Examining the Mirai.TBOT IoCs under the DNS Microscope | WhoisXML API

Threat Reports

Examining the Mirai.TBOT IoCs under the DNS Microscope

Mirai possibly remains the world’s largest botnet to date. In 2016, it managed to disrupt the operations of OVH SAS, Dyn, and Krebs on Security.1 After that massive hit, the botnet bowed out of the spotlight for a while. It has, however, now resurfaced with improved capabilities, including the ability to exploit zero-days.

A total of 134 Mirai.TBOT indicators of compromise (IoCs)—112 domains and 22 IP addresses—have been reported so far.2 We managed to dig up some more aided by our comprehensive DNS intelligence repositories, including:

  • One email-connected domain
  • Six IP-connected domains, all of which turned out to be malicious
  • 6,863 string-connected domains

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://blog.cloudflare.com/inside-mirai-the-infamous-iot-botnet-a-retrospective-analysis
  • [2] https://blog.xlab.qianxin.com/mirai-tbot-en/
Try our WhoisXML API for free
Get started