Cracks and keygens have long been a problem for software vendors in that they allow users to install their products without needing to pay for a legitimate license. As the Internet and website development advanced and became more accessible, the number of sites offering software cracking tools grew.
Our research team recently searched the Web for websites that peddle cracks and keygens in an attempt to add more artifacts to publicly available lists of indicators of compromise (IoCs). We used 39 domains identified as IoCs as a starting point and found:
Our research team collated 39 domains known for hosting malicious crack and keygen sites. Accessing any of these is harmful to corporate network-connected users in that the activity could lead to malware infection. Worse than that, however, using cracked software is illegal and companies that allow employees to use them could be fined as much as US$150,000 if proven to have committed software piracy in the U.S.
We began by subjecting the IoCs to DNS lookups, which led to the discovery of 500 IP addresses to which they resolved. Based on the results, most of the crack and keygen sites pointed to the U.S., Netherlands, Germany, Canada, China, and France.
Exhaustive threat intelligence can help security teams uncover more malicious web properties than those that appear on publicly available lists of IoCs. Our IoC expansion study also showed that cracks and keygens remain an issue given the thousands of domains pointing to websites that sell them registered just this year. 2b1af7f3a8