DNS Spotlight: New MITRE ATT&CK Group Entrants as of October 2025

Keypoints

• MITRE named nine new groups: six Enterprise, two Mobile, and one ICS group, with IoC data collected for several (notably AppleJeus, Contagious Interview, Storm-0501, Water Galura, Star Blizzard, MuddyWater, UNC3886, Medusa Group, and Lazarus Group).
• Researchers compiled 126 domain IoCs for five groups but, after WHOIS/Threat Intelligence checks, 108 domains were deemed suspicious or malicious and were the focus of analysis.
• The investigation also analyzed 31 IP-address IoCs and five email-address IoCs; network telemetry showed 1,839 unique potential victim IPs communicating with four IoC IPs between 9 Sep–13 Nov 2025.
• First Watch Malicious Domains feed flagged two Contagious Interview domains as likely malicious 10 days before they were reported as IoCs (complexassess[.]com, intro-crypto-assess[.]com).
• DNS Chronicle and WHOIS history queries revealed extensive historical domain-to-IP and IP-to-domain resolutions (e.g., 97 domains with 2,022 resolutions; 19 IPs with 5,451 resolutions) and domain registrations spanning 2019–2025 across 23 registrars.
• Hunting expanded artifacts: 78 email-connected domains were discovered (11 linked to known attacks), eight additional IPs were found (seven weaponized), and samples of additional artifacts are available for download.