Unraveling the DNS Connections of ToxicPanda
WhoisXML API found 830+ artifacts that could be connected to ToxicPanda. Download the threat research materials now.
Continue reading Download reportTracking Down APT Group WIRTE’s DNS Movements
Many if not all advanced persistent threat (APT) groups continue to launch attacks long after they are first formed. One such group, WIRTE, for instance, has been active since at least August 2018.1
The most recent WIRTE attack utilized custom loaders like IronWind to infiltrate target networks based in the Middle East, specifically the Palestinian Authority, Jordan, Egypt, and Saudi Arabia.2
The WhoisXML API research team expanded a list of 56 indicators of compromise (IoCs)3 and uncovered thousands of connected artifacts comprising:
- 360 email-connected domains
- 36 additional IP addresses, 35 of which turned out to be malicious
- Six IP-connected domains, one of which turned out to be malicious
- 41 string-connected domains
- 3,088 string-connected subdomains
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://attack.mitre.org/groups/
- [2] https://thehackernews.com/2023/11/new-campaign-targets-middle-east.html
- [3] https://research.checkpoint.com/2024/hamas-affiliated-threat-actor-expands-to-disruptive-activity/