DomainTools

Why RDAP is the Next Big Step in Domain Intelligence

103 — Thu, 20 Feb 2025 17:00:00 +0000

Introduction For many years, domain registration data provided by the Whois protocol has been a crucial source of intelligence for cyber threat researchers. Details such as a registrant’s email address, phone number, and affiliate organization can be critical pivot points for investigators, eventually leading to a more complete answer to the Who, What, When, Where, […]

Registration Data Access Protocol Frequently Asked Questions

48 — Thu, 06 Feb 2025 15:13:19 +0000

What is RDAP? RDAP, or Registration Data Access Protocol, is a JSON-format replacement for Whois. This replacement is being driven by Internet management organizations like the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Assigned Numbers Authority (IANA). How long has RDAP been around? RDAP was initially standardized by the Internet Engineering […]

What’s RDAP and Whereis Whois?

48 — Tue, 28 Jan 2025 15:52:06 +0000

Why is Whois Being Sunset? Domain registration data has been a long-standing asset for threat intelligence; correlating registration data across domains can uncover additional identifiers related to threat actors targeting companies, their employees, and their customers. Even with privacy redactions, registration data continues to be a critical source of information for threat analysts. Whois has […]

How Domain Intelligence and Passive DNS Create A Fuller Domain Profile

48 — Tue, 10 Dec 2024 16:19:44 +0000

Introduction We often hear of folks using our tools that they may have a preference for one over another. I think that’s just human nature – we tend to stick with what we know because it’s been working for us – if it ain’t broke why fix it? While it may be true that your […]

Phishmas Comes Early: New Developments in USPS Smishing Attacks

48 — Tue, 29 Oct 2024 10:00:24 +0000

Executive Summary Introduction Last year, DomainTools published research on a phishing campaign that targeted individuals by using SMS messages to impersonate the USPS. The original article provides details on likely responsible threat actor Chenlun/Sinkinto01. Apparently, the holiday season arrived early for me this year and I may have Chenlun to thank. In one year’s time, […]

Post Quantum Cryptography (PQC): You May Already Be Using It!

54 — Thu, 17 Oct 2024 15:37:02 +0000

DNS makes the Internet usable and cryptography makes it secure. In this blog, we’ll discuss important changes happening in cryptography

Uncovering Domains Created by Octo2’s Domain Generation Algorithm

54 — Thu, 10 Oct 2024 10:00:00 +0000

Introduction: What is Octo2? Octo2 is a new version of one of the most prolific malware families, Octo (ExobotCompact). The banking trojan targets Android mobile devices and the newest version is likely to be seen globally in the coming year. The “Architect” of Octo released Octo2 after the original’s source code was leaked earlier this […]

Out Here Playing Games

48 — Thu, 13 Jun 2024 15:37:03 +0000

It’s 8 A.M on a Saturday morning and I don’t have to be on the hunt, but I am anyway. Two fat OSINT (open-source intelligence) books lay on the desk beside the humming computer. The legal pad next to my keyboard is busy with notes, arrows, boxes, and exclamation points. Geographic, language, and cultural data […]

New Draft Rule on Ransomware Payments and Cyber Incident Reporting

90 — Thu, 16 May 2024 16:00:00 +0000

The public has the opportunity to comment on the Cyber Incident Report for Critical Infrastructure Act through June 2, 2024. In this article, we highlight summaries of complex material and further reading

DomainTools Reflections on the 2024 Data Breach Investigations Report

54 — Wed, 01 May 2024 04:02:18 +0000

Review key findings from the 2024 Verizon Data Breach Investigations Report with a focus on phishing, BEC, and Ransomware.