DNS Revelations on Eevilcorp
They say, “Art imitates life,” but the opposite can also be true when it comes to cybercrime. And no threat group could be a better example than Eevilcorp1—a real-life counterpart of the “Mr. Robot” antagonist E Corp.
Nine domains have been publicized as Eevilcorp attack IoCs. To uncover more connected artifacts, the WhoisXML API research team dove deep into the threat aided by comprehensive DNS intelligence. Our in-depth analysis revealed:
- Nine unique IP address resolutions
- 579 IP-connected domains since they shared some of the IoCs’ possibly dedicated hosts
- 13 malicious IP-connected domains based on a bulk malware check
- 20 domains created just this year that started with the strings microsoft + outlook and adobe + document + cloud
- Six malicious string-connected domains based on a bulk malware check
- 715 subdomains created just this year that contained the strings microsoft + outlook and adobe + document + cloud
- Eight malicious string-connected subdomains based on a bulk malware check
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
-  https://www.vadesecure.com/en/blog/m365-phishing-email-analysis-eevilcorp