Threat intelligence API Docs Pricing Solutions Resources Contact us

Threat reports

Read other reports

Tracing Truebot’s Roots through a DNS Deep Dive





It’s a must for threat actors to cover their tracks, and Truebot does just that.

Distributed via a Traffic Distribution System (TDS), a Truebot intrusion began with several page redirects that ended with dropping a Master Boot Record (MBR) killer wiper onto a victim’s computer. The final payload? The users’ data got exfiltrated to a remote server and erased from the source. Worse, while some victims were prompted to reboot, the more unfortunate were left with inoperable systems.1

Jumping off a published list of IoCs (three domains and five IP addresses, to be exact),2 the TIP researchers found:

  • Three IP addresses that hosted the domains identified as IoCs, two of which were detected as malicious
  • A publicly viewable registrant email address in the historical WHOIS record of a domain tagged as an IoC
  • More than 7,000 domains that shared one IoC’s registrant email address, four of which were detected as malware hosts
  • 200+ domains hosted on the same dedicated IP addresses some of the IoCs resolved to

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://thedfirreport.com/2023/06/12/a-truly-graceful-wipe-out/
  • [2] https://otx.alienvault.com/pulse/64877fcf823431cc11354174
Read other reports
To download the full report in PDF, please fill in the form.
I have read and agree to the Terms of Service and Privacy Policy
Please keep me updated on news, events, and offers.

Try our Threat Intelligence API for free

Get FREE trial
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to

Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.