Type,Value,Confidence,DateAdded,LastModified,Description,Source,Tags Address,104.217.62.110,90,10-30-2020,10-30-2020,"IP hosts a most likely Ryuk domain on a dedicated server, as of October 30 2020. ",ThreatConnect Enrichment,Dedicated Server;Ryuk;Wizard Spider;UNC1878 Address,104.149.170.190,90,10-30-2020,10-30-2020,"IP hosts a most likely Ryuk domain on a dedicated server, as of October 30 2020. ",ThreatConnect Enrichment,Wizard Spider;Dedicated Server;UNC1878;Ryuk Address,172.106.86.6,90,10-30-2020,10-30-2020,"IP hosts a most likely Ryuk domain on a dedicated server, as of October 30 2020. ",ThreatConnect Enrichment,Wizard Spider;UNC1878;Dedicated Server;Ryuk Address,104.149.170.182,90,10-30-2020,10-30-2020,"IP hosts a most likely Ryuk domain on a dedicated server, as of October 30 2020. ",ThreatConnect Enrichment,Wizard Spider;UNC1878;Ryuk;Dedicated Server Address,104.217.62.111,90,10-30-2020,10-30-2020,"IP hosts a most likely Ryuk domain on a dedicated server, as of October 30 2020. ",ThreatConnect Enrichment,Dedicated Server;Ryuk;Wizard Spider;UNC1878 Address,104.149.170.166,90,10-30-2020,10-30-2020,"IP hosts a most likely Ryuk domain on a dedicated server, as of October 30 2020. ",ThreatConnect Enrichment,UNC1878;Wizard Spider;Ryuk;Dedicated Server Address,172.106.86.5,90,10-30-2020,10-30-2020,"IP hosts a most likely Ryuk domain on a dedicated server, as of October 30 2020. ",ThreatConnect Enrichment,Ryuk;Wizard Spider;Dedicated Server;UNC1878 Address,104.149.168.222,90,10-30-2020,10-30-2020,"IP hosts a most likely Ryuk domain on a dedicated server, as of October 30 2020. ",ThreatConnect Enrichment,Dedicated Server;Wizard Spider;UNC1878;Ryuk Address,172.106.86.4,90,10-30-2020,10-30-2020,"IP hosts a most likely Ryuk domain on a dedicated server, as of October 30 2020. ",ThreatConnect Enrichment,Ryuk;UNC1878;Wizard Spider;Dedicated Server Host,nasupdater.com,90,10-30-2020,10-30-2020,Most likely Ryuk domain registered on October 27 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,UNC1878;Dedicated Server;Ryuk;Wizard Spider Host,nashelper.com,90,10-30-2020,10-30-2020,Most likely Ryuk domain registered on October 27 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Wizard Spider;Ryuk;UNC1878;Dedicated Server Host,nasbooster.com,90,10-30-2020,10-30-2020,Most likely Ryuk domain registered on October 27 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk;UNC1878;Wizard Spider;Dedicated Server Host,ibackupview.com,90,10-30-2020,10-30-2020,Most likely Ryuk domain registered on October 27 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;UNC1878;Ryuk;Wizard Spider Host,ibackupupdate.com,90,10-30-2020,10-30-2020,Most likely Ryuk domain registered on October 27 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk;Wizard Spider;UNC1878 Host,ibackupboost.com,90,10-30-2020,10-30-2020,Most likely Ryuk domain registered on October 27 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk;Wizard Spider;UNC1878 Host,checksservice.com,90,10-30-2020,10-30-2020,Most likely Ryuk domain registered on October 27 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk;Wizard Spider;UNC1878;Dedicated Server Host,iservicec.com,90,10-30-2020,10-30-2020,Most likely Ryuk domain registered on October 27 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk;Dedicated Server;Wizard Spider;UNC1878 Host,uncheckhel.com,90,10-30-2020,10-30-2020,Most likely Ryuk domain registered on October 27 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Wizard Spider;Ryuk;Dedicated Server;UNC1878 Address,104.149.168.213,90,10-29-2020,10-30-2020,"IP hosts most likely Ryuk domain backupslive.com on a dedicated server, as of October 29 2020.",ThreatConnect Enrichment,Ryuk;Dedicated Server;UNC1878;Wizard Spider Host,backupslive.com,90,10-29-2020,10-30-2020,"Most likely Ryuk domain registered on October 27 2020 through NameCheap and hosted on a dedicated server at 104.149.168.213. Per Censys, domain uses an SSL certificate with similar subject string (""C=US, ST=TX, L=Texas, O=lol, OU=,"") compared to previous Ryuk infrastructure. ",ThreatConnect Enrichment,Ryuk;Dedicated Server;UNC1878;Wizard Spider Address,209.141.34.91,50,10-29-2020,10-29-2020,IP hosts a possible Ryuk domain as of October 29 2020.,ThreatConnect Enrichment,Ryuk;UNC1878;Wizard Spider;Dedicated Server Host,thecheckupdater.com,50,10-29-2020,10-29-2020,Possible Ryuk domain registered on October 26 2020 and hosted on a probable dedicated server.,ThreatConnect Enrichment,Ryuk;UNC1878;Wizard Spider;Dedicated Server Host,supservupdate.com,50,10-29-2020,10-29-2020,Possible Ryuk domain registered on October 26 2020 and hosted on a probable dedicated server.,ThreatConnect Enrichment,Ryuk;UNC1878;Wizard Spider;Dedicated Server Host,boost-helper.com,50,10-29-2020,10-29-2020,Possible Ryuk domain registered on October 26 2020 and hosted on a probable dedicated server.,ThreatConnect Enrichment,Ryuk;UNC1878;Wizard Spider;Dedicated Server Address,205.185.127.215,50,10-29-2020,10-29-2020,IP hosts a possible Ryuk domain as of October 29 2020.,ThreatConnect Enrichment,Ryuk;UNC1878;Wizard Spider;Dedicated Server Address,209.141.61.43,50,10-29-2020,10-29-2020,IP hosts a possible Ryuk domain as of October 29 2020.,ThreatConnect Enrichment,Ryuk;UNC1878;Wizard Spider;Dedicated Server Address,172.106.86.22,90,10-29-2020,10-29-2020,"IP hosts a most likely Ryuk domain on a dedicated server, as of October 29 2020. ",ThreatConnect Enrichment,Wizard Spider;Dedicated Server;Ryuk;UNC1878 Address,190.211.254.156,50,10-29-2020,10-29-2020,"IP hosts a possible Ryuk domain on a dedicated server, as of October 29 2020.",ThreatConnect Enrichment,UNC1878;Dedicated Server;Ryuk;Wizard Spider Address,172.106.86.13,50,10-29-2020,10-29-2020,"IP hosts a possible Ryuk domain on a dedicated server, as of October 29 2020.",ThreatConnect Enrichment,Wizard Spider;Ryuk;UNC1878;Dedicated Server Address,209.141.49.233,90,10-29-2020,10-29-2020,"IP hosts a most likely Ryuk domain on a dedicated server, as of October 29 2020. ",ThreatConnect Enrichment,UNC1878;Wizard Spider;Dedicated Server;Ryuk Address,104.217.8.103,50,10-29-2020,10-29-2020,"IP hosts a possible Ryuk domain on a dedicated server, as of October 29 2020.",ThreatConnect Enrichment,UNC1878;Wizard Spider;Ryuk;Dedicated Server Host,iupdaters.com,50,10-29-2020,10-29-2020,Possible Ryuk domain registered through Openprovider on October 23 2020 and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk;Dedicated Server;UNC1878;Wizard Spider Host,iupdatemaster.com,50,10-29-2020,10-29-2020,Possible Ryuk domain registered through Openprovider on October 23 2020 and hosted on a dedicated server.,ThreatConnect Enrichment,UNC1878;Dedicated Server;Ryuk;Wizard Spider Host,imasterupdate.com,50,10-29-2020,10-29-2020,Possible Ryuk domain registered through Openprovider on October 23 2020 and hosted on a dedicated server.,ThreatConnect Enrichment,Wizard Spider;UNC1878;Dedicated Server;Ryuk Host,itopupdater.com,90,10-29-2020,10-29-2020,"Most