Threat intelligence API Docs Pricing Solutions Resources Contact us

Threat reports

Read other reports

A Call for Help May Lead to Malware: BazarCall IoC Analysis and Expansion





Recently seen callback phishing tactics highlight threat actors’ manipulative skills. They bait potential victims using urgent emails then employ legitimate-looking domains and web pages when victims call back for help. 

TIP researchers analyzed publicly available BazarCall indicators of compromise (IoCs)1 using WHOIS, DNS, and IP intelligence in an effort to find connections and possible vehicles for callback phishing. Using an initial list of 64 IoCs, our investigation led us to:

  • 303 additional artifacts since they shared the IoCs’ IP addresses
  • Two unredacted registrant details used to register the domains tagged as IoCs
  • 832 domains connected to the IoCs since they shared the same registrant details
  • 6,100+ domains bearing the same text strings as the IoCs
  • 7% of the artifacts have been flagged as malicious

Download a sample of the threat research materials now.

  • [1] https://www.trellix.com/en-us/assets/docs/bazarcall-iocs.pdf
Read other reports
To download the full report in PDF, please fill in the form.
I have read and agree to the Terms of Service and Privacy Policy
Please keep me updated on news, events, and offers.

Try our Threat Intelligence API for free

Get FREE trial
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to

Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.