Dark Cubed community is seeing current threat-related activity associated with a recently reported malvertising campaign from AdGholas. The customer data we see is anonymous, so we are sharing these indicators with you to enable you to determine if these indicators are present within your network. The four indicators of interest are as follows:
We recommend the following actions:
Detect if these indicators are in your network.
To search for these indicators, go to your Dark Cubed Threat Table and type in “data:220.127.116.11.” Note: When searching with for domain names, remove the brackets. Those are only added to keep them from becoming clickable links!
If this activity was seen on your network, you will see it listed, if not, the table will be empty like the image below.
If you do have activity on your network for one or more of these IPs or Domains, it is probably worth a little more investigation.
Reach out to us if we can help answer any questions you may have.
More detailed information was recently sent directly to D3 community members via email.
To learn more about AdGholas, read this blog posting by Malwarebytes: https://blog.malwarebytes.com/cybercrime/2017/07/adgholas-malvertising-thrives-shadows-ransomware-outbreaks/