likely Ryuk domain registered on October 23 2020 through Openprovider and hosted on a dedicated server. Per Censys, domain uses an SSL certificate with similar subject string (""C=US, ST=TX, L=Texas, O=lol, OU=,"") compared to previous Ryuk infrastructure.",ThreatConnect Enrichment,UNC1878;Wizard Spider;Ryuk;Dedicated Server Host,it1booster.com,90,10-29-2020,10-29-2020,"Most likely Ryuk domain registered on October 23 2020 through Openprovider and hosted on a dedicated server. Per Censys, domain uses an SSL certificate with similar subject string (""C=US, ST=TX, L=Texas, O=lol, OU=,"") compared to previous Ryuk infrastructure.",ThreatConnect Enrichment,UNC1878;Ryuk;Wizard Spider;Dedicated Server Host,idrivecheck.com,45,10-28-2020,10-28-2020,Most likely Ryuk domain registered on October 25 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Cobalt Strike;Ryuk Address,205.185.123.62,90,10-28-2020,10-28-2020,IP address used to host a most likely Ryuk domain on a dedicated server in late October 2020.,ThreatConnect Enrichment,Ryuk Address,81.17.28.70,90,10-28-2020,10-28-2020,IP address used to host a most likely Ryuk domain on a dedicated server in late October 2020.,ThreatConnect Enrichment,Ryuk Address,81.17.28.122,90,10-28-2020,10-28-2020,IP address used to host a most likely Ryuk domain on a dedicated server in late October 2020.,ThreatConnect Enrichment,Ryuk Address,179.43.128.3,90,10-28-2020,10-28-2020,IP address used to host a most likely Ryuk domain on a dedicated server in late October 2020.,ThreatConnect Enrichment,Ryuk Address,205.185.121.134,90,10-28-2020,10-28-2020,IP address used to host a most likely Ryuk domain on a dedicated server in late October 2020.,ThreatConnect Enrichment,Ryuk Address,81.17.28.105,90,10-28-2020,10-28-2020,IP address used to host a most likely Ryuk domain on a dedicated server in late October 2020.,ThreatConnect Enrichment,Ryuk Address,179.43.158.171,90,10-28-2020,10-28-2020,IP address used to host a most likely Ryuk domain on a dedicated server in late October 2020.,ThreatConnect Enrichment,Ryuk Address,179.43.133.44,90,10-28-2020,10-28-2020,IP address used to host a most likely Ryuk domain on a dedicated server in late October 2020.,ThreatConnect Enrichment,Ryuk Address,179.43.160.205,90,10-28-2020,10-28-2020,IP address used to host a most likely Ryuk domain on a dedicated server in late October 2020.,ThreatConnect Enrichment,Ryuk Address,179.43.128.5,90,10-28-2020,10-28-2020,IP address used to host a most likely Ryuk domain on a dedicated server in late October 2020.,ThreatConnect Enrichment,Cobalt Strike;Ryuk Address,205.185.126.172,90,10-28-2020,10-28-2020,IP address used to host a most likely Ryuk domain on a dedicated server in late October 2020.,ThreatConnect Enrichment,Ryuk Host,service1upd.com,90,10-28-2020,10-28-2020,Most likely Ryuk domain registered on October 25 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,service1boost.com,90,10-28-2020,10-28-2020,Most likely Ryuk domain registered on October 25 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,idriveview.com,90,10-28-2020,10-28-2020,Most likely Ryuk domain registered on October 25 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,idriveupdate.com,90,10-28-2020,10-28-2020,Most likely Ryuk domain registered on October 25 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,idriverrs.com,90,10-28-2020,10-28-2020,Most likely Ryuk domain registered on October 25 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,idrivehepler.com,90,10-28-2020,10-28-2020,Most likely Ryuk domain registered on October 25 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,idrivefinder.com,90,10-28-2020,10-28-2020,Most likely Ryuk domain registered on October 25 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,idrivedwn.com,90,10-28-2020,10-28-2020,Most likely Ryuk domain registered on October 25 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,idrivedownload.com,90,10-28-2020,10-28-2020,Most likely Ryuk domain registered on October 25 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,idriveboost.com,90,10-28-2020,10-28-2020,Most likely Ryuk domain registered on October 25 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk File,27B341FA2AA731335273204CB112A414 : 3BA6EBC1CECA4A37FD13AC4875F2AFDDB046151C : 2FACD367C1299EF200934CFD06279F177F9E3145164E4BD595E2B94A403A1B02,100,10-28-2020,10-28-2020,Cobalt Strike executable communicates with most likely Ryuk domain idrivecheck.com.,ThreatConnect Enrichment,Cobalt Strike;Ryuk Address,45.153.241.167,90,10-23-2020,10-23-2020,IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,45.147.231.222,90,10-23-2020,10-23-2020,IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,45.153.241.153,90,10-23-2020,10-23-2020,IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.153.241.158,90,10-23-2020,10-23-2020,IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,45.153.241.146,90,10-23-2020,10-23-2020,IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,45.153.241.141,90,10-23-2020,10-23-2020,IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.153.241.14,90,10-23-2020,10-23-2020,IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,45.153.241.138,90,10-23-2020,10-23-2020,IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,45.153.241.139,90,10-23-2020,10-23-2020,IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.153.241.134,90,10-23-2020,10-23-2020,IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Host,view-backup.com,90,10-23-2020,10-23-2020,"Most likely Ryuk domain registered on October 20 2020 through NameCheap and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,top3servicebooster.com,90,10-23-2020,10-23-2020,"Most likely Ryuk domain registered on October 20 2020 through NameCheap and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,servicereader.com,90,10-23-2020,10-23-2020,"Most likely Ryuk domain registered on October 20 2020 through NameCheap and hosted on a dedicated server. ",ThreatConnect Enrichment,Ryuk;Dedicated Server Host,servicehel.com,90,10-23-2020,10-23-2020,"Most likely Ryuk domain registered on October 20 2020 through NameCheap and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,service1view.com,90,10-23-2020,10-23-2020,"Most likely Ryuk domain registered on October 20 2020 through NameCheap and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,service1update.com,90,10-23-2020,10-23-2020,"Most likely Ryuk domain registered on October 20 2020 through NameCheap and hosted on a dedicated server. ",ThreatConnect Enrichment,Ryuk;Dedicated Server Host,driver1downloads.com,90,10-23-2020,10-23-2020,"Most likely Ryuk domain registered on October 20 2020 through NameCheap and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,driver-boosters.com,90,10-23-2020,10-23-2020,"Most likely Ryuk domain registered on October 20 2020 through NameCheap and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,backups1helper.com,90,10-23-2020,10-23-2020,"Most