Threat Intelligence

Sponsored
by

Noteworthy

Domain Research and Monitoring: Keeping an Eye on the Web for You

WHOIS History API: Powering Domain Investigations

Reverse WHOIS: A Powerful Process in Cybersecurity

Threat Intelligence / Industry Updates

A DNS Deep Dive into FUNULL’s Triad Nexus

Silent Push has been monitoring the FUNULL content delivery network (CDN) for two years now. They believe the network has played host to various cybercriminal campaigns, including investment scams, fake trading app distribution, suspect gambling networks, and the Polyfill supply chain attack.

Uncovering Potential Black Friday and Thanksgiving Threats with DNS Data

Thanksgiving is right around the corner. With it, of course, come celebrations with family and friends and the biggest Black Friday sales. All seems well and good but that's not always the case, isn't it?

New RomCom Variant Spotted: A Comparative and Expansion Analysis of IoCs

The threat actors behind the RomCom malware, known for extorting government agencies, recently resurfaced with a new RomCom variant called "Snipbot" or "RomCom 5.0" by Palo Alto Networks Unit 42.

Global Domain Activity Trends Seen in Q3 2024

WhoisXML API analyzed close to 22 million domains registered in Q3 2024 to uncover global domain activity trends.

A DNS Investigation into Mamba, the Latest AitM Phishing Player

Phishing has been around for years, yet it still proves to be a major online threat. To continue profiting, cybercriminals must continuously adapt their techniques.

A DNS Investigation of the 32 Doppelganger Websites Seized by the U.S. Government

The U.S. Office of Public Affairs issued a statement on 4 September 2024 regarding the seizure of 32 websites that are believed to be part of the so-called "Doppelganger" campaign.

Investigating the Proliferation of Deepfake Scams

While deepfakes may sometimes be perceived as amusing, their potential for harm is significant and far-reaching. One finance worker for a multinational firm, for example, was tricked into paying out US$25 million to a deepfake scammer who pretended to be their company's chief financial officer (CFO) in a video call just this February.

Examining the DNS Underbelly of the Voldemort Campaign

Toward the end of August 2024, a customized malware dubbed "Voldemort" based on strings found in its code was used in a cyber espionage campaign targeting various countries.

2024 Domain Intelligence Study of 6 APT Groups Notorious for Targeting Europe

At least 40 advanced persistent threat (APT) groups have trailed their sights on several European countries over the years, and that isn't surprising, given that the continent serves as the headquarters of renowned international organizations like the European Union Agency for Law Enforcement Cooperation (Europol), INTERPOL, and the North Atlantic Treaty Organization (NATO).

Stripping Down the BlackSuit Ransomware Network Aided by DNS Data

Nearly 1 million individuals' information was stolen and exposed when threat actors launched a BlackSuit ransomware attack on 10 April 2024. The investigation revealed that the compromised data included the victims' Social Security numbers (SSNs), birthdays, and insurance claim information.