turned out to be malicious
- 104 IP-connected domains
- 94 string-connected domains
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://fossa.com/blog/polyfill-supply-chain-attack-details-fixes/