Whois

Expanding the List of Artifacts for the Recent JPMorgan Chase Squatting Campaign

On 13 March, IBM X-Force Exchange published nine artifacts -- three domain names and six IP addresses -- related to a squatting campaign targeting JPMorgan Chase and its stakeholders. We dug deeper into the list in hopes of publicizing additional artifacts that users may need to be wary of.

Keeping Track of Ramnit through Artifact Expansion

Ramnit stands out as a malware as it continues to evolve and requires cybersecurity experts and law enforcement agents to stay alert. Variants have been recently detected, so that security companies such as Prevailion advise organizations to keep Ramnit on their radar.

A List of Potential Attack Artifacts for the Top 3 Phished Brands in 2020

In a recent study INKY subjected around 657 million emails in 2020 and found almost 5 million phishing campaigns, more than 590,000 of which were brand impersonations. It then came up with a list of the top 25 most phished brands in a 2021 report.

A Look at Recent Attacks on K-12 Distance Learning Providers Using Domain Intelligence

As early as December of last year, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) received reports of several cyber attacks targeting K-12 distance learning institutions.

SolarWinds Cyber Intel Analysis Part 2: A Look at Additional CISA-Published IoCs

A few weeks back, we added unpublicized artifacts to the list of indicators of compromise (IoCs) published by both FireEye and Open Source Context back in December 2020. Some would have thought that would put a stop to the havoc the SolarWinds threat actors have been wreaking, but the group targeted Malwarebytes just recently according to a company report.

How to Monitor IP Netblocks for Possible Targeted Attacks

A couple of weeks back, a security researcher alerted his LinkedIn contacts about possibly ongoing targeted attacks stemming from the Iranian subnet 194[.]147[.]140[.]x. He advised cybersecurity specialists to watch out for subnets that may be threatful and consider blocking them. This post encouraged us to look into the subnets and details our findings using IP Netblocks WHOIS Database.

Enriching Know-Your-Customer (KYC) Practices With IP Intelligence

Know-your-customers (KYC) policies aim to minimize the risk of money laundering, bribery, and other types of fraud. While it was originally implemented in financial institutions, companies outside the financial sector have adapted KYC with digital transactions as the primary driver. These days, the approach is enforced by virtual asset dealers, nonprofit organizations, and even social media companies.

Post-Riot Domain Registration Trends: Findings From Tracking Trump-Related Domains and Subdomains

The U.S. Capitol riot on 6 January 2021 was an unexpected event following the 2020 U.S. elections. The incident also made headlines worldwide, prompting us to track the registration trend for Trump-related domains and subdomains. We also looked into two domains for Trump's e-commerce stores that Shopify shut down.

Blind Eagle Targeted Attack: Using Threat Intelligence Tools for IoC Analysis and Expansion

Blind Eagle is a South American threat actor group believed to be behind APT-C-36 and that has been active since at least 2018. It primarily targets Colombian government institutions and large corporations in the financial, petroleum, and professional manufacturing industries.

Cyber Threat Intel Analysis and Expansion of SolarWinds Identified IoCs

The SolarWinds hack affected several government agencies and tech companies in the U.S. and worldwide. The sophisticated malware attack is believed to have compromised the trusted IT management software as early as March 2020 but only came to light in December.