Scanning for LockBit Ransomware DNS Traces | WhoisXML API

Threat Reports

Scanning for LockBit Ransomware DNS Traces

Named as one of the most effective and undoubtedly most prolific currently active ransomware groups today, LockBit topped ReliaQuest’s latest ransomware quarterly list for the first three months of 2023.1

Initially distributed with SocGholish’s help,2 the LockBit ransomware operators have since changed tactics—spreading the threat via the RaaS model instead. Find out what else we discovered from our expansion analysis of the 198 published IoCs,3 apart from the following:

  • 200+ IP addresses to which the domains identified as IoCs resolved, 20% of which turned out to be malicious
  • 6,000+ additional domains that shared some of the IoCs’ dedicated IP hosts, 16 of which turned out to be malware hosts

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1]
  • [2]
  • [3]
Try our WhoisXML API for free
Get started