An update on the Kaseya ransomware attack CNC domains

Command and Control Domains

The attack by REvil used several domains, called "Command and Control" domains (also referred to as "C2 domains" or "CNC domains"), which are used after a system has been attacked. The purpose in this case is to notify REvil that the systems had been encrypted.

The configuration file of the ransomware was published by Fabian Wosar on GitHub. From that file, we extracted the list of domains. These domains are not all actually compromised systems—it's likely that only a few are, and the rest are either decoys or have been cleaned up.

Out of an abundance of caution, DNSFilter has marked all of these domains as malicious. We did so on July 3rd, when the domains were first made available. We are doing our best to verify entries and investigate specific aspects of the CNC servers, in order to eliminate false positives from the list.

This was published on GitHub as a service to others—it's an unsorted list in the config file, so making this more easily available could help others who are investigating.

Important notes

The domains shouldn't be taken as a list of compromised systems. It is simply an extract from the config file of domains marked there as "command and control".

If there are any entries that can be verified as clean, please contact us or submit a pull request on the GitHub repository.

Further information

For more information on REvil and the Kaseya ransomware attack, please check out these thorough overviews:

  • There are no suggestions because the search field is empty.
Latest posts
DNS Price: Total Cost of Ownership Analysis DNS Price: Total Cost of Ownership Analysis

Mastering IT Budgets: How to Conduct a Thorough Total Cost of Ownership (TCO) Analysis of Your IT Infrastructure

In today's rapidly evolving technological landscape, enterprises are continually seeking ways to optimize their IT investments to enhance efficiency and reduce costs. One crucial metric that aids in this endeavor is the Total Cost of Ownership (TCO). Understanding TCO is vital for companies, especially when evaluating DNS solutions and...

The Real Price of Free DNS Services: What You Need to Know The Real Price of Free DNS Services: What You Need to Know

Domain Name Systems (DNS), essential for translating domain names into IP addresses, are the backbone of internet browsing. In a digital landscape where operational efficiency and security are paramount, the allure of free DNS services is understandably strong—especially among small to medium-sized businesses and tech-savvy individuals looking to optimize network security without substantial costs. This article aims to provide a comprehensive und...

RSAC 2024 Recap: The Start of a New Era with AI RSAC 2024 Recap: The Start of a New Era with AI

Last week was the 33rd Annual RSA Conference 2024 in San Francisco. If you’re in the cybersecurity industry, you know it as one of the biggest events of the year. There were over 40,000 official attendees and an equal number traveling to San Francisco to unofficially attend the event.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.