Unraveling the DNS Connections of ToxicPanda | WhoisXML API

Threat Reports

Unraveling the DNS Connections of ToxicPanda

Banking Trojans like Zeus or ZBOT have been plaguing bank customers the world over since around 2007.1 And the primary reason for their longevity and persistence to date is that they work.

While many banking Trojans focused on infecting computers, newer ones like ToxicPanda have been designed to affect Android devices.2

The WhoisXML API research team expanded a list of 21 domains tagged as ToxicPanda indicators of compromise (IoCs) and uncovered:

  • Six email-connected domains
  • Seven IP addresses, four of which turned out to be malicious
  • One IP-connected domain, which turned out to be malicious
  • 817 string-connected domains

Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.

  • [1] https://www.proofpoint.com/us/threat-reference/zeus-trojan-zbot
  • [2] https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
Try our WhoisXML API for free
Get started