| WhoisXML API

Threat Reports

Uncovering Suspicious Download Pages Linked to App Installer Abuse

Several financially motivated threat actors were seen abusing Microsoft’s App Installer, likely in an effort to distribute ransomware.

Building on the list of domains and subdomains tagged as IoCs,1 WhoisXML API researchers found more than 1,100 potential artifacts comprising:

  • Four email-connected domains
  • 127 IP-connected domains
  • 401 string-connected domains
  • 596 string-connected subdomains

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Try our WhoisXML API for free
Get started