WhoisXML API analyzed over 7.3 million domains registered in July 2024 to identify popular registrars, TLD extensions, and trends in domain registration, including .com dominance and widespread WHOIS redaction. The study ties phishing-driven IoCs to malware distribution and C2 activity, with threat reports touching Cosmic Leopardโs Celestial Force and the Samourai Wallet case. #CosmicLeopard #CelestialForce #SamouraiWallet #V3BPhishingKit #GoDaddy #WhoisXMLAPI
Keypoints
- 7.3 million domains registered in July 2024.
- 75.7% of new registrations used generic TLDs (gTLDs).
- .com was the most popular TLD, accounting for 38.6% of registrations.
- GoDaddy.com LLC remained the leading registrar with a 16.6% market share.
- 61.2% of new registrations had redacted WHOIS records.
- Phishing was the most common threat type associated with IoCs, making up 53.4% of cases.
- IoCs show top TLDs for threats: .com 17.2% of IoCs; other major gTLDs include .org (15.7%), .net (14.9%), .biz (10.4%), and .info (4.9%).
MITRE Techniques
- [T1566] Phishing โ
- โPhishing is the most common threat type associated with IoCs, accounting for 53.4% of cases.โ
- [T1203] Malware Distribution โ
- โ27.6% of IoCs were related to malware distribution.โ
- [T1071] Command and Control โ
- โRelated to the use of domains for command and control communications.โ
- [T1003] Credential Dumping โ
- โPotentially relevant in the context of phishing attacks targeting user credentials.โ
Indicators of Compromise
- [Domain] IoCs context โ 3,128 domains and subdomains weaponized for phishing campaigns; 1 million domains tagged as IoCs in July, per threat reports.
- [IP Address] IoCs context โ 14 IP addresses that hosted IoCs for phishing campaigns.
Read more: https://circleid.com/posts/20240817-july-2024-domain-activity-highlights