Exposing DNC Intrusion IoCs and Artifacts | WhoisXML API

Threat Reports

Exposing the Infrastructure Behind the Democratic National Committee System Intrusion

The high-profile cyberintrusion of the Democratic National Committee (DNC) computer system in 20151 disrupted the 2016 presidential election in the U.S. It remains one of the most popular cyber attacks, with top security firms performing different investigations.

WhoisXML API threat researcher Dancho Danchev looked inside the DNC system intrusion through the DNS and open source intelligence (OSINT) lens. Among the key findings are:

  • 100+ malicious cyber resources known to have been involved in the campaign
  • 2,600+ related malicious domains known to have participated in the campaign
  • 10,000+ connected domains registered using email addresses tagged as indicators of compromise (IoCs)
  • Less than 1% of the IoCs and artifacts are malicious
  • Some active domains hosted adult, gambling, and questionable content

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html
Try our WhoisXML API for free
Get started