The article exposes a joint cyber extortion campaign attributed to three ransomware groups—BianLian, White Rabbit, and Mario—spanning a broad set of global IPs. It presents an extensive list of IP addresses and their geographic locations, likely reflecting attacker infrastructure or target-related endpoints. Hashtags: #BianLian #WhiteRabbit
Keypoints
- Documents a joint cyber extortion campaign involving BianLian, White Rabbit, and Mario ransomware gangs.
- Provides an extensive table of IP addresses paired with geographic locations, suggesting attacker infrastructure or victim targeting data.
- IP origins are worldwide, with entries from India, Korea, China, the US, Brazil, Russia, and more, illustrating a broad global footprint.
- Shows the scale of extortion activity by collecting hundreds of location-tagged IPs rather than detailing specific attack steps.
- Originated on the reSecurity blog and includes a direct source URL for the original article.
- Emphasizes cyber extortion dynamics and cross-border coordination among threat actors.
MITRE Techniques
- [T1583] Acquire Infrastructure – The article documents attacker infrastructure via IPs and geographic locations used in a joint extortion campaign. “The article documents a joint cyber extortion Trinity—BianLian White Rabbit Mario Ransomware Gangs Spotted Joint Campaign”
Indicators of Compromise
- [IP Address] – Indore, IN context – 122.168.199.151
- [IP Address] – Phoenix, AZ, US context – 132.226.159.108