Threat intelligence API Docs Pricing Solutions Resources Contact us

Threat reports

Read other reports

Gauging the Scale of an Active Ransomware Gang's Infrastructure

Many already know that ransomware operators can earn hundreds of millions each year.1 But what they may be unaware of is that 75% of a gang’s earnings go to their affiliates.2

Dancho Danchev identified three email addresses that belonged to ransomware affiliates, along with 21 domains that figured in their campaigns. Using these indicators of compromise (IoCs) as jump-off points, TIP researchers were able to identify other artifacts, namely:

  • 90 domains that were registered using the email addresses identified as IoCs, three of which turned out to be malicious
  • 20+ IP addresses the email-connected and other domains identified as IoCs resolved to, six of which were confirmed to be malware hosts
  • 3,900+ domains that shared the IoCs’ IP hosts, 38 of which have already figured in malware and spam campaigns

Download a sample of the threat research materials and the first part of the OSINT analysis data compiled by Danchev now or contact us to access the complete set of research materials.

  • [1]
  • [2]
Read other reports
To download the full report in PDF, please fill in the form.
I have read and agree to the Terms of Service and Privacy Policy
Please keep me updated on news, events, and offers.

Try our Threat Intelligence API for free

Get FREE trial
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to

Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.