May 28, 2023

The U.S. CISA has updated the alert on Conti ransomware operations, by adding 100 domain names used by the group.

The Indicators of Compromise added to the report was provided by the U.S. Secret Service.

The following domains have registration and naming characteristics similar to domains used by groups that have distributed Conti ransomware. Many of these domains have been used in malicious operations; however, some may be abandoned or may share similar characteristics coincidentally.

Advertisements

Indicators of Compromise

  • badiwaw[.]com
  • balacif[.]com
  • barovur[.]com
  • basisem[.]com
  • bimafu[.]com
  • bujoke[.]com
  • buloxo[.]com
  • bumoyez[.]com
  • bupula[.]com
  • cajeti[.]com
  • cilomum[.]com
  • codasal[.]com
  • comecal[.]com
  • dawasab[.]com
  • derotin[.]com
  • dihata[.]com
  • dirupun[.]com
  • dohigu[.]com
  • dubacaj[.]com
  • fecotis[.]com fipoleb[.]com
  • fofudir[.]com
  • fulujam[.]com
  • ganobaz[.]com
  • gerepa[.]com
  • gucunug[.]com guvafe[.]com
  • hakakor[.]com
  • hejalij[.]com
  • hepide[.]com
  • hesovaw[.]com
  • hewecas[.]com
  • hidusi[.]com
  • hireja[.]com
  • hoguyum[.]com
  • jecubat[.]com
  • jegufe[.]com
  • joxinu[.]com
  • kelowuh[.]com
  • kidukes[.]com kipitep[.]com
  • kirute[.]com
  • kogasiv[.]com
  • kozoheh[.]com
  • kuxizi[.]com
  • kuyeguh[.]com
  • lipozi[.]com
  • lujecuk[.]com
  • masaxoc[.]com
  • mebonux[.]com
  • mihojip[.]com
  • modasum[.]com
  • moduwoj[.]com
  • movufa[.]com
  • nagahox[.]com
  • nawusem[.]com
  • nerapo[.]com
  • newiro[.]com
  • paxobuy[.]com
  • pazovet[.]com pihafi[.]com
  • pilagop[.]com
  • pipipub[.]com
  • pofifa[.]com
  • radezig[.]com
  • raferif[.]com
  • ragojel[.]com
  • rexagi[.]com
  • rimurik[.]com
  • rinutov[.]com
  • rusoti[.]com
  • sazoya[.]com
  • sidevot[.]com
  • solobiv[.]com
  • sufebul[.]com
  • suhuhow[.]com
  • sujaxa[.]com
  • tafobi[.]com tepiwo[.]com
  • tifiru[.]com tiyuzub[.]com
  • tubaho[.]com
  • vafici[.]com
  • vegubu[.]com
  • vigave[.]com
  • vipeced[.]com
  • vizosi[.]com
  • vojefe[.]com
  • vonavu[.]com
  • wezeriw[.]com
  • wideri[.]com
  • wudepen[.]com
  • wuluxo[.]com
  • wuvehus[.]com
  • wuvici[.]com
  • wuvidi[.]com
  • xegogiv[.]com
  • xekezix[.]com
Tags:

Leave a Reply

You may have missed

Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
Buhti Ransomware Dissection

Buhti Ransomware Dissection

May 26, 2023
Volt Typhoon – Chinese Threat Actor Targetting US Infra

Volt Typhoon – Chinese Threat Actor Targetting US Infra

May 25, 2023
%d bloggers like this: