Cyble Research and Intelligence Labs (CRIL) recently performed an in-depth technical analysis of DarkTortilla, which they dubbed a “sophisticated phishing malware.”1
WhoisXML API researchers used the indicators of compromise (IoCs) CRIL identified as jump-off points for an expansion analysis that led to the discovery of:
- Two IP addresses the domains resolved to
- 300+ domains that shared the IoCs’ IP hosts, two of which were found malicious
- 11,300+ domains that contained the strings Cisco, Grammarly, or Atomm and could be used for other malicious campaigns; only 4% of these domains seemingly belonged to the legitimate companies and 23 were found malicious
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
—
- [1] https://blog.cyble.com/2022/12/16/sophisticated-darktortilla-malware-spreading-via-phishing-sites/
- [2] https://otx.alienvault.com/pulse/639c5f43c86da728cef904db