Thumbing through the DNS Traces of TamperedChef | WhoisXML API
WhoisXML API found 1,000+ artifacts that could be tied to TamperedChef. Download the threat research materials now.
Continue reading Download reportA DNS Exploration of the Latest Educated Manticore Attack
The Iranian threat group Educated Manticore recently launched a spearphishing attack targeting Israeli journalists, high-profile cybersecurity experts, and computer science professors from leading Israeli universities.
Victims who engaged with the attackers were led to fake Gmail login pages or Google Meet invitations. And the credentials they entered on phishing pages? These were sent to the attackers, letting them intercept passwords and 2FA codes and gain unauthorized access to their accounts.
Check Point Research identified 141 IoCs in their report.1 We analyzed these in greater depth and uncovered:
- 1,753 alleged victim IP records obtained from IASC2 tied to two ASNs
- 72 of the domains tagged as IoCs appeared on First Watch Malicious Domains Data Feed upon registration
- One of the IP IoCs communicated with one source IP based on IASC data
- 217 email-connected domains, one of which was malicious
- One additional IP address that was malicious
- 460 IP-connected domains, three of which were malicious
- 1,176 string-connected domains, one of which was malicious
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://research.checkpoint.com/2025/iranian-educated-manticore-targets-leading-tech-academics/
- [2] https://main.whoisxmlapi.com/internet-abuse-signal-collective
- [3] https://firstwatch.whoisxmlapi.com/