[Announcement] Tango down of Exploit Kit 3,917 domains serve ransomware

On August 5th, 2016. MalwareMustDie, NPO team, the domain takedown section lead by @essachin, was confirmed a collaboration result with the domain registration entity for the suspension of 3,917 internet domains with the following domain extension:
.top
.accountant
.pw
.space

All of the suspended domains were launched in the internet serves Exploit Kit with the positive verdict to infect victims by ransomware, registered by the known cyber crook's alias and email address as:

Mayko Evgeniy, maykoe@list.ru
The information for the related threat, domains and registrant can be check online in here [link]

The screenshot of the timeline and list is as per below:

You can access the domain list in the pastebin here -->[link]

Special thank's is presented to the Domain Registration entities who is collaborating with us very well on this big takedown, and, also to the Farsight Security, Inc. [link], who is so generous to provide us tool for supporting this process and purpose.

Many thank's for the members who help with the effort, and all of the parties that made this takedown to be a success.

#MalwareMustDie, NPO - www.malwaremustdie.org

1 comment:

  1. Addendum :
    Public Domain Registry - PDR, has been very co-operative in assisting us with the TangoDown. Their compliance team , as usual, they have been quick and in our view their "Zero Tolerance Policy towards Malware Domains" is commendable.

    We at MalwareMustDie, simply hope that every domain registrar has a compliance team to the likes of PDR / BigRock and Radix.

    ReplyDelete