Some useful FQDNs and IPs to block at the perimeter (at least):
Publishing my IoCs for WastedGholish (SocGholish loader/WastedLocker ransomware), involved in big incidents.
— Kevin Beaumont (@GossiTheDog) October 8, 2020
hostnames, example hashes etc: https://t.co/jPPts8eBa7
YARA rule for generic detection: https://t.co/EuBMKc4wyy
Most importantly block IP this address: 130.0.233.178
In case the tweet disappears;
- Drop all traffic outbound to that IP (example: port 80, 443) - 130.0.233.178
- possibly the whole ISP's network; 130.0.232.0/21
*.edge.wholesalerandy.com
*.auth.codingbit.co.in
*.user3.altcoinfan.com
*.cdn.familyfocus.us