A Peek at the PikaBot Infrastructure | WhoisXML API

Threat Reports

A Peek at the PikaBot Infrastructure

Malvertising seems to be making a huge comeback. PikaBot, which started gaining renown in early 2023, has been found using malicious search ads as a distribution means.1

Security researchers have conducted an in-depth analysis of the threat and published 11 indicators of compromise (IoCs)—two domains and nine IP addresses—in the process, which the WhoisXML API research team expanded to find hundreds of potentially connected artifacts, namely:

  • 112 email-connected domains
  • Three additional IP addresses to which some domain IoCs resolved, two of which turned out to be malicious
  • 210 IP-connected domains, three of which have been tagged as malicious
  • 14 string-connected domains

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distributed-via-malicious-ads
Try our WhoisXML API for free
Get started