Bleeping Computer’s analysis of a recent malicious campaign targeting users looking for open-source software download sites publicized 68 domains as indicators of compromise (IoCs).1
WhoisXML API researchers expanded that list aided by WHOIS and DNS intelligence and uncovered 800+ more artifacts, including 36 malicious web properties. These are:
- Two unredacted registrant email addresses from the IoCs’ current WHOIS records that led to 18 email-connected domains
- Two IP addresses to which the IoCs’ resolved, both of which were found malicious
- 329 IP-connected domains, five of which turned out to be malicious
- 84 string-connected domains, two of which were malicious
- 387 domains that contained the 11 software brands the attackers targeted, 27 of which were confirmed malware hosts
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
—
- [1] https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/