Summary:
This article discusses the findings of a DNS investigation conducted by the WhoisXML API research team, focusing on potential cyber threats associated with Thanksgiving and Black Friday. The research uncovered numerous malicious domains, IP addresses, and email connections that cybercriminals may exploit during the holiday season. The analysis highlights the importance of vigilance during major shopping events to protect against cyber attacks.
#ThanksgivingThreats #BlackFridayCyberSecurity #MaliciousDomains
This article discusses the findings of a DNS investigation conducted by the WhoisXML API research team, focusing on potential cyber threats associated with Thanksgiving and Black Friday. The research uncovered numerous malicious domains, IP addresses, and email connections that cybercriminals may exploit during the holiday season. The analysis highlights the importance of vigilance during major shopping events to protect against cyber attacks.
#ThanksgivingThreats #BlackFridayCyberSecurity #MaliciousDomains
Keypoints:
- The WhoisXML API research team conducted a DNS investigation for Thanksgiving and Black Friday-themed cyber threats.
- They discovered 318 email-connected domains, with one identified as malicious.
- A total of 786 IP addresses were found, with 635 being malicious.
- 1,975 IP-connected domains were identified, with two being malicious.
- 3,521 string-connected subdomains were also uncovered.
- 2,091 blackfriday domains and 233 thanksgiving domains were analyzed.
- Most domains were created from 2023 onward, indicating a surge in new registrations.
- The majority of the domains were registered in the U.S. and Iceland.
- Threat Intelligence API linked four of the analyzed domains to various threats.
- A significant number of IP addresses were geolocated in the U.S., with Cloudflare being the leading ISP.
MITRE Techniques:
- Command and Control (T1071): Utilizes multiple command and control domains to maintain communication with compromised systems.
- Phishing (T1566): Involves sending emails that appear legitimate to trick users into providing sensitive information.
- Malware (T1203): Exploits vulnerabilities in software to deliver malicious payloads.
- Spam (T1566.001): Uses unsolicited emails to distribute malicious content or links.
IoC:
[domain] blackfriday-best-deals[.]com
[domain] feiraochevro[.]com
[ip address] 103.169.142.0
[ip address] 216.239.32.21
[ip address] 3.13.222.255
[ip address] 44.227.65.245
[ip address] 51.91.236.255
Full Research: https://circleid.com/posts/uncovering-potential-black-friday-and-thanksgiving-threats-with-dns-data