17,056 Domains Riding the 2026 FIFA World Cup
WhoisXML API uncovered 17,056 domains riding the 2026 FIFA World Cup. Download the threat research materials now.
Continue readingAn Analysis of the AtlasCross RAT Network IoCs
Hexastrike Cybersecurity uncovered1 a multistage AtlasCross RAT campaign leveraging domains impersonating trusted software brands including Surfshark VPN, Signal, Telegram, Zoom, and Microsoft Teams. Attributed to the Silver Fox APT group, the operation targeted users of VPN clients, messaging platforms, videoconferencing tools, cryptocurrency trackers, and e-commerce apps.
The original research identified 13 IoCs comprising 12 domains and one IP address. Using our homegrown tools, we uncovered these findings:
- 829 unique client IP addresses that communicated with two of the domain IoCs
- One domain IoC that was bulk-registered with six look-alike domains
- Five domain IoCs that were likely registered with malicious intent
- 33 IP addresses potentially owned by victims that communicated with one of the IP IoCs
- 2,584 email-connected domains
- 10 additional IP addresses, seven of which were confirmed malicious
- 33 IP-connected domains
- 35 string-connected domains, three of which were confirmed malicious
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://hexastrike.com/resources/blog/threat-intelligence/trust-the-tunnel-get-the-trojan-silver-fox-delivers-atlas-rat-via-weaponized-vpn-installers/