Investigating the Proliferation of Deepfake Scams
WhoisXML API found 4,900+ artifacts that could be connected to various deepfake scams. Download the threat research materials for more details.
Continue reading Download reportExamining the DNS Underbelly of the Voldemort Campaign
The threat actors behind the malware that must not be named, also known as “Voldemort,” reportedly sent around 20,000 phishing emails that impacted at least 70 organizations worldwide.1 Believed to be part of an advanced persistent group (APT), they used Voldemort distributed via weaponized Google Sheets files to infect the systems of target nations.
Nineteen indicators of compromise (IoCs) comprising 10 subdomains and nine IP addresses have already been identified, but more artifacts could be lurking in the DNS.2
We expanded the initial list of IoCs through an expansion analysis and found:
- 451 registrant-connected domains
- 298 email-connected domains
- Four additional IP addresses, all of which turned out to be malicious
- 28 string-connected domains
- 91 string-connected subdomains
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort
- [2] https://www.linkedin.com/posts/rakesh-krishnan-6179a94b_voldemort-phishing-googlesh