likely Ryuk domain registered on October 20 2020 through NameCheap and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,service-hel.com,90,10-23-2020,10-23-2020,"Most likely Ryuk domain registered on October 20 2020 through NameCheap and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk File,ED0F520D410A684C6D0548DBF4CAEA98 : 6381FC7E6D39549E0F7E65AC8151EEB6D70ECEF9 : 093AC1213B112C7EB7C46000F04160AF37339CE0D6FFF514F0941F2B5AB48829,100,10-23-2020,10-23-2020,Malicious executable communicates with most likely Ryuk domain servicereader.com.,ThreatConnect Enrichment, File,6C4DACBEFCA90DAD7EF318604E635E89 : 5810D3A052D459760DEFBF479BE15DF1EEBFF48F : 1C05380AF47696F7D7EF84B452FA4F662158D9F1CAF7AD01A455061081D13653,100,10-23-2020,10-23-2020,Malicious executable communicates with most likely Ryuk domain servicereader.com.,ThreatConnect Enrichment, Host,driver1master.com,75,10-21-2020,10-21-2020,Probable Ryuk domain registered on October 17 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk;Dedicated Server Host,checktodrivers.com,75,10-21-2020,10-21-2020,Probable Ryuk domain registered on October 17 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk Host,godofservice.com,75,10-21-2020,10-21-2020,Probable Ryuk domain registered on October 17 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk Host,service1updater.com,75,10-21-2020,10-21-2020,Probable Ryuk domain registered on October 17 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk Host,boost-yourservice.com,75,10-21-2020,10-21-2020,Probable Ryuk domain registered on October 17 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk Host,viewdrivers.com,75,10-21-2020,10-21-2020,Probable Ryuk domain registered on October 17 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk Host,driver1updater.com,75,10-21-2020,10-21-2020,Probable Ryuk domain registered on October 17 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk Host,backup1master.com,75,10-21-2020,10-21-2020,Probable Ryuk domain registered on October 17 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk Host,driverdwl.com,75,10-21-2020,10-21-2020,Probable Ryuk domain registered on October 17 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk;Dedicated Server Host,backup1helper.com,75,10-21-2020,10-21-2020,Probable Ryuk domain registered on October 17 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,45.153.241.1,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,45.153.240.136,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,194.36.188.45,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,45.153.240.220,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,45.153.240.178,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,194.36.188.154,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.153.240.194,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.153.240.240,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.153.240.246,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,185.117.75.193,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.153.240.157,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,45.153.240.138,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.153.240.222,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,188.116.36.155,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,45.153.240.133,75,10-21-2020,10-21-2020,IP address used to host a probable Ryuk domain on a dedicated server in mid October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,108.62.12.114,84,10-19-2020,10-19-2020,"IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020. ",ThreatConnect Enrichment,Ryuk;Dedicated Server Address,108.62.12.119,84,10-19-2020,10-19-2020,"IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020. ",ThreatConnect Enrichment,Ryuk;Dedicated Server Address,108.62.12.121,84,10-19-2020,10-19-2020,"IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020. ",ThreatConnect Enrichment,Ryuk;Dedicated Server Address,108.62.12.12,84,10-19-2020,10-19-2020,"IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020. ",ThreatConnect Enrichment,Ryuk;Dedicated Server Address,74.118.138.139,84,10-19-2020,10-19-2020,"IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020. ",ThreatConnect Enrichment,Ryuk;Dedicated Server Address,74.118.138.138,84,10-19-2020,10-19-2020,"IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Address,74.118.138.137,84,10-19-2020,10-19-2020,"IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Address,74.118.138.116,84,10-19-2020,10-19-2020,"IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020. ",ThreatConnect Enrichment,Ryuk;Dedicated Server Address,74.118.138.115,84,10-19-2020,10-19-2020,"IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020. ",ThreatConnect Enrichment,Ryuk;Dedicated Server Address,108.62.12.116,84,10-19-2020,10-19-2020,"IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020. ",ThreatConnect Enrichment,Ryuk;Dedicated Server Address,108.62.12.105,84,10-19-2020,10-19-2020,"IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Address,108.177.235.53,84,10-19-2020,10-19-2020,"IP address used to host a most likely Ryuk domain on a dedicated server in mid October 2020. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,topservicebooster.com,87,10-19-2020,10-19-2020,"Most likely Ryuk domain registered in mid October 2020 and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,topservice-masters.com,87,10-19-2020,10-19-2020,"Most likely Ryuk domain registered in mid October 2020 and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,topbackup-helper.com,87,10-19-2020,10-19-2020,"Most likely Ryuk domain registered in mid October 2020 and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,top3-services.com,87,10-19-2020,10-19-2020,"Most likely Ryuk domain registered in mid October 2020 and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,simpleservice-checker.com,87,10-19-2020,10-19-2020,"Most likely Ryuk domain registered in mid October 2020 and hosted on a dedicated server. ",ThreatConnect Enrichment,Ryuk;Dedicated Server Host,simple-backupbooster.com,87,10-19-2020,10-19-2020,"Most likely Ryuk domain registered in mid October 2020 and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,top-backupservice.com,87,10-19-2020,10-19-2020,"Most likely Ryuk domain registered in mid October 2020 and hosted on a dedicated server. ",ThreatConnect Enrichment,Ryuk;Dedicated Server Host,top-backuphelper.com,87,10-19-2020,10-19-2020,"Most likely Ryuk domain registered in mid October 2020 and hosted on a dedicated server. ",ThreatConnect Enrichment,Ryuk;Dedicated Server Host,bestservicehelper.com,87,10-19-2020,10-19-2020,"Most likely Ryuk domain registered in mid October 2020 and hosted on a dedicated server. ",ThreatConnect Enrichment,Cobalt Strike;Ryuk;Dedicated Server Host,best-nas.com,87,10-19-2020,10-19-2020,"Most likely Ryuk domain registered in mid October 2020 and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,best-backup.com,87,10-19-2020,10-19-2020,"Most