Practical Examples Of Malware Infrastructure Discovery With Passive DNS
By Matthew @ Embee Research - 2024-07-19
Introduction Passive DNS is a powerful tool that enables analysts to discover infrastructure through patterns contained in DNS records.
![Practical Examples Of Malware Infrastructure Discovery With Passive DNS](https://www.validin.com/images/malware_discovery_with_pdns/practical_malware_infra_discovery.jpeg)
![Hunting Lazarus: Expanding Indicators with Historic DNS](https://www.validin.com/images/hunting_lazarus/lazarus.png)
Hunting Lazarus: Expanding Indicators with Historic DNS
Introduction Lazarus Group (APT38) is a North Korean state-sponsored cyber threat group that has been attributed to the Reconnaissance General Bureau that has been active since 2009 and is widely thought to be responsible for the Sony Pictures Entertainment cyber-attack in 2014.
![Poseidon Analysis - Quick and Intuitive Workflows with Validin](https://www.validin.com/images/poseidon_analysis/recent_host_responses_for_indicator.png)
Poseidon Analysis - Quick and Intuitive Workflows with Validin
Introduction Validin has an extensive database of Passive DNS (PDNS) and Web data that allows an analyst to quickly and intuitively analyse domains and identify additional infrastructure.
![Using Favicon Hashes to Expand Threat Knowledge](https://www.validin.com/images/favicon_hashes/array_of_favicon_hashes.png)
Using Favicon Hashes to Expand Threat Knowledge
Validin tracks the favicon hashes of hundreds of millions of websites, enabling you to quickly identify similar websites based on the favorite icon they advertise.
![Revealing Australian Toll Spammer Infrastructure With PDNS](https://www.validin.com/images/toll-smishing-2/13_finding_lookalike_domains_with_validin.png)
Revealing Australian Toll Spammer Infrastructure With PDNS
Introduction We’ve all seen those annoying spam messages that prompt us to click on links related to outstanding payments.
![Expanding APT42 Intelligence with Validin](https://www.validin.com/images/apt42/pivoting_through_pdns_history_to_find_new_domains.webp)
Expanding APT42 Intelligence with Validin
Introduction In this blog post, we’ll use indicators from a recent threat report as a starting point for further enrichment in the Validin platform to find additional likely-related infrastructure.
![Hunting for "Unpaid Toll" Phishing Campaigns with Validin](https://www.validin.com/images/toll-smishing/toll_booking_expedia_phishing_campaigns.webp)
Hunting for "Unpaid Toll" Phishing Campaigns with Validin
Introduction On April 12th, 2024, the FBI published a public service announcement warning of a smishing scam regarding “debt for road toll services.
![Unearthing a phishing campaign against Calendly](https://www.validin.com/images/finding-calendly-domains/image11.webp)
Unearthing a phishing campaign against Calendly
Introduction In this post, we’ll use Validin’s comprehensive DNS and endpoint responses to uncover a threat actor that uses Calendly phishing domains to steal user credentials.
![Unmasking Crypto Phishing Websites with Validin](https://www.validin.com/images/html_anchor_link_pivots_in_validin.webp)
Unmasking Crypto Phishing Websites with Validin
Introduction In this post, I’ll walk you through the discovery process of using Validin’s extensive domain and IP crawling data to find dozens of related crypto-themed phishing websites.
![Finding “Lost iPhone” Smishing with Validin](https://www.validin.com/images/phishing-domain-passive-dns-change-history.webp)
Finding “Lost iPhone” Smishing with Validin
Introduction In this post, I’ll walk through another real-world example of smishing, this time from a LinkedIn post (also found on this blog) detailing a phone theft experience that nearly resulted in an additional account takeover via a likely targeted phishing campaign.
End of content
No more pages to load