CISA shares list of #domains involved in Conti ransomware attacks

CISA, the Cybersecurity & Infrastructure Security Agency, has been tracking the spreading and attacks of Conti ransomware.

Along with the FBI, CISA have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.

In doing so, CISA has released a list of 98 domain names, that are mostly six or seven letters in length and all are .com:

The following domains have registration and naming characteristics similar to domains used by groups that have distributed Conti ransomware. Many of these domains have been used in malicious operations; however, some may be abandoned or may share similar characteristics coincidentally.

badiwaw[.]com
balacif[.]com
barovur[.]com
basisem[.]com
bimafu[.]com
bujoke[.]com
buloxo[.]com
bumoyez[.]com
bupula[.]com
cajeti[.]com
cilomum[.]com
codasal[.]com
comecal[.]com
dawasab[.]com
derotin[.]com
dihata[.]com
dirupun[.]com
dohigu[.]com
dubacaj[.]com
fecotis[.]com
fipoleb[.]com
fofudir[.]com
fulujam[.]com
ganobaz[.]com
gerepa[.]com
gucunug[.]com
guvafe[.]com
hakakor[.]com
hejalij[.]com
hepide[.]com
hesovaw[.]com
hewecas[.]com
hidusi[.]com
hireja[.]com
hoguyum[.]com
jecubat[.]com
jegufe[.]com
joxinu[.]com
kelowuh[.]com
kidukes[.]com
kipitep[.]com
kirute[.]com
kogasiv[.]com
kozoheh[.]com
kuxizi[.]com
kuyeguh[.]com
lipozi[.]com
lujecuk[.]com
masaxoc[.]com
mebonux[.]com
mihojip[.]com
modasum[.]com
moduwoj[.]com
movufa[.]com
nagahox[.]com
nawusem[.]com
nerapo[.]com
newiro[.]com
paxobuy[.]com
pazovet[.]com
pihafi[.]com
pilagop[.]com
pipipub[.]com
pofifa[.]com
radezig[.]com
raferif[.]com
ragojel[.]com
rexagi[.]com
rimurik[.]com
rinutov[.]com
rusoti[.]com
sazoya[.]com
sidevot[.]com
solobiv[.]com
sufebul[.]com
suhuhow[.]com
sujaxa[.]com
tafobi[.]com
tepiwo[.]com
tifiru[.]com
tiyuzub[.]com
tubaho[.]com
vafici[.]com
vegubu[.]com
vigave[.]com
vipeced[.]com
vizosi[.]com
vojefe[.]com
vonavu[.]com
wezeriw[.]com
wideri[.]com
wudepen[.]com
wuluxo[.]com
wuvehus[.]com
wuvici[.]com
wuvidi[.]com
xegogiv[.]com
xekezix[.]com

The format of this domain list indicates that the research was done using the cybersecurity tools provided by DomainTools.

Story kudos: Dommunity via Twitter.

Copyright © 2022 DomainGang.com · All Rights Reserved.

Comments

One Response to “CISA shares list of #domains involved in Conti ransomware attacks”
  1. Sky says:

    pigeonware
    pigeonware
    pigeonware

Leave a Reply

Your email address will not be published.

 characters available