zest
November 18, 2022, 9:48am
1
Hello,
Recently found that one of api.snapcraft.io ’s IPs (185.125.188.58) was reported as an IOC and being associate with venus ransomware in an HHS report. Any thoughts with this?
https://www.hhs.gov/sites/default/files/venus-ransomware-analyst-note.pdf
roadmr
November 18, 2022, 4:44pm
2
Hi, thanks for flagging this. We’ve received reports of this via multiple channels, this has been escalated and is being investigated.
Hi @roadmr ,
For further reference, the document cites these further Canonical-owned IP Addresses as associated with the ransomware:
185.125.190.44
185.125.190.45
wgrant
November 29, 2022, 2:44pm
4
We’ve been in contact with HHS, and determined that it was a false positive. They’ve updated https://www.hhs.gov/sites/default/files/venus-ransomware-analyst-note.pdf to no longer include Canonical’s IP addresses.
We’re still working with VirusTotal to get the false positives removed from their pages.
2 Likes