Whois

Whois / Industry Updates

A Peek at the PikaBot Infrastructure

It is not uncommon these days for threat actors to use malicious search ads to distribute malware. To do that, though, they would need to know how to bypass Google's security measures by setting up decoy infrastructures.

Investigating the UNC2975 Malvertising Campaign Infrastructure

Mandiant's Managed Defense Threat Hunting Team recently published an in-depth study of the malware distributed via what they have dubbed the "UNC2975 malvertising campaign." Users who have been tricked into clicking poisoned sponsored search engine results and social media posts ended up with computers infected with either the DANABOT or DARKGATE backdoor.

Kimsuky: DNS Intel Gathering

The Kimsuky Group, believed to be a North Korea-based advanced persistent threat (APT) group active since 2013, struck again several times this year. They gained notoriety for launching spear-phishing attacks on targets to gain initial access.

Unveiling Stealthy WailingCrab Aided by DNS Intelligence

The WailingCrab malware has gained notoriety for its stealth. IBM X-Force security researchers recently published an in-depth analysis of the malware, which has been abusing Internet of Things (IoT) messaging protocol MQTT.

A Peek Under the Hood of the Atomic Stealer Infrastructure

The Atomic Stealer, also known as "AMOS," first emerged in September this year by spreading on Macs disguised as popular applications. This time around, it has been wreaking more havoc in the guise of a fake browser update dubbed "ClearFake."

A Fake ID Marketplace under the DNS Lens

The concept of internationalization extends from the virtual to the physical realm. Many people wish to travel or even migrate to other countries at some point in their lives. Unfortunately, that's sometimes easier said than done given the many legal documents, including valid IDs, passports, and others required.

Behind the Genesis Market Infrastructure: An In-Depth DNS Analysis

As long as cybercriminals remain in business, so will the number of underground marketplaces grow. And despite the crackdown on the biggest markets like Silk Road, cybercriminals will continue to strive to put up their own marketplaces, probably given their profitability. Case in point?

Signs of Ongoing RedLine Stealer Operation Found Through a DNS Deep Dive

RedLine Stealer seems to have stolen cybercriminals' hearts as its usage has continued despite cybersecurity efforts to thwart it. Researchers have published reports about the stealer in the past, but its operators may have updated their arsenal with new domains and IP addresses to evade detection and consequent mitigation.

Rogue Bulletproof Hosts May Still Be Alive and Kicking as DNS Intel Shows

Rogue bulletproof hosts are part and parcel of the cybercriminal market that is hidden deep underground. Without means to easily evade detection, attribution, and incarceration, many of today's cybercriminals would not be able to continue their malicious operations.

Carding, Still in Full Swing as DNS Intel Shows

Carding has been around since the 1980s but has evolved to the point that even less experienced cybercriminals can now launch campaigns. How? Via the carding forums that riddle the Web these days.