December 8, 2023

The U.S. CISA has updated the alert on Conti ransomware operations, by adding 100 domain names used by the group.

The Indicators of Compromise added to the report was provided by the U.S. Secret Service.

The following domains have registration and naming characteristics similar to domains used by groups that have distributed Conti ransomware. Many of these domains have been used in malicious operations; however, some may be abandoned or may share similar characteristics coincidentally.

Advertisements

Indicators of Compromise

  • badiwaw[.]com
  • balacif[.]com
  • barovur[.]com
  • basisem[.]com
  • bimafu[.]com
  • bujoke[.]com
  • buloxo[.]com
  • bumoyez[.]com
  • bupula[.]com
  • cajeti[.]com
  • cilomum[.]com
  • codasal[.]com
  • comecal[.]com
  • dawasab[.]com
  • derotin[.]com
  • dihata[.]com
  • dirupun[.]com
  • dohigu[.]com
  • dubacaj[.]com
  • fecotis[.]com fipoleb[.]com
  • fofudir[.]com
  • fulujam[.]com
  • ganobaz[.]com
  • gerepa[.]com
  • gucunug[.]com guvafe[.]com
  • hakakor[.]com
  • hejalij[.]com
  • hepide[.]com
  • hesovaw[.]com
  • hewecas[.]com
  • hidusi[.]com
  • hireja[.]com
  • hoguyum[.]com
  • jecubat[.]com
  • jegufe[.]com
  • joxinu[.]com
  • kelowuh[.]com
  • kidukes[.]com kipitep[.]com
  • kirute[.]com
  • kogasiv[.]com
  • kozoheh[.]com
  • kuxizi[.]com
  • kuyeguh[.]com
  • lipozi[.]com
  • lujecuk[.]com
  • masaxoc[.]com
  • mebonux[.]com
  • mihojip[.]com
  • modasum[.]com
  • moduwoj[.]com
  • movufa[.]com
  • nagahox[.]com
  • nawusem[.]com
  • nerapo[.]com
  • newiro[.]com
  • paxobuy[.]com
  • pazovet[.]com pihafi[.]com
  • pilagop[.]com
  • pipipub[.]com
  • pofifa[.]com
  • radezig[.]com
  • raferif[.]com
  • ragojel[.]com
  • rexagi[.]com
  • rimurik[.]com
  • rinutov[.]com
  • rusoti[.]com
  • sazoya[.]com
  • sidevot[.]com
  • solobiv[.]com
  • sufebul[.]com
  • suhuhow[.]com
  • sujaxa[.]com
  • tafobi[.]com tepiwo[.]com
  • tifiru[.]com tiyuzub[.]com
  • tubaho[.]com
  • vafici[.]com
  • vegubu[.]com
  • vigave[.]com
  • vipeced[.]com
  • vizosi[.]com
  • vojefe[.]com
  • vonavu[.]com
  • wezeriw[.]com
  • wideri[.]com
  • wudepen[.]com
  • wuluxo[.]com
  • wuvehus[.]com
  • wuvici[.]com
  • wuvidi[.]com
  • xegogiv[.]com
  • xekezix[.]com

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d