likely Ryuk domain registered in mid October 2020 and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk Host,topbackupintheworld.com,87,10-19-2020,10-19-2020,"Most likely Ryuk domain registered in mid October 2020 and hosted on a dedicated server. ",ThreatConnect Enrichment,Dedicated Server;Ryuk File,F8AAE4C883E19E3E1E880E7AE38C2369 : F3CA59DA7702CA9CB8FDB9F1B764EF2C7915A8A5 : 8B6C3018958E7AE20989045811358B1225606000C879000C779444CC50290D9E,100,10-19-2020,10-19-2020,"Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and naming, and most likely associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Address,45.147.230.159,84,10-15-2020,10-15-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk Address,45.147.230.141,84,10-15-2020,10-15-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk Address,45.147.230.140,84,10-15-2020,10-15-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk Address,45.147.230.133,84,10-15-2020,10-15-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk Address,45.147.230.132,84,10-15-2020,10-15-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk Address,45.147.230.131,84,10-15-2020,10-15-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk;Cobalt Strike Address,45.147.229.92,84,10-15-2020,10-15-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk Address,45.147.229.68,84,10-15-2020,10-15-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk Address,45.147.229.52,84,10-15-2020,10-15-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk;Cobalt Strike Address,45.147.229.44,84,10-15-2020,10-15-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk Host,service-checker.com,87,10-15-2020,10-15-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,boost-servicess.com,87,10-15-2020,10-15-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,bakcup-monster.com,87,10-15-2020,10-15-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Cobalt Strike;Ryuk Host,bakcup-checker.com,87,10-15-2020,10-15-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,backup-simple.com,87,10-15-2020,10-15-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,backup-leader.com,87,10-15-2020,10-15-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk;Cobalt Strike Host,backup-helper.com,87,10-15-2020,10-15-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,service-leader.com,87,10-15-2020,10-15-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,nas-simple-helper.com,87,10-15-2020,10-15-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk Host,nas-leader.com,87,10-15-2020,10-15-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk File,BA17A1FD0E350C77A58C88AE6AA28AAA : 1DA3A7A84386AA4A278677BFF97C5E23AA6BBD0A : 2376A8DA650C124B3D916765F82929B4109F20BC4F211A39A4D1CD4391780D1F,100,10-15-2020,10-15-2020,"Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and naming, and, based on 3rd party analysis, associated with Ryuk.",https://www.virustotal.com/gui/file/2376a8da650c124b3d916765f82929b4109f20bc4f211a39a4d1cd4391780d1f/detection/f-2376a8da650c124b3d916765f82929b4109f20bc4f211a39a4d1cd4391780d1f-1602673645,Cobalt Strike;Ryuk File,7430F8E3F9F8716B8DBC548997AD8F8A : 7062CD7B0E0D3EEF423E20AEF39FB330FAF88717 : 4544B478B2029EC38EB4BDA111741A10F0684E38F1B29CE092B93DF882D11F9E,100,10-15-2020,10-15-2020,"Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and naming, and, based on 3rd party analysis, associated with Ryuk.",https://www.virustotal.com/gui/file/4544b478b2029ec38eb4bda111741a10f0684e38f1b29ce092b93df882d11f9e/detection/f-4544b478b2029ec38eb4bda111741a10f0684e38f1b29ce092b93df882d11f9e-1602761394,Cobalt Strike;Ryuk Host,backup1nas.com,47,10-13-2020,10-13-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk;Dedicated Server Host,nasmastrservice.com,47,10-13-2020,10-13-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk Host,backupnas1.com,47,10-13-2020,10-13-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk Host,nas-helper.com,47,10-13-2020,10-13-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk Host,nasmasterservice.com,47,10-13-2020,10-13-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk;Dedicated Server Host,elephantdrrive.com,47,10-13-2020,10-13-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk;Dedicated Server Host,backupmastter.com,47,10-13-2020,10-13-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk;Dedicated Server Host,backup1service.com,47,10-13-2020,10-13-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk Host,open1vpn.com,47,10-13-2020,10-13-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk Host,service-boostter.com,47,10-13-2020,10-13-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Ryuk;Dedicated Server Host,service-hellper.com,47,10-13-2020,10-13-2020,Possible Ryuk domain registered in early October 2020 through NameCheap and hosted on a dedicated server.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,45.138.172.30,44,10-13-2020,10-13-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,45.147.230.87,44,10-13-2020,10-13-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.138.172.95,44,10-13-2020,10-13-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.147.230.30,44,10-13-2020,10-13-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.147.229.253,44,10-13-2020,10-13-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.147.229.180,44,10-13-2020,10-13-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.147.229.128,44,10-13-2020,10-13-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.147.228.77,44,10-13-2020,10-13-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Address,185.25.51.76,44,10-13-2020,10-13-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.147.228.164,44,10-13-2020,10-13-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,45.138.172.51,44,10-13-2020,10-13-2020,IP address used to host a possible Ryuk domain on a dedicated server in early October 2020.,ThreatConnect Enrichment,Dedicated Server;Ryuk Host,zhameharden.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,bithunterr.com,87,09-30-2020,10-11-2020,Cobalt Strike infrastructure identified by Twitter user Bryce (@bryceabdo). Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,https://twitter.com/bryceabdo/status/1309479842119909376,Ryuk;Dedicated Server;Suspicious Name Server Use;Cobalt Strike Host,tiancaii.com,87,09-30-2020,10-11-2020,Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server;Suspicious Name Server Use;Bazar Host,raidbossa.com,87,09-30-2020,10-11-2020,Cobalt Strike infrastructure identified by Twitter user Bryce (@bryceabdo). Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,https://twitter.com/bryceabdo/status/1309479842119909376,Ryuk;Dedicated Server;Suspicious Name Server Use;Cobalt Strike Host,rapirasa.com,87,09-30-2020,10-11-2020,Cobalt Strike infrastructure identified by Twitter user Bryce (@bryceabdo). Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,https://twitter.com/bryceabdo/status/1309479842119909376,Ryuk;Dedicated Server;Suspicious Name Server Use;Cobalt Strike Host,primeviref.