Threat intelligence API Docs Pricing Solutions Resources Contact us

Threat reports

Read other reports

Looking for More Signs of Nitrogen in the DNS

Nitrogen, a malware first seen in 2023,1 again resurfaced in a campaign targeting system administrators in North America.2

Jumping off a published list of 13 IoCs, 11 domains and two IP addresses to be exact, the TIP research team found more connected artifacts, specifically:

  • 18 email-connected domains
  • 13 additional IP addresses, 10 of which were malicious
  • 457 IP-connected domains
  • 12 string-connected domains
  • 9,999 registrant-connected domains, 273 of which were malicious

Fellow researchers also revealed Nitrogen connections to fake PuTTY and FileZilla installers. We scoured the DNS for signs of similar threats and found 292 potentially typosquatting domains, five of which have already been weaponized for attacks.

Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response.

  • [1]
  • [2]
Read other reports
To download the full report in PDF, please fill in the form.
I have read and agree to the Terms of Service and Privacy Policy
Please keep me updated on news, events, and offers.

Try our Threat Intelligence API for free

Get FREE trial
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to

Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.