A DNS Deep Dive into FUNNULL’s Triad Nexus
WhoisXML API found 11,900+ artifacts that could be connected to Triad Nexus. Download the threat research materials now.
Continue reading Download reportA DNS Investigation into Mamba 2FA, the Latest AitM Phishing Player
Adversary-in-the-middle (AitM) phishing attacks have been growing in popularity, and it's not surprising.1 As more companies adopt multifactor authentication (MFA) security measures, more threat actors are using this tactic. Why? AitM has the ability to bypass security measures like MFA.
WhoisXML API recently analyzed Mamba 2FA, the latest addition to the list of AitM phishing players.2 In particular, we expanded a list of 58 indicators of compromise (IoCs) and uncovered:
- 346 registrant-connected domains, two of which turned out to be malicious
- 65 additional IP addresses, 51 of which turned out to be associated with various threats
- One IP-connected domain
- Six string-connected domains
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://www.zscaler.com/blogs/security-research/phishing-attacks-rise-58-year-ai-threatlabz-2024-phishing-report
- [2] https://blog.sekoia.io/mamba-2fa-a-new-contender-in-the-aitm-phishing-ecosystem/