【ブログ】
◆Winnti Evolution - Going Open Source (PROTECTWISE, 2017/07/11)
https://www.protectwise.com/blog/winnti-evolution-going-open-source.html
【関連サイト】
◆Winnti (まとめ)
http://malware-log.hatenablog.com/entry/winnti
【インディケータ情報】
■通信先
| Indicator | Description |
| job.yoyakuweb.technology | Phishing email link destination. |
| resume.immigrantlol.com | Phishing email link destination. |
| macos.exoticlol.com | Likely phishing email link destination. |
| css.google-statics[.]com | BeEF Landing and C2. |
| minami.cc | Potential BeEF - Low confidence (Linode) |
| vps2java.securitytactics.com | Malware C2 |
| 106.184.5.252 | Phishing email link destination. |
| 61.78.62.21 | Used in BeEF C2, reused Winnit Infra. |
| 139.162.106.19 | Linode - Used in BeEF C2. |
| 172.104.101.131 | Linode - Malware C2. |
| 139.162.17.161 | Linode - Used in BeEF C2. |
| 133.242.145.137 | Linode - Used in BeEF C2. |
| 106.185.31.128 | Linode - hosting BeEF landings. |
