Iris Investigations At-A-Glance: How to Pivot on Domain Data for Agile and Intelligent Threat Response
ID: 7814860a-1bc2-5940-9d3d-c1c32ca70256
STIX ID: report--7814860a-1bc2-5940-9d3d-c1c32ca70256
Feed Name: DomainTools
Threat Score
A case study of an aggressive phishing campaign targeting Sagawa Express customers in Japan: attackers used lookalike domains (e.g., sagawa-app.com) and a malicious Android dropper (sagawa.oicp.io) to harvest credentials and payment data. DomainTools demonstrates using Iris Investigate (WHOIS history, passive DNS, screenshots, SSL and risk scores) to pivot from initial indicators, identify ~65 associated malicious domains, related hosting IPs and IOCs, and support takedown actions by JPCERT/CC.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.