Browse Botnet C&Cs
Here you can browse the list of botnet Command&Control servers (C&Cs) tracked by Feodo Tracker, associated with Dridex, TrickBot, QakBot (aka QuakBot/Qbot), BazarLoader (aka BazarBackdoor) and Emotet (aka Heodo). When Feodo Tracker was launched in 2010, it was meant to track Feodo botnet C&Cs. However, Feodo evolved further and different piece of malware of Feodo appeared:
- Emotet: is a successor of the Geodo It first appeared in March 2017 and is also known as Heodo). While it was initially used to commit ebanking fraud, it later turned over to a Pay-Per-Install (PPI)-like botnet which is propagating itself through compromised email credentials. More information about Emotet is available on Malpedia
- TrickBot: has no code base with Emotet. However, TrickBot usually gets dropped by Emotet for lateral movement and to drop additional malware (such as Ryuk ransomware). More information about TrickBot is available on Malpedia
- Dridex: is a successor of the Cridex ebanking Trojan. It first appeared in 2011 and is still very active as of today. There are speculations that the botnet masters behind the ebanking Trojan Dyre moved their operation over to Dridex. More information about Dridex is available on Malpedia
- QakBot: first appeared in 2007 and is still very active as of today. More information about QakBot is available on Malpedia
- BazarLoader: first appeared in 2021, BazarLoader (aka BazarBackdoor) is probably a "spin-off" from TrickBot. It is mainly used by infamous Conti group to deploy Ransomware on enterprise networks. Further information about BazarLoader is avialable on Malpedia
- BumbleBee: first appeared in 2022, BumbleBee is used to drop Cobalt Strike to conduct lateral movement in corporate networks that eventually lead to an encryption with Ransomware. Further information about BumbleBee is avialable on Malpedia
- Pikabot: first appeared in early 2023, Pikabot is used to drop Cobalt Strike to conduct lateral movement in corporate networks that eventually lead to an encryption with Ransomware. Further information about Pikabot is avialable on Malpedia
Filter for: Emotet (aka Heodo) TrickBot Dridex QakBot BazarLoader BumbleBee Pikabot
| Firstseen (UTC) | Host | Malware | Status | Network (ASN) | Country |
|---|---|---|---|---|---|
| 2021-12-02 09:10:08 | 172.104.227.98 | AS63949 LINODE-AP Linode, LLC |  DE |