RisePro has managed to infect hundreds of thousands of devices since its launch in 2022. A new variant capable of not just data theft but also remote control has made the headlines recently.1
Ten indicators of compromise (IoCs) related to the latest RisePro variant have been made public in November 2023.2 The WhoisXML API research team expanded the IoC list to uncover hundreds of connected artifacts, including:
- 849 email-connected domains, 52 of which turned out to be malicious
- Two additional IP addresses, one of which turned out to be malicious
- 59 IP-connected domains, 18 of which turned out to be malicious
- 14 string-connected domains
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
—
- [1] https://any.run/cybersecurity-blog/risepro-malware-communication-analysis/
- [2] https://otx.alienvault.com/pulse/65a7fea97b1fa3cc270dff50