Checking Out the DNS for More Signs of ResumeLooters
The threat actors behind ResumeLooters1 may have found another way to siphon off personally identifiable information (PII), that is, by stealing their victims’ CVs.
Security researchers reported about the ResumeLooters campaign in early February 2024. They identified 15 indicators of compromise (IoCs), specifically seven domain names, three subdomains, and five IP addresses as part of their analysis.
The WhoisXML API research team sought to uncover more artifacts possibly related to ResumeLooters aided by in-house DNS intelligence and found: