A DNS Investigation into Mamba 2FA, the Latest AitM Phishing Player
WhoisXML API found 400+ artifacts that could be connected to Mamba 2FA. Download the threat research materials now.
Continue reading Download reportInvestigating the Proliferation of Deepfake Scams
Deepfakes can cause real harm. In February 2024, for example, an employee of a multinational company was tricked into handing US$25 million to a scammer who pretended to be their company’s CFO.1
In light of this and similar attacks, security researchers have tried to shed more light into deepfake scams and the risks they pose. One report, in particular, unveiled 416 scam IoCs.2
The WhoisXML API research team investigated just how widespread deepfake scam infrastructures could be in the DNS through an IoC list expansion analysis. Our study uncovered potentially connected artifacts comprising:
- 1,070 registrant-connected domains
- Six email-connected domains
- 316 IP addresses, 285 of which turned out to be malicious
- 515 IP-connected domains, three of which turned out to be associated with various threats
- 3,056 string-connected domains, 12 of which may have already figured in malicious campaigns
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://www.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html
- [2] https://unit42.paloaltonetworks.com/dynamics-of-deepfake-scams/