Sinkholing May Not Spell the End for Malware Hosts and Botnets | WhoisXML API

Threat Reports

Sinkholing May Not Spell the End for Malware Hosts and Botnets

Sinkholing has long proven effective in taking down cybercriminal operations like WannaCry.1 The process has, in fact, more recently employed by Microsoft to thwart Strontium cyber attacks targeting Ukrainians.2

Using 24 email addresses known to belong to individuals or organizations that employ sinkholing to disable threats as jump-off points, Dancho Danchev and the WhoisXML API threat research team uncovered:

  • More than 13,000 malware and botnet hosts sinkholed recently
  • A huge majority of the sinkholed domains were created using domain generation algorithms (DGAs)
  • Most of the sinkholed domains used the .com top-level domain (TLD) extension
  • A majority of the sinkholed domains were up for at least five years prior to being taken down

Download Danchev’s report and threat research materials now to access a sampled list of identified artifacts used to conduct additional enrichment and threat analysis.

  • [1] https://techcrunch.com/2019/07/08/the-wannacry-sinkhole/
  • [2] https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/
Try our WhoisXML API for free
Get started