A DNS Deep Dive into Malware Crypting
These days, it has become common practice for threat actors to employ malware crypting to better evade detection and consequent blocking. And that has made AceCryptor a must-have, it seems, for cyber attackers.1
The ubiquity of malware crypting has also sparked a clamor among several cybersecurity community members to push for a clampdown on the service.2
To uncover yet-unidentified more connected artifacts in our bid to make the Internet safer, WhoisXML API expanded lists of IoCs connected to malware crypting services in general3 and AceCryptor4 aided by our extensive DNS intelligence.
Our in-depth analysis led to the discovery of:
- 786 domains that contained the string mobile-soft or cryptor similar to the dedicated IP-connected domains, two of which were tagged as malicious by a bulk malware check tool
- Four dedicated and possibly dedicated IP addresses to which some AceCryptor IoCs resolved, two of which may have already figured in malware campaigns based on a bulk malware check
- 279 domains hosted on the dedicated AceCryptor IP addresses, 17 of which were dubbed malicious by a bulk malware check tool
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
-  https://thehackernews.com/2023/05/acecryptor-cybercriminals-powerful.html
-  https://krebsonsecurity.com/2023/06/why-malware-crypting-services-deserve-more-scrutiny/
-  https://otx.alienvault.com/pulse/64944c08e39f6f341f7add45
-  https://otx.alienvault.com/pulse/647555f0ead1826af32ece1d