Threat Intelligence

Liberty Front Press Network: An IoC Enrichment & Threat Intelligence Analysis

Liberty Front Press is a fake news network that has been operating since Trump's administration and was said to be designed to leverage liberal resentment against the former U.S. president while promoting pro-Iranian foreign policy narratives via social media. more

Are There More Properties Connected to the Pareto Botnet?

The Pareto botnet, known for using almost a million infected Android devices to spoof people seemingly watching ads on smart TVs, was reportedly taken down recently through the collaboration of industry players, notably Roku and Google. more

A Look Back at the 2016 U.S. Elections-Related Attacks

The 2016 U.S. elections sparked a lot of controversies, as several law enforcement agents and security researchers believed countries like Russia may have greatly influenced its turnout. We sought to find out more about it via an OSINT analysis using various domain and IP intelligence tools. more

WhoisXML API Enriches Its DNS Database Download Capabilities

WhoisXML API's repository of historical Domain Name System (DNS) lookup records continues to grow in volume and coverage. The DNS database download service has recently been expanded to now include six types of DNS databases. more

A Glimpse of Big Telcos’ Domains and Subdomains Footprints

Telecommunications companies are a favored cyberattack target. After all, telcos build, control, and operate critical infrastructure that almost everyone uses to communicate. They also store large amounts of sensitive data that could easily be exploited when falling into the wrong hands. more

Emotet Botnet Reconnaissance: What’s the Latest?

Emotet traces its origin as far back as 2014, when its simplest form as a banking Trojan first made the headlines. Over the years, its creators have constantly improved the malware, a popular malware-as-a-service (MaaS) offering in cybercriminal underground fora. more

Top Music Streaming Services: What’s Their Potential Domains & Subdomains Attack Surface?

Content streaming services are no stranger to cyberattacks, and the recent Spotify squatting campaign reported by IBM X-Force Exchange is proof of that. Spotify, however, is not alone on the boat, as many other streaming services have fallen prey to attacks over the years. more

More from DarkSide? We Ran an Analysis of Additional Identified Artifacts

On 14 May 2021, Analyst1 security researchers released a detailed report on the DarkSide cybercriminal gang, which is believed to be responsible for ransomware attacks targeting the Colonial Pipeline. Part of the report was several indicators of compromise (IoCs), specifically 41 malware hashes, two domains, and three IP addresses. more

ZeuS, Still Alive and Kicking in the Form of Jabber ZeuS?

ZeuS malware traces its origin as far back as 2006, when it was used to steal victims' online banking credentials. In 2011, its source code was leaked on a file-sharing site and quickly spread throughout various underground fora. more

SideWinder DNS Blackholes Uncovered with Threat Intelligence Platform

A Domain Name System (DNS) blackhole is essentially a DNS server that gives false results for domain names. Also known as a "sinkhole server," an "Internet sinkhole," or a "DNS sinkhole," threat actors sometimes use DNS blackholes to redirect users to potentially harmful sites or pages. more