The New RisePro Version in the DNS Spotlight | WhoisXML API

Threat Reports

The New RisePro Version in the DNS Spotlight

RisePro has managed to infect hundreds of thousands of devices since its launch in 2022. A new variant capable of not just data theft but also remote control has made the headlines recently.1

Ten indicators of compromise (IoCs) related to the latest RisePro variant have been made public in November 2023.2 The WhoisXML API research team expanded the IoC list to uncover hundreds of connected artifacts, including:

  • 849 email-connected domains, 52 of which turned out to be malicious
  • Two additional IP addresses, one of which turned out to be malicious
  • 59 IP-connected domains, 18 of which turned out to be malicious
  • 14 string-connected domains

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://any.run/cybersecurity-blog/risepro-malware-communication-analysis/
  • [2] https://otx.alienvault.com/pulse/65a7fea97b1fa3cc270dff50
Try our WhoisXML API for free
Get started