Author: CircleID

Global Domain Activity Trends Seen in Q4 2024
This report analyzes domain registration trends from Q4 2024, revealing an 11.0% increase in newly registered domains (NRDs) compared to the previous quarter. It highlights the rise in cyber attacks and the prevalence of malicious domains, particularly in the .com gTLD. Affected: Newly Registered Domains, Mail Exchange Domains, Name Server Domains

Keypoints :

11.0% increase in newly registered domains (NRDs) in Q4 2024 compared to Q3 2024.…
Read More
Tracking Down APT Group WIRTE’s DNS Movements
The WIRTE APT group has been active since 2018, primarily targeting organizations in the Middle East and Europe, including government and financial sectors. Recent activities have focused on Middle Eastern entities, utilizing custom loaders like IronWind. A comprehensive analysis revealed 56 indicators of compromise (IoCs) and additional artifacts, highlighting the group’s ongoing threat.…
Read More
WhoisXML API has launched the First Watch Malicious Domains Data Feed, which uses advanced deep learning technology to provide daily predictive threat intelligence, detecting malicious domains with high precision. This tool enhances the proactive capabilities of security operations centers and managed security service providers. Affected: WhoisXML API, Security Operations Centers (SOCs), Managed Security Service Providers (MSSPs)

Keypoints :

Launch of First Watch Malicious Domains Data Feed by WhoisXML API.…
Read More
New Year, Old Threats: What Does the DNS Reveal About 2025?
This article discusses the emergence of advanced phishing attacks in 2025, utilizing generative AI and focusing on domain threats. Researchers analyzed 1,000 suspicious domains containing the string “2025,” revealing numerous malicious connections and trends in domain registration. Affected: WhoisXML API, First Watch Malicious Domains Data Feed

Keypoints :

Advanced phishing attacks are increasingly leveraging generative AI.…
Read More

ToxicPanda is a new banking Trojan targeting Android devices, effectively bypassing security measures to commit on-device fraud. It has been active since October 2024, primarily impacting users in Asia and Latin America. A detailed analysis revealed numerous indicators of compromise (IoCs) associated with this malware. #ToxicPanda #BankingTrojan #Cybersecurity

Keypoints :

ToxicPanda targets Android devices and initiates money transfers through account takeovers.…
Read More

The Hidden Risk campaign exploits the growing cryptocurrency market, using fake crypto news to distribute RustBucket malware. This malicious activity has been linked to numerous indicators of compromise (IoCs) and highlights the increasing need for cybersecurity awareness among crypto users. #CyberSecurity #Cryptocurrency #Malware

Keypoints :

Over 560 million people own cryptocurrencies, making them potential targets for cyber attacks.…
Read More

Summary: This article investigates the potential threats associated with Christmas-themed domains, revealing a significant number of malicious domains and IP addresses. The findings highlight the importance of vigilance during the holiday shopping season to avoid scams. #HolidayScams #ThreatIntelligence #DomainAnalysis Keypoints: 22,923 Christmas-themed domains were analyzed for potential threats.…
Read More
Summary: The SideWinder APT group, active since 2012, has targeted military and government entities in Asia. Recent analysis revealed a significant number of indicators of compromise (IoCs), including domains and IP addresses linked to malicious activities. The findings highlight the group’s extensive operational footprint and the need for ongoing vigilance against such threats.…
Read More
Summary: Silent Push has been investigating the FUNULL content delivery network for two years, uncovering a vast malicious domain cluster linked to various cybercriminal activities. Their findings reveal over 200,000 hostnames generated by a domain generation algorithm, with numerous suspicious indicators and artifacts identified. The research highlights the importance of monitoring such networks for threat detection and response.…
Read More
Summary: As Thanksgiving approaches, cyber threat actors exploit holiday-related domains to lure victims. Recent research uncovered numerous malicious domains and IP addresses linked to Black Friday and Thanksgiving-themed cyber attacks, highlighting the need for vigilance during this shopping season. #ThanksgivingThreats #BlackFridayScams #CyberAwareness Keypoints: 318 email-connected domains identified, with one deemed malicious.…
Read More
Summary: The RomCom malware has evolved into a new variant known as Snipbot or RomCom 5.0, which employs advanced techniques to evade detection and extort government agencies. This version utilizes valid code signing certificates to appear trustworthy, allowing it to execute commands and steal data. A comparative analysis of IoCs across different RomCom versions revealed numerous malicious domains and IP addresses.…
Read More

Summary:

Phishing remains a significant online threat, with cybercriminals continuously evolving their tactics. The Mamba 2FA malware has introduced adversary-in-the-middle capabilities, allowing it to circumvent multifactor authentication measures. Recent analysis revealed numerous indicators of compromise, including domain names and IP addresses linked to this malware.

Keypoints:

Phishing continues to be a major threat in the cybersecurity landscape.…
Read More

Summary:

The U.S. Office of Public Affairs announced the seizure of 32 websites linked to the “Doppelganger” campaign, suspected to be a Russian-sponsored cyberpropaganda effort targeting the U.S. and other nations. The seized domains were primarily used for distributing fake news and disinformation, with a significant number of them mimicking legitimate news sources.…
Read More
Short Summary

A cyber espionage campaign utilizing customized malware named “Voldemort” has targeted over 70 organizations worldwide, sending around 20,000 phishing emails. The campaign employed various tactics including weaponized Google Sheets and impersonation of government agencies. Security researchers identified multiple indicators of compromise (IoCs) and expanded the list to include additional connected artifacts.…

Read More