Threat Intelligence

 Sponsored
by

Noteworthy

Domain Research and Monitoring: Keeping an Eye on the Web for You

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider May 24, 2019 |   Read More |   14,094

Reverse WHOIS: A Powerful Process in Cybersecurity

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider Jun 14, 2019 |   Read More |   14,745

WHOIS History API: Powering Domain Investigations

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider May 22, 2019 |   Read More |   13,447

Threat Intelligence / Industry Updates

A Fake ID Marketplace under the DNS Lens

Dec 19, 2023

The concept of internationalization extends from the virtual to the physical realm. Many people wish to travel or even migrate to other countries at some point in their lives. Unfortunately, that's sometimes easier said than done given the many legal documents, including valid IDs, passports, and others required.

Behind the Genesis Market Infrastructure: An In-Depth DNS Analysis

Dec 16, 2023

As long as cybercriminals remain in business, so will the number of underground marketplaces grow. And despite the crackdown on the biggest markets like Silk Road, cybercriminals will continue to strive to put up their own marketplaces, probably given their profitability. Case in point?

Signs of Ongoing RedLine Stealer Operation Found Through a DNS Deep Dive

Dec 08, 2023

RedLine Stealer seems to have stolen cybercriminals' hearts as its usage has continued despite cybersecurity efforts to thwart it. Researchers have published reports about the stealer in the past, but its operators may have updated their arsenal with new domains and IP addresses to evade detection and consequent mitigation.

Rogue Bulletproof Hosts May Still Be Alive and Kicking as DNS Intel Shows

Dec 05, 2023

Rogue bulletproof hosts are part and parcel of the cybercriminal market that is hidden deep underground. Without means to easily evade detection, attribution, and incarceration, many of today's cybercriminals would not be able to continue their malicious operations.

Carding, Still in Full Swing as DNS Intel Shows

Nov 30, 2023

Carding has been around since the 1980s but has evolved to the point that even less experienced cybercriminals can now launch campaigns. How? Via the carding forums that riddle the Web these days.

A DNS Deep Dive into BreachForums Domains

Nov 21, 2023

The Federal Bureau of Investigation (FBI) shut down BreachForums, a forum for English-speaking black hat hackers, on 21 March 2023, following the arrest of its owner Conor Brian Fitzpatrick.

APT29 Goes from Targeted Attacks to Phishing via NOBELIUM: A DNS Deep Dive

Nov 14, 2023

APT29, believed to be an espionage group from Russia, became known for launching targeted attacks against organizations in Ukraine. But over the course of investigating the threat group, Mandiant discovered that it may have a hand in cybercriminal operations, specifically phishing, as well.

Tracing BlackNet RAT’s History through a DNS Deep Dive

Nov 10, 2023

BlackNet RAT, first discovered during the COVID -- 19 pandemic and being distributed via spam messages offering an effective cure for the virus, seems to have outlived the global crisis.

Phisher Abusing .com TLD?

Nov 08, 2023

Phishing campaigns almost always require a massive volume of domains in order to succeed. Phishers, after all, need to have readily weaponizable vectors at their disposal in case the ones they're currently employing get detected and consequently blocked.

Phishing Group Found Abusing .top Domains

Nov 03, 2023

Threat researcher Dancho Danchev recently discovered a phishing operation that seemed to be abusing .top domains for which he collated 89 email addresses that served as indicators of compromise (IoCs).

Most Popular

New RomCom Variant Spotted: A Comparative and Expansion Analysis of IoCs

Global Domain Activity Trends Seen in Q3 2024

A DNS Investigation into Mamba, the Latest AitM Phishing Player

A DNS Investigation of the 32 Doppelganger Websites Seized by the U.S. Government

Investigating the Proliferation of Deepfake Scams

Examining the DNS Underbelly of the Voldemort Campaign

2024 Domain Intelligence Study of 6 APT Groups Notorious for Targeting Europe

Stripping Down the BlackSuit Ransomware Network Aided by DNS Data

A DNS Deep Dive into the NetSupport RAT Campaign

Tracking the DNS Footprint of the Polyfill Supply Chain Attackers