Recently seen callback phishing tactics highlight threat actors’ manipulative skills. They bait potential victims using urgent emails then employ legitimate-looking domains and web pages when victims call back for help.
TIP researchers analyzed publicly available BazarCall indicators of compromise (IoCs)1 using WHOIS, DNS, and IP intelligence in an effort to find connections and possible vehicles for callback phishing. Using an initial list of 64 IoCs, our investigation led us to:
- 303 additional artifacts since they shared the IoCs’ IP addresses
- Two unredacted registrant details used to register the domains tagged as IoCs
- 832 domains connected to the IoCs since they shared the same registrant details
- 6,100+ domains bearing the same text strings as the IoCs
- 7% of the artifacts have been flagged as malicious
Download a sample of the threat research materials now.
-  https://www.trellix.com/en-us/assets/docs/bazarcall-iocs.pdf