Summary:
The research conducted by WhoisXML API highlights the increased cyber threats during the Thanksgiving and Black Friday seasons, revealing numerous malicious domains and IP addresses. The study identified significant numbers of email-connected domains, IP addresses, and suspicious subdomains that could serve as attack vectors. The findings emphasize the importance of vigilance during holiday shopping periods.
#ThanksgivingCyberThreats #BlackFridaySecurity #MaliciousDomains
The research conducted by WhoisXML API highlights the increased cyber threats during the Thanksgiving and Black Friday seasons, revealing numerous malicious domains and IP addresses. The study identified significant numbers of email-connected domains, IP addresses, and suspicious subdomains that could serve as attack vectors. The findings emphasize the importance of vigilance during holiday shopping periods.
#ThanksgivingCyberThreats #BlackFridaySecurity #MaliciousDomains
Keypoints:
318 email-connected domains were discovered, with one identified as malicious.
786 IP addresses were analyzed, with 635 deemed malicious.
1,975 IP-connected domains were found, with two being malicious.
3,521 string-connected subdomains were identified.
2,091 blackfriday-themed domains and 233 thanksgiving-themed domains were analyzed.
Most identified domains were created from 2023 onward.
Four domains were associated with various threats, including phishing.
219 email addresses were extracted from WHOIS records, leading to 318 email-connected domains.
Threat Intelligence API flagged several IP addresses for various threats, including command and control and malware.
MITRE Techniques:
Command and Control (T1071): Utilizes multiple command and control domains to maintain communication with compromised systems.
Phishing (T1566): Involves sending fraudulent communications to trick users into revealing sensitive information.
Malware (T1203): Exploits vulnerabilities in software to deliver malicious payloads.
Suspicious Activity (T1086): Involves executing scripts or commands that may indicate malicious intent.
IoC:
[domain] blackfriday-best-deals[.]com
[domain] feiraochevro[.]com
[IP Address] 103.169.142.0
[IP Address] 216.239.32.21
[IP Address] 3.13.222.255
[IP Address] 44.227.65.245
[IP Address] 51.91.236.255
Full Research: https://circleid.com/posts/uncovering-potential-black-friday-and-thanksgiving-threats-with-dns-data