Tempering Tax Season Troubles with DNS Intel | WhoisXML API
WhoisXML API found 360+ artifacts that could be connected to the recent spate of tax-themed phishing campaigns. Download the threat research materials now.
Continue reading Download reportBehind the Innovative Marketing Rogue Scareware Distribution Network
Innovative Marketing made waves as a rogue scareware operator more than a decade ago.1 But while law enforcement authorities successfully thwarted its large-scale business, its owners have yet to be captured.2, 3
Danchev and WhoisXML API’s research team sought to determine if the company left digital breadcrumbs behind using Maltego and various WhoisXML API tools. He uncovered an expansive list of domains, IP addresses, and other web properties that could help the cybersecurity industry finally put an end to Innovative Marketing.
Our deep dive allowed us to build detailed threat research materials that revealed:
- Close to 1,000 domains identified as indicators of compromise (IoCs) throughout the company’s life span
- More than 80 email addresses the firm used to register their malicious domains
- Nearly 3,700 domains that shared the domain IoCs’ registrant email addresses
- Almost 600 IP addresses that the domains resolved to
- Over 1,000 MD5 malware hashes that identified the organization’s scareware
Download the threat research materials now to access the complete list of identified artifacts that you can use to conduct additional enrichment and threat analysis as well as trend identification.
---
- [1] https://www.reuters.com/article/us-technology-scareware-idUSTRE62N29T20100324
- [2] https://www.fbi.gov/wanted/cyber/shaileshkumar-p.-jain
- [3] https://www.fbi.gov/wanted/cyber/bjorn-daniel-sundin