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Host,myobtain.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Host,hotlable.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Host,hunbabe.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Host,havemosts.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Host,quwasd.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Host,remotessa.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Host,secondlivve.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Host,service-boosterr.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Host,servicemount.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Host,servicesupdater.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Host,serviceupdatter.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Host,sobcase.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Host,unlockwsa.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Host,wodemayaa.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Host,cheapshhot.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Host,dotmaingame.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Host,blackhoall.com,87,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Host,vnuret.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,servicegungster.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,realgamess.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,wondergodst.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,sweetmonsterr.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,qascker.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,zetrexx.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Host,reginds.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Host,hakunaman.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Host,gtrsqer.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Host,razorses.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Host,harddagger.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,https://twitter.com/bryceabdo/status/1309510426347143168,Ryuk;BEACON;Cobalt Strike Host,checkhunterr.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,check4list.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,https://twitter.com/bryceabdo/status/1309510426347143168,Ryuk;BEACON;Cobalt Strike Host,kungfupandasa.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,biliyilish.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Host,bouths.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Host,jonsonsbabyy.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Host,chekingking.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,pudgeee.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,nomadfunclub.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Host,bugsbunnyy.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,chalengges.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,getinformationss.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,https://twitter.com/bryceabdo/status/1309510426347143168,Ryuk;BEACON;Cobalt Strike Host,gameleaderr.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,https://twitter.com/bryceabdo/status/1309510426347143168,Ryuk;Cobalt Strike;BEACON Host,raaidboss.com,87,09-30-2020,10-11-2020,Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server;Suspicious Name Server Use Host,ayiyas.com,87,09-30-2020,10-11-2020,Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server;Suspicious Name Server Use Address,45.34.6.221,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,https://twitter.com/bryceabdo/status/1309510426347143168,Ryuk;Cobalt Strike;BEACON Address,96.9.225.143,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Address,45.34.6.223,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,https://twitter.com/bryceabdo/status/1309510426347143168,Ryuk;Cobalt Strike;BEACON Address,69.61.38.155,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,96.9.225.144,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,45.34.6.222,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,https://twitter.com/bryceabdo/status/1309510426347143168,Ryuk;BEACON;Cobalt Strike Address,107.173.58.176,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,107.173.58.182,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,107.173.58.179,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,107.173.58.175,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,69.61.38.156,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Address,5.2.64.135,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,88.119.171.77,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,107.173.58.184,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,88.119.171.76,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Address,88.119.175.153,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,88.119.171.78,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,213.252.244.170,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,5.2.72.202,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,5.2.64.133,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Address,88.119.171.74,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,213.252.246.154,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,5.2.64.113,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Address,88.119.171.73,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Address,88.119.171.75,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,109.70.236.134,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,45.34.6.225,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,https://twitter.com/bryceabdo/status/1309510426347143168,Ryuk;Cobalt Strike;BEACON Address,45.34.6.226,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,https://twitter.com/bryceabdo/status/1309510426347143168,Ryuk;BEACON;Cobalt Strike Address,107.173.58.185,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,107.173.58.183,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Address,69.61.38.157,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,45.34.6.229,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,https://twitter.com/bryceabdo/status/1309510426347143168,Ryuk;Cobalt Strike;BEACON Address,107.173.58.180,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Address,88.119.174.132,84,10-11-2020,10-11-2020,,ThreatConnect Enrichment,Cobalt Strike;Ryuk