Thawing IcedID Out through a DNS Analysis | WhoisXML API

Threat Reports

Thawing IcedID Out through a DNS Analysis

The current threat landscape continuously proves that the theory of evolution also applies to malware. The latest proof? IcedID, which went from being a run-of-the-mill banking trojan to a ransomware dropper.

More than 50 IP addresses and domains were publicly listed1, 2, 3, 4 as IcedID indicators of compromise (IoCs). WhoisXML API researchers subjected them to a DNS intelligence analysis to uncover more connected artifacts, including:

  • Five unredacted email addresses historically used to register some of the domains identified as IoCs
  • 44 domains registered using some of the registrant email addresses
  • 22 domains resolving to IP addresses tagged as IoCs
  • 33 domains sharing the same IP resolutions as some of the domains classified as IoCs

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1]
  • [2]
  • [3]
  • [4]
Try our WhoisXML API for free
Get started