Checking Out the DNS for More Signs of ResumeLooters | WhoisXML API

Threat Reports

Checking Out the DNS for More Signs of ResumeLooters

The threat actors behind ResumeLooters1 may have found another way to siphon off personally identifiable information (PII), that is, by stealing their victims’ CVs.

Security researchers reported about the ResumeLooters campaign in early February 2024. They identified 15 indicators of compromise (IoCs), specifically seven domain names, three subdomains, and five IP addresses as part of their analysis.

The WhoisXML API research team sought to uncover more artifacts possibly related to ResumeLooters aided by in-house DNS intelligence and found:

  • 302 registrant-connected domains
  • 69 email-connected domains
  • Six additional IP addresses, all of which turned out to be malicious
  • Three IP-connected domains
  • 573 string-connected domains, two of which turned out to be malicious

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.group-ib.com/blog/resumelooters/ 
Try our WhoisXML API for free
Get started