Address,88.119.171.97,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Address,5.2.64.167,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Address,88.119.174.139,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Address,5.2.64.149,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Address,88.119.174.131,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Address,5.2.64.172,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Address,5.2.64.144,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Address,5.2.72.200,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Address,88.119.174.130,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Address,5.2.64.174,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Address,88.119.171.96,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Address,88.119.174.133,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Address,5.2.79.122,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Address,88.119.174.129,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Address,88.119.171.94,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike Address,88.119.175.214,84,10-11-2020,10-11-2020,"Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk Address,213.252.244.126,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.174.119,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.171.67,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.171.55,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,213.252.244.38,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.174.126,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.174.116,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.174.110,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.174.128,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.174.125,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.174.121,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.174.127,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.174.120,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.174.117,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.171.68,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.174.107,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,5.2.70.149,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.174.114,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.174.109,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,213.252.244.62,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.174.118,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,88.119.171.69,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server Address,185.25.50.167,84,09-30-2020,10-11-2020,IP hosts a domain on a probable dedicated server that was registered through MonoVM in late September 2020 using a protonmail email address. The hosted domain is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server EmailAddress,highcicker@protonmail.com,100,10-06-2020,10-11-2020,Email address used to register several domains through MonoVM identified in behavioral information for Cobalt Strike files.,ThreatConnect Enrichment,Ryuk;Registrant Email Account Host,loxliver.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,hurrypotter.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,https://twitter.com/bryceabdo/status/1309510426347143168,Ryuk;BEACON;Cobalt Strike Host,daggerclip.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,https://twitter.com/bryceabdo/status/1309510426347143168,Ryuk;BEACON;Cobalt Strike Host,errvghu.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,martahzz.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,mixunderax.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;Cobalt Strike;BEACON Host,moonshardd.com,84,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Address,69.61.38.132,78,10-06-2020,10-11-2020,Infrastructure identified as part of a large set of domains and IPs communicating with Cobalt Strike / Beacon malicious executables.,ThreatConnect Enrichment,Ryuk;BEACON;Cobalt Strike Host,voiddas.com,87,09-30-2020,10-11-2020,Cobalt Strike infrastructure identified by Twitter user Bryce (@bryceabdo). Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,https://twitter.com/bryceabdo/status/1309479842119909376,Ryuk;Suspicious Name Server Use;Dedicated Server;Cobalt Strike Host,sibalsakie.com,87,09-30-2020,10-11-2020,Cobalt Strike infrastructure identified by Twitter user Bryce (@bryceabdo). Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,https://twitter.com/bryceabdo/status/1309479842119909376,Ryuk;Dedicated Server;Cobalt Strike;Suspicious Name Server Use Host,shabihere.com,87,09-30-2020,10-11-2020,Cobalt Strike infrastructure identified by Twitter user Bryce (@bryceabdo). Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,https://twitter.com/bryceabdo/status/1309479842119909376,Ryuk;Cobalt Strike;Suspicious Name Server Use;Dedicated Server Host,rulemonster.com,87,09-30-2020,10-11-2020,Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Suspicious Name Server Use;Dedicated Server Host,puckhunterrr.com,87,09-30-2020,10-11-2020,Cobalt Strike infrastructure identified by Twitter user Bryce (@bryceabdo). Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,https://twitter.com/bryceabdo/status/1309479842119909376,Ryuk;Cobalt Strike;Suspicious Name Server Use;Dedicated Server;BEACON Host,mountasd.com,87,09-30-2020,10-11-2020,Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server;Suspicious Name Server Use Host,loockfinderrs.com,87,09-30-2020,10-11-2020,Cobalt Strike infrastructure identified by Twitter user Bryce (@bryceabdo). Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,https://twitter.com/bryceabdo/status/1309479842119909376,Ryuk;Cobalt Strike;Suspicious Name Server Use;Dedicated Server Host,lindasak.com,87,09-30-2020,10-11-2020,Cobalt Strike infrastructure identified by Twitter user Bryce (@bryceabdo). Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,https://twitter.com/bryceabdo/status/1309479842119909376,Ryuk;Cobalt Strike;Suspicious Name Server Use;Dedicated Server Host,giveasees.com,87,09-30-2020,10-11-2020,Cobalt Strike infrastructure identified by Twitter user Bryce (@bryceabdo). Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,https://twitter.com/bryceabdo/status/1309479842119909376,Ryuk;Suspicious Name Server Use;Cobalt Strike;Dedicated Server Host,chainnss.com,87,09-30-2020,10-11-2020,Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server;Suspicious Name Server Use File,4D373FDA8175A8C79E2E0DC760325634 : 35EE421837FE02D21C5BD94DA425B1F39F1D73D8 : 062FC14064495F558E1192B675C1F0EEEB87C5CED5C01F81A38FC6B2591508D6,90,09-30-2020,10-11-2020,Beacon shellcode loader communicates with puckhunterrr.com.,https://www.virustotal.com/gui/file/062fc14064495f558e1192b675c1f0eeeb87c5ced5c01f81a38fc6b2591508d6/detection/f-062fc14064495f558e1192b675c1f0eeeb87c5ced5c01f81a38fc6b2591508d6-1601136787,Ryuk;BEACON File,F0A7C2C089F2B1EBDD488E4BDA4AC1CF : 2D763482008BCFA1F0476049029FEF017C58192F : 8E421C6145B4EE499C747C7544D16F331D0BFD282B40EFDDCF66D8EB3FBF51CD,90,09-30-2020,10-11-2020,Cobalt Strike executable communicates with loockfinderrs.com.,https://www.virustotal.com/gui/file/8e421c6145b4ee499c747c7544d16f331d0bfd282b40efddcf66d8eb3fbf51cd/detection/f-8e421c6145b4ee499c747c7544d16f331d0bfd282b40efddcf66d8eb3fbf51cd-1601035627,Ryuk;Cobalt Strike File,6C6846B436EC85B9179AD77FB585E20C : 4D75FD0ECE50BB305A34DB32157DA76C7FA1EF1A : F9C459824E223D5523AC6EDFEA7B842CF168AE135045258B04B4760F4002A86F,90,09-30-2020,10-11-2020,Bazar backdoor communicates with tiancaii.com.,https://www.virustotal.com/gui/file/f9c459824e223d5523ac6edfea7b842cf168ae135045258b04b4760f4002a86f/detection/f-f9c459824e223d5523ac6edfea7b842cf168ae135045258b04b4760f4002a86f-1601379500,Ryuk;Bazar File,B17A9F6D1916471DC4862AEE9A76C26A : 2A92911B56F79BDDEB6CB8B7869ACB7AB9370B5E : 151983EAB306E5FCD22B110CF36DDC2357564D40399D08CE8A70D7F78B0BFBBF,90,09-30-2020,10-11-2020,Beacon shellcode loader communicates with hungrrybaby.com.,https://www.virustotal.com/gui/file/151983eab306e5fcd22b110cf36ddc2357564d40399d08ce8a70d7f78b0bfbbf/detection/f-151983eab306e5fcd22b110cf36ddc2357564d40399d08ce8a70d7f78b0bfbbf-1601402470,Ryuk;BEACON File,F9DE761A08EC8C4CB0DCF9731ACF1417 : 7B5AD0A6F29788DF61388309E9725AA845528669 : 4E4EB3F6F85C8B14003168E9CD9D82C716CF5C04F1D7CB2F003D1CA233D75EED,100,10-11-2020,10-11-2020,"Malicious executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics, and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk File,AF09099729962F25C57CC35E86BFBCF9 : 42333BD6CBE20C64B7CB1B81BCC6110151BAE7EA : B91B4D45B41D0D0CA1BDFAC917C4CD732D32754BCFD7590AC521DC4FE414EBD5,100,10-11-2020,10-11-2020,"Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics, and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk File,12963009969137F99D02129F98465975 : 5A2FBEFCCAC3BCF330ED6F5C57372E5056817094 : C0595BFEA597E67C4E7291E60ED124C5B6FD47ECA5D2A2DEE4AC61864AC6DC5F,100,10-11-2020,10-11-2020,"Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics, and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Cobalt Strike;Ryuk File,52FD3E86AAD283C1958C2BABBBA5D0BC : ED235C4335D0E5791AE2D183E2E41E4EC33CA769 : 7C64C488A58473D9456D4F2F64B7BCB5EEA03C32BD99650C59E38B0993EBA7B3,100,10-11-2020,10-11-2020,"Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics, and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike File,9E7167948AA758165CE8CFE9C18FF599 : E1ADA7D696EC814D5B4F6705155853DF17FDED08 : 328456CC7C585D290BA0543F6183AFB0F8E31A1CFD24019644EA6471129BAD9D,100,10-11-2020,10-11-2020,"Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics, and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike File,F7EE8811189110A112EA32AA64EBA823 : B302C4B84B82190B3D15F8C7788108A13859319D : 93193C90F568AE1EBDBDD5607C00CE250F6C886CEC60724BDCF5E25C6BA82554,100,10-11-2020,10-11-2020,"Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics, and, based on 3rd party analysis, associated with Ryuk.",ThreatConnect Enrichment,Ryuk;Cobalt Strike File,587A9CBCAEC3DDCEEBA5A0FADD601D2D : 384BC386449F6E0C33D9345E6A934F63640E3706 : 2AF2AB80575400C191925D15F83726718655B8ADAD1C7BD02E4ABE21D1004B95,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/2af2ab80575400c191925d15f83726718655b8adad1c7bd02e4abe21d1004b95/detection/f-2af2ab80575400c191925d15f83726718655b8adad1c7bd02e4abe21d1004b95-1601039621,Ryuk;Cobalt Strike File,5DA1EC0C2839285FD6E098E3FFD5874B : 25CBF4DDC74289A68DB98B040386F10E226455FC : 95D4C0E642A3B2C9FAB0A2D90B2D127ED12D9AE1E8E721806E9EEFC75D77EE3C,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/95d4c0e642a3b2c9fab0a2d90b2d127ed12d9ae1e8e721806e9eefc75d77ee3c/detection/f-95d4c0e642a3b2c9fab0a2d90b2d127ed12d9ae1e8e721806e9eefc75d77ee3c-1601038139,Ryuk;Cobalt Strike File,880A45FF31BC540E80ECF2CF93134C12 : A09FB822DA6E6A3B009A6239955F752A49B8CA2D : 694818BA3BBBD14949FEA1441DD15EC721ADC61F7F7DE4CC728F449A2EF2C3C8,90,10-06-2020,10-11-2020,Beacon shellcode loader executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/694818ba3bbbd14949fea1441dd15ec721adc61f7f7de4cc728f449a2ef2c3c8/detection/f-694818ba3bbbd14949fea1441dd15ec721adc61f7f7de4cc728f449a2ef2c3c8-1601553622,Ryuk;BEACON File,BEE5E78994AB779EBC2419AF945D41BD : E51C0E251DD24EB2AA561F1E0B01FAB249674B53 : 956CD22A033DE80926083810A0946AD764E0DF61DFC0AD09AF5E1947327281C9,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/956cd22a033de80926083810a0946ad764e0df61dfc0ad09af5e1947327281c9/detection/f-956cd22a033de80926083810a0946ad764e0df61dfc0ad09af5e1947327281c9-1601035495,Ryuk;Cobalt Strike File,C8777183E31A2AAA6B30F9D2D2103FD3 : 356277603CF3CBC777811069FC631C66874901CB : 798D9D960B1A6DBA959831983573CE7DE2EA376F13F1E0FE7968BEECA37F0540,90,10-06-2020,10-11-2020,Malicious executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/798d9d960b1a6dba959831983573ce7de2ea376f13f1e0fe7968beeca37f0540/detection/f-798d9d960b1a6dba959831983573ce7de2ea376f13f1e0fe7968beeca37f0540-1601959651,Ryuk File,760260BFF15DD371734758C89C748EE4 : 4F957A30DB5599F57777A0377119B9BD7CD40F78 : B294F8636F7AC5318560F3B8F949C1004340923D6AAACEED93481C3BA916D407,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/b294f8636f7ac5318560f3b8f949c1004340923d6aaaceed93481c3ba916d407/detection/f-b294f8636f7ac5318560f3b8f949c1004340923d6aaaceed93481c3ba916d407-1601026519,Ryuk;Cobalt Strike File,2237DD795E50A6D4EF1BD3BAFA8C771F : 366FF7FACA817FB6C99650ABDFBF14B8ECA11FDA : 5B02E00797B0F396B40DBB8223D034A7AA42798A39A89A41EA70A314CEAB478E,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/5b02e00797b0f396b40dbb8223d034a7aa42798a39a89a41ea70a314ceab478e/detection/f-5b02e00797b0f396b40dbb8223d034a7aa42798a39a89a41ea70a314ceab478e-1601029292,Ryuk;Cobalt Strike File,FD8A05A79A3FA71D2F2D2F8DCD3894BD : C36A26B346BD0A1ECB5ED288CFEBEBFFEFB06D0F : 86C18925097FED036B2F63A8C50891266B6D5F0DDDE84EE57F6C4DA06E77100B,90,10-06-2020,10-11-2020,Beacon shellcode loader executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/86c18925097fed036b2f63a8c50891266b6d5f0ddde84ee57f6c4da06e77100b/detection/f-86c18925097fed036b2f63a8c50891266b6d5f0ddde84ee57f6c4da06e77100b-1601878820,Ryuk;BEACON File,B75840AA5B36FE12522F785561A03521 : 2989B2650BA134E3A2EA31108F0C9F7C61817069 : FFD51F3DE4BA08508CA7C19DD15676C2C8F4A61891C1DEA297BB648633485BCD,90,10-06-2020,10-11-2020,Malicious executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/ffd51f3de4ba08508ca7c19dd15676c2c8f4a61891c1dea297bb648633485bcd/detection/f-ffd51f3de4ba08508ca7c19dd15676c2c8f4a61891c1dea297bb648633485bcd-1601849120,Ryuk File,256FA0AE50B4E199B631047F2FE98B58 : BB94BA05B6DAA07443AB330815A6FC074C8D326B : 429650C8E59459C0150AD5CB8853CB46415B70AFB92F45EBC04E8C5FBD382BF2,90,10-06-2020,10-11-2020,Malicious executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/429650c8e59459c0150ad5cb8853cb46415b70afb92f45ebc04e8c5fbd382bf2/detection/f-429650c8e59459c0150ad5cb8853cb46415b70afb92f45ebc04e8c5fbd382bf2-1601977125,Ryuk File,5C1FCE8FA3E228B8F2641BB1F7A29C3F : 29234654F799FF6EA89FADA6AF32763C02FFF1EB : 991A222BDBEB5D25B9F9445496112AF904AC7B677B6296810727E6E403F5F5EB,90,10-06-2020,10-11-2020,Malicious dll communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/991a222bdbeb5d25b9f9445496112af904ac7b677b6296810727e6e403f5f5eb/detection/f-991a222bdbeb5d25b9f9445496112af904ac7b677b6296810727e6e403f5f5eb-1601876258,Ryuk File,1A0DFBD78D21316167F4A05F56E25E6F : E0E3BC73E13628ED2D01184BEAB13BEE6B97676C : B0A5775907994EEA4ADF0FAA505B28160D22507C1690CA508820E26FB4CA3BCA,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/b0a5775907994eea4adf0faa505b28160d22507c1690ca508820e26fb4ca3bca/detection/f-b0a5775907994eea4adf0faa505b28160d22507c1690ca508820e26fb4ca3bca-1601031271,Ryuk;Cobalt Strike File,A8ED5D85A362E3593A5C2E811EF705D1 : 10F70FCC77E24A44601194F2AEFC2477106BBA17 : 71FE1F1CE713E265B2C6693F83ED94A359E43E6AA60322BAEE599BA74A2F2AC0,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/71fe1f1ce713e265b2c6693f83ed94a359e43e6aa60322baee599ba74a2f2ac0/detection/f-71fe1f1ce713e265b2c6693f83ed94a359e43e6aa60322baee599ba74a2f2ac0-1601949148,Ryuk;Cobalt Strike File,7D1504013C7F23E592691F90E6B2B2D5 : 8BCAD2A2EC67A4AD7501C67AE381986E4FD7E323 : BB412455C3988A845EE04CD9F665DF285BB00DFB62AF377FF9A06D6F032E3AA1,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/bb412455c3988a845ee04cd9f665df285bb00dfb62af377ff9a06d6f032e3aa1/detection/f-bb412455c3988a845ee04cd9f665df285bb00dfb62af377ff9a06d6f032e3aa1-1600768506,Ryuk;Cobalt Strike File,E83921068F58178919357D72F7DA4B54 : 4A0BA17833EBE3DF630B45C6EE5175187A94A25C : B485BCB29C5BF53269960A243B051D4FAFCD4AE2B17839E96AFBF8F8FEC8B244,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/b485bcb29c5bf53269960a243b051d4fafcd4ae2b17839e96afbf8f8fec8b244/detection/f-b485bcb29c5bf53269960a243b051d4fafcd4ae2b17839e96afbf8f8fec8b244-1601036023,Ryuk;Cobalt Strike File,C6BAEC0946BF6CCDE48A0413A9C49C1B : 277410845DE23288C4AA12507CE264D88874AA63 : 087D2B51BEC315FDBD938405C9CDCDF63F0D0BDA42C7DB89062EF3CCCC45B525,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/087d2b51bec315fdbd938405c9cdcdf63f0d0bda42c7db89062ef3cccc45b525/detection/f-087d2b51bec315fdbd938405c9cdcdf63f0d0bda42c7db89062ef3cccc45b525-1600790689,Ryuk;Cobalt Strike File,CB41E35DCFD51B7EA5E55B608A380F9F : 323103F016F8907A4918AD0A15F0C124C68658B2 : 70FFCD7E8663A2AAB204EAEA3DAF86E9CFF73872D23AD3DA2E91382F8593501A,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/70ffcd7e8663a2aab204eaea3daf86e9cff73872d23ad3da2e91382f8593501a/detection/f-70ffcd7e8663a2aab204eaea3daf86e9cff73872d23ad3da2e91382f8593501a-1601030744,Ryuk;Cobalt Strike File,D80015CFD1B5B289440B2E81F2061519 : 9FBFF4C08B3CDD8CD47A1C4980C94115693D85E8 : E1E154590062BAB331805D1657CBDEA323053E25E0C5EFE4A93D2DEECA689452,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/e1e154590062bab331805d1657cbdea323053e25e0c5efe4a93d2deeca689452/detection/f-e1e154590062bab331805d1657cbdea323053e25e0c5efe4a93d2deeca689452-1601043378,Ryuk;Cobalt Strike File,1F46D93BAF23DEC9D0073C807F1D3C5E : 5379CCC7CE7BE52BED4E6EC6E7D7BA0A14A37E2F : 728A8EA36C4DCAA030C2A8674BD4B65EB636253435C5D43E74D8A176A92F7679,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/728a8ea36c4dcaa030c2a8674bd4b65eb636253435c5d43e74d8a176a92f7679/detection/f-728a8ea36c4dcaa030c2a8674bd4b65eb636253435c5d43e74d8a176a92f7679-1601822807,Ryuk;Cobalt Strike File,5628E7821300674C1D2D197C36AE27DE : 3B48DCB3C2C812C595531B71A686C12D3A568A5A : 7F901D8F673D5E1FDE07676B3287AA9A24DC92FB48E7CA82A163E0B0581EE7AD,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/7f901d8f673d5e1fde07676b3287aa9a24dc92fb48e7ca82a163e0b0581ee7ad/detection/f-7f901d8f673d5e1fde07676b3287aa9a24dc92fb48e7ca82a163e0b0581ee7ad-1601720730,Ryuk;Cobalt Strike File,FCD62559C2FBD5E5834F46EFD28939AC : 4C07EA60CAE61D92E248C47225E726B191E48426 : B2891D26B7B66DCA32F02681A0F1F3866A2EFAE49D8B5EC6BF4CBBDF5FF35260,90,10-06-2020,10-11-2020,Cobalt Strike executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/b2891d26b7b66dca32f02681a0f1f3866a2efae49d8b5ec6bf4cbbdf5ff35260/detection/f-b2891d26b7b66dca32f02681a0f1f3866a2efae49d8b5ec6bf4cbbdf5ff35260-1601611422,Ryuk;Cobalt Strike File,9FF18F7A19E06B602E19B9E0ACA3AD84 : BCBB5BBC55B4F44397C34E9FCA2017587E69219B : 9D8CBB2BF4801276DE2143CCD64A7D0F66263809A90BEA0B664282A15D121D9E,90,10-06-2020,10-11-2020,Beacon shellcode loader executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/9d8cbb2bf4801276de2143ccd64a7d0f66263809a90bea0b664282a15d121d9e/detection/f-9d8cbb2bf4801276de2143ccd64a7d0f66263809a90bea0b664282a15d121d9e-1601878443,Ryuk;BEACON File,2B14DB199E034461E2302C90D61B0E1A : 49131FF6A3CFCB5D95B2FA8F15D4ECB27380682A : EEADC13B1D59ADA3851F56162796EF9D901A1FD74C457CED14D72B8DF54E79BA,90,10-06-2020,10-11-2020,Beacon shellcode loader executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/eeadc13b1d59ada3851f56162796ef9d901a1fd74c457ced14d72b8df54e79ba/detection/f-eeadc13b1d59ada3851f56162796ef9d901a1fd74c457ced14d72b8df54e79ba-1601876068,Ryuk;BEACON File,FEB6A6BAC205B0BAF0BDAB6BD405110F : 1BAAB9662C1F71E5406897804837B45F78E14682 : AB99E91E1B0951FEABD09D049E0AC9D9412C67603415C10CBEADDE5842CA02D2,90,10-06-2020,10-11-2020,Malicious executable communicates with a domain identified in a series of infrastructure with consistent registration and SSL certificate tactics.,https://www.virustotal.com/gui/file/ab99e91e1b0951feabd09d049e0ac9d9412c67603415c10cbeadde5842ca02d2/detection/f-ab99e91e1b0951feabd09d049e0ac9d9412c67603415c10cbeadde5842ca02d2-1601707723,Ryuk Host,hungrrybaby.com,87,09-30-2020,10-11-2020,Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Suspicious Name Server Use;Dedicated Server;BEACON Host,tarhungangster.com,87,09-30-2020,10-11-2020,Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Suspicious Name Server Use;Dedicated Server Host,sunofgodd.com,87,09-30-2020,10-11-2020,Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Suspicious Name Server Use;Dedicated Server Host,saynoforbubble.com,87,09-30-2020,10-11-2020,Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server;Suspicious Name Server Use Host,maybebaybe.com,87,09-30-2020,10-11-2020,Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server;Suspicious Name Server Use Host,imagodd.com,87,09-30-2020,10-11-2020,Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Dedicated Server;Suspicious Name Server Use Host,cantliee.com,87,09-30-2020,10-11-2020,Domain was registered through MonoVM in late September 2020 using a protonmail email address and is most likely associated with a series of similarly-registered domains used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Suspicious Name Server Use;Dedicated Server EmailAddress,hakunamatata222@protonmail.com,96,09-30-2020,10-11-2020,Email address used to register several domains through MonoVM in late September 2020 that have been used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Registrant Email Account EmailAddress,james4041238767@protonmail.com,96,09-30-2020,10-11-2020,Email address used to register several domains through MonoVM in late September 2020 that have been used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Registrant Email Account EmailAddress,gaskinss@protonmail.com,96,09-30-2020,10-11-2020,Email address used to register several domains through MonoVM in late September 2020 that have been used in conjunction with various malware.,ThreatConnect Enrichment,Ryuk;Registrant Email Account