Hunting for TimbreStealer Malware Artifacts in the DNS | WhoisXML API

Threat Reports

Hunting for TimbreStealer Malware Artifacts in the DNS

Yet another information-stealing malware TimbreStealer has been discovered. Threat actors were seen distributing it to target victims in Mexico using finance-themed phishing lures.

Building on the list of 152 IoCs,1 WhoisXML API researchers found more than 19,000 potential artifacts comprising:

  • 111 email-connected domains
  • 11 additional IP addresses
  • 38 IP-connected domains
  • 452 string-connected domains
  • 18,798 string-connected subdomains

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://blog.talosintelligence.com/timbrestealer-campaign-targets-mexican-users/
Try our WhoisXML API for free
Get started