Sifting for Digital Breadcrumbs Related to the Latest Zoom Attack | WhoisXML API

Threat reports

Sifting for Digital Breadcrumbs Related to the Latest Zoom Attack

Zoom has long been a prime cyber attack target, which isn’t surprising given that the platform accounts for 3.3 trillion meeting minutes each year.1

Most recently, threat actors laced Zoom downloads with IceID malware designed to steal affected users’ credentials. Cyble researchers publicized three indicators of compromise (IoCs) so far,2 we added more than 20,000 artifacts to that. Our IoC list expansion analysis specifically dug up:

  • Two additional IP addresses that played host to the domains
  • 299 domains that shared the IoCs’ IP hosts
  • Three domains that contained the string explorezoom as one IoC
  • 20,000 domains and subdomains that contained the string zoom, 31 of which turned out to be malicious

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://backlinko.com/zoom-users
  • [2] https://blog.cyble.com/2023/01/05/zoom-users-at-risk-in-latest-malware-campaign/
Try our WhoisXML API for free
Get started