Uncovering Other DarkTortilla Threat Vectors
Circle ID – Whoisxml API
Cyble Research and Intelligence Labs (CRIL) published a technical analysis of the threat specifically targeting Cisco and Grammarly. Are there other potential threat vectors, though?

WhoisXML API researchers obtained three indicators of compromise (IoCs) and performed an expansion analysis that led to the discovery of: Two IP addresses the domains resolved to 300+ domains that shared the IoCsâ IP hosts, two of which were found malicious 11,358+ domains that contained the strings Cisco, Grammarly, or Atomm and could be used for other malicious campaigns; only 4% of these domains seemingly belonged to the legitimate companies and 23 were found malicious Our IoC expansion analysis aided by IP, DNS, and WHOIS intelligence enabled us to uncover 11,600+ artifacts that could be connected to DarkTortilla. It also allowed us to identify 29 malicious domains that could particularly put Cisco or Grammarly customers at risk of spamming, phishing, and computer malware infection.
Link: https://circleid.com/posts/20230113-uncovering-other-darktortilla-threat-vectors