A DNS Deep Dive into FUNNULL’s Triad Nexus
WhoisXML API found 11,900+ artifacts that could be connected to Triad Nexus. Download the threat research materials now.
Continue reading Download reportOn a DNS Threat Hunt for DISGOMOJI
There’s a first time for everything, they say. And guess what? That’s also true for cyber attacks. Or at least for the latest UTA0137 cyber espionage campaign targeting Indian organizations. It used DISGOMOJI, a malware coded in Golang and came in the guise of emojis.1
A total of 24 indicators of compromise (IoCs) related to the DISGOMOJI-enabled attack comprising 19 domain names and five IP addresses have been made public so far.2
To uncover other potentially connected artifacts not yet part of published reports, the WhoisXML API research team expanded the current list of IoCs and found:
- Five email-connected domains
- Eight additional IP addresses, all of which turned out to be malicious
- 320 IP-connected domains
- 31 string-connected domains
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- https://thehackernews.com/2024/06/pakistani-hackers-use-disgomoji-malware.html
- https://github.com/volexity/threat-intel/blob/main/2024/2024-06-13%20DISGOMOJI/indicators/iocs.csv