Identifying Domains Through Hardcoded Certificate Values
released on 2024-04-05 @ 09:45:05 AM
This analysis identifies malicious domains associated with the MatanBuchus threat group by leveraging hardcoded subdomains in TLS certificates. After examining historical DNS records and certificate details, the pivotal approach involves searching for certificates with specific subdomains, registered around March 2024 by GeoTrust/Digicert. This method uncovers six domains sharing a financial theme, likely hosting MatanBuchus malware infrastructure.