Passive DNS Pivoting - Uncovering APT Infrastructure Through Historical Records and Subdomain Analysis
released on 2024-04-01 @ 07:55:23 PM
This report demonstrates the process of leveraging publicly available intelligence reports and passive DNS analysis tools to uncover additional malicious infrastructure associated with a specific threat actor, referred to as ACTINIUM. By analyzing patterns in domains, IP addresses, registration dates, and subdomain structures provided in an initial report by Microsoft, the analysis identifies 122 new domains exhibiting similar characteristics. The report serves as an educational guide on how analysts can expand on existing intelligence using accessible tooling and open-source data.