GreyNoise Reveals New KEV Ransomware Delivery IPs

GreyNoise’s latest research cross‑referenced network traffic logs with known ransomware indicators and uncovered a set of previously unseen IP addresses actively serving ransomware payloads tied to the Known Exploited Vulnerabilities (KEV) catalog. By mapping these delivery points to specific KEV entries, the team exposed a covert distribution layer that had evaded traditional threat feeds.

For defenders, the discovery provides actionable intelligence on fresh infection vectors that can be blocked at the perimeter or monitored for lateral movement. Integrating these IP indicators into detection rules and threat‑intel platforms helps shrink the window of exposure for vulnerable assets and strengthens overall threat‑hunting posture.

Category: Malware & Ransomware

Source: Read original article