An OSINT Analysis of Conficker Botnet IoCs | WhoisXML API

Threat Reports

IoC Report Exposing Potential Actors behind the Conficker Botnet

Conficker, which infected millions of systems in its heyday in 2008, continues to infect tens of thousands of devices. Dubbed as the “worm that nearly ate the Internet1,” Conficker targets computers running on Microsoft operating systems (OSs), creating a colossal botnet that can be used to launch large-scale cyber attacks.

The malware is believed to have been developed by Ukrainian cybercriminals, although establishing the actors’ identities is challenging since the botnet drew a lot of attention but was not utilized.

WhoisXML API DNS Threat Researcher Dancho Danchev analyzed a sample of publicly available indicators of compromise (IoCs) consisting of more than 113,000 command-and-control (C&C) server domains. This report shows:

  • 900+ registrant email addresses known to have been used to register Conficker C&C server domains
  • The location of a majority of the domain registrants
  • The email service providers (ESPs) of a majority of the domain registrants
  • 1,500+ related domains registered by registrants involved in Conficker distribution

Read the Conficker botnet report and gain access to the thousands of IoCs and artifacts. Download the report now.


  • [1]
Try our WhoisXML API for free
Get started