A DNS Investigation into Mamba 2FA, the Latest AitM Phishing Player | WhoisXML API

Threat Reports

A DNS Investigation into Mamba 2FA, the Latest AitM Phishing Player

Adversary-in-the-middle (AitM) phishing attacks have been growing in popularity, and it's not surprising.1 As more companies adopt multifactor authentication (MFA) security measures, more threat actors are using this tactic. Why? AitM has the ability to bypass security measures like MFA.

WhoisXML API recently analyzed Mamba 2FA, the latest addition to the list of AitM phishing players.2 In particular, we expanded a list of 58 indicators of compromise (IoCs) and uncovered:

  • 346 registrant-connected domains, two of which turned out to be malicious
  • 65 additional IP addresses, 51 of which turned out to be associated with various threats
  • One IP-connected domain
  • Six string-connected domains

Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.

  • [1] https://www.zscaler.com/blogs/security-research/phishing-attacks-rise-58-year-ai-threatlabz-2024-phishing-report
  • [2] https://blog.sekoia.io/mamba-2fa-a-new-contender-in-the-aitm-phishing-ecosystem/
Try our WhoisXML API for free
Get started