2023 IoC List Expansion for APAC-Based/Targeting APT Groups
WhoisXML API researchers leveraged historical WHOIS intelligence to expand lists of indicators of compromise (IoCs) connected to six APT groups, namely, APT29, APT32, Earth Lusca, Higaisa, Sandworm Team, and Turla.
The report examined the publicly exposed email WHOIS footprints of domain IoCs reported to belong to APT groups. From 44 IoCs studied, we found:
- 150+ email addresses found in the domain IOCs’ historical WHOIS records, 30 of which were public email addresses
- 60+ domain artifacts, which current WHOIS records contained the public email addresses
- 350+ domain artifacts, which historical WHOIS records contained the public email addresses
- Several email-connected domain artifacts that remain active
Download the white paper now or contact us to access the research materials.