Peering into Midnight Blizzard’s DNS Footprint
WhoisXML API found 160 artifacts that could be connected to Midnight Blizzard. Download the threat research materials now.
Continue reading Download reportKoobface Makes a Comeback
The infamous Koobface Gang1 is possibly causing malware mayhem again. After Facebook and cybersecurity researchers unmasked the perpetrators back in 2012, the gang members shut down their servers in a bid to avoid capture.2
After almost a decade, the gang may be back. WhoisXML API threat researcher Dancho Danchev uncovered artifacts possibly alluding to the Koobface Gang’s comeback. His deep dive into the threat revealed:
- Close to 6,000 domains registered using the said email addresses, close to 50 of which turned out to be malicious
- Nearly 40 IP addresses to which the domains resolved, one of which has been dubbed “malicious” by various malware engines
- Close to 700 possibly connected domains, as they shared the IP addresses of the original list of domains, one of which has been named a malware host
- A majority of the domains pointed to car sales, co-working and co-living space rental, and product and service provider pages, possibly indicating new targets
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
—
- [1] https://www.nytimes.com/2012/01/17/technology/koobface-gang-that-used-facebook-to-spread-worm-operates-in-the-open.html
- [2] https://www.nbcnews.com/id/wbna46060605