Threat Intelligence

Hunting for U.S. Presidential Election-Related Domain Threats in the DNS

As if the attention surrounding the upcoming U.S. presidential elections is not enough, the WhoisXML API research team may have unveiled thousands of potential sources of disarray -- election-related cybersquatting domains. These domains may be a lucrative source of income for some people. Case in point?

A Closer Look at the Meduza Stealer through a DNS Deep Dive

Fortinet recently discovered a Meduza Stealer variant that has been taking advantage of the Microsoft Windows SmartScreen vulnerability CVE-2024-21412. The Meduza stealer lets remote attackers bypass the SmartScreen security warning dialog to deliver malicious files.

July 2024: Domain Activity Highlights

The WhoisXML API research team analyzed more than 7.3 million domains registered between 1 and 31 July 2024 in this post to identify five of the most popular registrars, top-level domain (TLD) extensions, and other global domain registration trends.

On a DNS Threat Hunt for DISGOMOJI

Cyber espionage is not uncommon and often occurs between rivals. And though the cyber attackers' tactics and techniques remain the same, their tools do not.

The Most Phished Brands of 2024 in the DNS Spotlight

The Zscaler ThreatLabz 2024 Phishing Report named Microsoft, OneDrive, Okta, Adobe, SharePoint, Telegram, pCloud, Facebook, DHL, WhatsApp, ANZ Banking Group, Amazon, Ebay, Instagram, Google, Sparkasse Bank, FedEx, PayU, Rakuten, and Gucci as the 20 most phished brands.

Uncovering DNS Details on Operation Celestial Force

Advanced persistent threat (APT) groups will employ any means necessary to compromise the networks of their intended targets. And for Cosmic Leopard, that means using GravityRAT, an Android-based malware, and HeavyLift, a Windows-based malware loader, in their most recent operation Cisco Talos has dubbed "Operation Celestial Force."

Global DNS and Domain Activity Trends in Q2 2024

Our research team analyzed more than 21.5 million domains registered between 1 April and 30 June 2024, as seen in the Newly Registered Domains (NRDs) Data Feed.

On the Hunt for Remnants of the Samourai Wallet Crypto Mixing Services in the DNS

Keonne Rodriguez and William Lonergan Hill, founders of Samourai Wallet, a cryptocurrency mixing service, were sentenced in April 2024 and their sites taken down for executing more than US$2 billion in unlawful transactions and laundering more than US$100 million in criminal proceeds.

A Peek at the V3B Phishing Kit Attack via the DNS Lens

Phishing is and remains a top threat. Google alone blocks around 100 million phishing emails daily, and it doesn't help that phishers get extra help from phishing kits -- ready-made cybercrime tools that allow even cybercriminal newbies to launch attacks following a few simple steps.

Tracking Down Fake Cryptocurrency Sellers Using DNS Intelligence

Threat researcher Dancho Danchev recently uncovered 130 domains that seemingly belong to fake cryptocurrency sellers. The WhoisXML API research team sought to find potential connections to the threat by expanding the current list of indicators of compromise (IoCs) using our vast array of DNS intelligence sources.