Tracing the DNS Footprints of REF7707 | WhoisXML API

Tracing the DNS Footprints of REF7707

To download the full report in PDF, please fill in the form.

The REF7707 campaign actors recently targeted the foreign ministry of a South American country. According to a published report, the group has been connected to previous compromises in Southeast Asia.

The threat actors reportedly used three new malware—FINALDRAFT, GUIDLOADER, and PATHLOADER—for the attack. The study listed 13 indicators of compromise (IoCs) comprising eight domains and five IP addresses.1

WhoisXML API expanded the current list of IoCs and uncovered connected artifacts, namely:

  • 155 email-connected domains
  • One IP-connected domain
  • 14 string-connected domains

Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.

  • [1] https://www.elastic.c
Try our WhoisXML API for free
Get started