Exposing Void Balaur’s Internet-Connected Infrastructure | WhoisXML API

Threat Reports

Exposing Void Balaur’s Internet-Connected Infrastructure

Void Balaur is a cybercriminal gang, believed to be operating from Latvia, that has been launching typosquatting and spear phishing attacks targeting users worldwide.

WhoisXML API researcher Dancho Danchev recently dove deep into the perpetrators’ campaigns aided by current and historical WHOIS records to find actionable intelligence for cybersecurity and law enforcement purposes.

Danchev’s analysis, which began with an unmasked contact email address on one of the gang’s historical WHOIS records, allowed us to build detailed threat research materials that revealed:

  • 50 domains squatting on major email service providers, including Yahoo! and Gmail
  • Nine IP addresses hosting the typosquatting domains
  • Four MD5 malware hashes believed to be connected with Void Balaur

Download the threat research materials now to access the complete list of identified artifacts used to conduct additional enrichment and threat analysis as well as trend identification.

Try our WhoisXML API for free
Get started