A U.S. Tax Scammer's Web Infrastructure through the DNS Lens
WhoisXML API found several artifacts that could be connected to an ongoing U.S. tax scam. Download the threat research materials now.
Continue reading Download reportTracing BlackNet RAT’s History through a DNS Deep Dive
BlackNet RAT has been plaguing users the world over since at least 2020. Back then, it came bundled with emails supposedly promoting a drug that could protect against COVID-19 infections.1
You would think that after the pandemic has passed, the malware would disappear, too. But it hasn’t. In fact, BlackNet RAT’s operators have moved on to far bigger things. Their existing botnet, in fact, remained a top threat in the first quarter of this year.2
Several researchers have publicized thousands of BlackNet RAT indicators of compromise (IoCs).3 Zooming in on and expanding a list of 585 IoCs—54 IP addresses and 531 domains—to find other potentially connected artifacts, the WhoisXML API research team found:
- 244 undisclosed IP resolutions, 33 of which turned out to be malicious based on malware checks
- 697 email-connected domains, three of which turned out to be malicious based on a bulk malware check
- 5,232 IP-connected domains, nine of which turned out to be malicious based on a bulk malware check
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
—
- [1] https://www.malwarebytes.com/blog/news/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool
- [2] https://decoded.avast.io/threatresearch/avast-q1-2023-threat-report/
- [3] https://otx.alienvault.com/pulse/650d0c66e0b02a6dde4a8b7a