← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks
WHITE Squeamish Libra AlienVault 2025-01-21 Modified: 2025-02-20
102
IOCs
HIGH VOLUME
The report discusses an automated approach using graph neural networks to proactively detect malicious infrastructure employed by threat actors in cyber attacks based on known indicators. It examines the relationships between different types of indicators, such as co-hosted domains, malware delivery URLs, and SSL certificates, which can reveal connections between seemingly unrelated infrastructure. The approach involves training a graph neural network classifier on these relationships to identify new malicious domains and infrastructure. Three case studies are presented, highlighting the effectiveness of this approach in uncovering large-scale phishing campaigns targeting postal services, financial institutions, and web skimmer operations.
phishingautomationmalicious domainsgraph neural networksskimmeraranuk/carbanak
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Aranuk/Carbanak
Indicators of Compromise (102)
All domain hostname
TYPEINDICATORDESCRIPTIONCREATED
domain advanced-ip-sccanner.com 2025-01-21
domain byvlsa.com 2025-01-21
domain chatwareopenalgroup.net 2025-01-21
domain correoparaguayo-myposta.top 2025-01-21
domain correoparaguayo-mypostf.top 2025-01-21
domain correoparaguayo-myposth.top 2025-01-21
domain correoparaguayo-myposts.top 2025-01-21
domain correoparaguayo-mypostvsa.top 2025-01-21
domain correoparaguayo-mypostvsd.top 2025-01-21
domain correoparaguayo-mypostvse.top 2025-01-21
domain correoparaguayo-mypostvsf.top 2025-01-21
domain correoparaguayo-mypostvsg.top 2025-01-21
domain correoparaguayo-mypostvsh.top 2025-01-21
domain correoparaguayo-mypostvsi.top 2025-01-21
domain correoparaguayo-mypostvsl.top 2025-01-21
domain correoparaguayo-mypostvsp.top 2025-01-21
domain correoparaguayo-mypostvst.top 2025-01-21
domain correoparaguayo-mypostvsu.top 2025-01-21
domain correoparaguayo-mypostvsx.top 2025-01-21
domain correoparaguayo-mypostvsy.top 2025-01-21
domain correoparaguayo-mypostvsz.top 2025-01-21
domain correosesllr.top 2025-01-21
domain correosespe.top 2025-01-21
domain correoseswe.top 2025-01-21
domain correospanamaagobs-csc.top 2025-01-21
domain correospanamaagobs-csd.top 2025-01-21
domain correospanamaagobs-cse.top 2025-01-21
domain correospanamaagobs-csr.top 2025-01-21
domain correospanamaagobs-css.top 2025-01-21
domain correospanamaagobs-csx.top 2025-01-21
domain cssjs.co 2025-01-21
domain establish-coinbase.com 2025-01-21
domain eurobank-stocks.us 2025-01-21
domain eurobank-stockscom.com 2025-01-21
domain gcorpfinbank.info 2025-01-21
domain google-site-verification.com 2025-01-21
domain inposdomag.top 2025-01-21
domain inposdomak.top 2025-01-21
domain ipscanneronline.com 2025-01-21
domain ipscannershop.com 2025-01-21
domain jquerylib-min.net 2025-01-21
domain jsmin.co 2025-01-21
domain koreapostge.shop 2025-01-21
domain koreapostma.shop 2025-01-21
domain koreapostmk.shop 2025-01-21
domain koreapostmv.shop 2025-01-21
domain koreapostmx.shop 2025-01-21
domain koreapostmz.shop 2025-01-21
domain koreapostni.shop 2025-01-21
domain koreapostnp.shop 2025-01-21
domain koreapostnu.shop 2025-01-21
domain koreapostpc.shop 2025-01-21
domain koreapostpe.shop 2025-01-21
domain koreapostpf.shop 2025-01-21
domain koreapostpg.shop 2025-01-21
domain koreapostpo.shop 2025-01-21
domain koreapostpt.shop 2025-01-21
domain koreapostpu.shop 2025-01-21
domain koreapostpw.shop 2025-01-21
domain koreapostst.shop 2025-01-21
domain koreapostxb.shop 2025-01-21
domain koreapostxn.shop 2025-01-21
domain koreapostxt.shop 2025-01-21
domain metropoliscapitalbank.us 2025-01-21
domain myipscanner.com 2025-01-21
domain myscannappo.com 2025-01-21
domain myscannappo.info 2025-01-21
domain myscannappo.online 2025-01-21
domain oceansharebank.com 2025-01-21
domain pristineglobalinvestmentbank.com 2025-01-21
domain standardcharteredbank.live 2025-01-21
domain staticlitycis.com 2025-01-21
domain theipscanner.com 2025-01-21
domain us-usos-qwtaa.top 2025-01-21
domain us-usos-qwtad.top 2025-01-21
domain us-usos-qwtaz.top 2025-01-21
domain usps-supsrfvw.top 2025-01-21
domain usps-supsrmuo.top 2025-01-21
domain usps-supsrrne.top 2025-01-21
domain usps-supsrrno.top 2025-01-21
domain usps-supsrtys.top 2025-01-21
domain uspsepsu.top 2025-01-21
domain uspsftpr.top 2025-01-21
domain uspsfugu.top 2025-01-21
domain uspsgrjp.top 2025-01-21
domain uspsntfj.top 2025-01-21
domain uspstpar.top 2025-01-21
domain uspsyeay.top 2025-01-21
domain uspsygfk.top 2025-01-21
domain woocomnnerce.com 2025-01-21
hostname apple.com-ticket.info 2025-01-21
hostname apps.guardiantrustbanks.us 2025-01-21
hostname capitalxpresslogistic.live.firstnationalbank.live 2025-01-21
hostname deutsche-chartered-bank.cloudswt.com 2025-01-21
hostname ftp.pristineglobalinvestmentbank.com 2025-01-21
hostname hgsgbank.com.nexcreditunion.com 2025-01-21
hostname inncbank.com.nexcreditunion.com 2025-01-21
hostname truistcommercialbank.live.rhinoswiftdelivery.live 2025-01-21
hostname usps.postscy.top 2025-01-21
hostname webmail.portal.guardiantrustbank.us 2025-01-21
hostname www.capitalxpresslogistic.live.firstnationalbank.live 2025-01-21
hostname www.deutsche-chartered-bank.cloudswt.com 2025-01-21
References (1)
↗ https://unit42.paloaltonetworks.com/graph-neural-networks/