DomainTools

@[email protected]
834 Followers
168 Following
585 Posts
A global leader for internet #intel that enables security practitioners to proactively defend their organization in a constantly evolving threat landscape.
Websitewww.domaintools.com
Twitterhttps://twitter.com/DomainTools
Podcasthttps://www.domaintools.com/resources/podcasts/
DomainTools23h ago
The sun is out in Seattle and the April DTI newsletter is live! 📰☀️
@danonsecurity breaks down the DPRK’s modular malware pipelines, the MOIS-linked Handala ecosystem, and the AI Frame campaign. Plus, Ian Campbell's monthly reading list! 📚
Catch up: https://dti.domaintools.com/newsletters/sixteen-going-on-seventeen-newsletters
Sixteen going on Seventeen Newsletters - DomainTools Investigations | DTI

DPRK's modular malware portfolio, Iran's MOIS-linked Handala/Homeland Justice/Karma persona ecosystem, and a fake Authenticator Chrome extension dissected.

DomainTools4d ago

Government agencies are advancing Zero Trust, but are they leveraging DNS intelligence to its full potential? DomainTools helps defenders uncover adversary infrastructure before it becomes a threat.

Learn how DomainTools empowers proactive defense here: https://www.domaintools.com/proactive-internet-intelligence-for-the-public-sector

Proactive Internet Intelligence for the Public Sector

DomainToolsMay 1
DTI just released an analysis of the DPRK’s “Contagious Interview” campaign😷.
Read the investigation to learn how the campaign targets software developers through fraudulent job interview processes.⬇️
https://dti.domaintools.com/securitysnacks/dprk-contagious-interview-developer-workflow-compromise
DomainTools Investigations | DPRK Contagious Interview: Developer Workflow Compromise

Analyze the DPRK "Contagious Interview" campaign targeting developers. Get technical deep-dives into VS Code task abuse, Node.js malware obfuscation, and a full Sigma/EDR detection pack to defend your CI/CD pipeline and identity perimeter.

DomainToolsApr 30
Join our webinar: Supercharging the SOC with DomainTools MCP to learn how to supercharge your workflow using DomainTools MCP.
🗓️May 07, 2026
🕜 10:00 AM PT/1:00 PM ET
www.domaintools.com/webinars/supercharging-the-soc-with-domaintools-mcp?utm_campaign=mcpwebinar&utm_medium=social&utm_source=mastadon
DomainToolsApr 28

ICYMI: IrisQL, our new query language, makes it easier than ever to share logic across teams and ticketing systems.

Explore how to optimize your security stack here: https://www.domaintools.com/blog/supercharge-your-threat-investigations-with-irisql

#ThreatHunting #IrisQL #Infosec #DataScience

Supercharge Your Threat Investigations with IrisQL

Introducing IrisQL — a text-based query language for Iris Investigate. Hunt threats faster with 10 real-world queries from FBI/CISA and vendor advisories.

DomainToolsApr 24
💥Level up your threat hunting with IrisQL, our new query language for deeper, more flexible access to the Iris Investigate database.
Explore the full breakdown and start optimizing your security stack here: https://www.domaintools.com/blog/supercharge-your-threat-investigations-with-irisql
#ThreatHunting #IrisQL #Infosec #DataScience
Supercharge Your Threat Investigations with IrisQL

Introducing IrisQL — a text-based query language for Iris Investigate. Hunt threats faster with 10 real-world queries from FBI/CISA and vendor advisories.

DomainToolsApr 23
Deploy clean, update dirty 🧼
DTI identifies a Chrome extension tied to a malicious campaign that publishes utility software that has legitimate functionality but with pre-staged capability for a future malicious update.
Learn more: https://dti.domaintools.com/securitysnacks/the-ai-frame-campaign-continues#details
#Cybersecurity #2FA
DomainTools Investigations | The AI Frame Campaign Continues

Analysis of the persistent AIFrame campaign: A fake Google Authenticator Chrome extension and 6+ related apps use "deploy clean, update dirty" tactics to steal 2FA credentials and inject malicious iframes. Learn how this operation bypasses Google’s security reviews.

DomainToolsApr 23

Join us for the DomainTools webinar: Supercharging the SOC with DomainTools MCP.
Key takeaways from the session:
⏱️Instant Context
🏁 Faster Response
🔎Enhanced Analysis
🧠Verifiable Intelligence

🗓️May 07, 2026
🕜 1:00 PM ET
🔗www.domaintools.com/webinars/supercharging-the-soc-with-domaintools-mcp?utm_campaign=mcpwebinar&utm_medium=social&utm_source=mastadon

DomainToolsApr 21
📍 We’re in Singapore for #BHA2026!
Stop by DomainTools booth # 119 to see how our integrations reduce context-switching and identify evolving threats in real-time.
It's not too late to schedule a chat ➡️https://www.domaintools.com/events/black-hat-asia
#BlackHatAsia #CyberSecurity
DomainTools | Black Hat Asia

DomainToolsApr 17
New DTI Research: The evolution of the MOIS-linked cyber ecosystem (Handala/Homeland Justice)
from the 2022 Albania attacks to the 2026 Stryker incident🛡️🇮🇷
Full research and analysis:https://dti.domaintools.com/research/mois-linked-moist-grasshopper-homeland-justice-karmabelow80-handala-hackers-campaigns-and-evolution
#ThreatIntel #Handala #Cybersecurity #Iran
DomainTools Investigations | MOIS Linked MOIST GRASSHOPPER / Homeland Justice / KarmaBelow80 / Handala Hackers / Campaigns and Evolution

Explore the evolution of MOIS-linked actors Homeland Justice, Karma, and Handala. Analysis of destructive malware, surveillance integration, and the 2026 Stryker incident.