Probing Lorec53 Phishing through the DNS Microscope | WhoisXML API

Threat Reports

Probing Lorec53 Phishing through the DNS Microscope

Lorec53 is an APT group that actively targeted government institutions in Eastern European countries in 2021. NSFocus conducted an in-depth study on them that revealed they utilized various phishing campaigns to infiltrate target systems and exfiltrate the data they needed.1

NSFocus shared 21 indicators of compromise (IoCs) they compiled via AlienVault OTX,2 which we used to conduct an expansion analysis to identify digital bread crumbs they may have left behind. Our deep dive revealed:

  • 20+ domains that were registered using the same email address as two of the IoCs, two of which turned out to be malicious
  • 10+ unique IP addresses to which the domains identified as IoCs resolved
  • 1,800+ domains that shared the IoCs’ IP hosts
  • 160+ domains that shared unique strings with some of the IoCs

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1]
Try our WhoisXML API for free
Get started