TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する個人の調査・研究ログ

Winnti Evolution - Going Open Source

【ブログ】

◆Winnti Evolution - Going Open Source (PROTECTWISE, 2017/07/11)
https://www.protectwise.com/blog/winnti-evolution-going-open-source.html


【インディケータ情報】

■通信先

Indicator Description
job.yoyakuweb.technology Phishing email link destination.
resume.immigrantlol.com Phishing email link destination.
macos.exoticlol.com Likely phishing email link destination.
css.google-statics[.]com BeEF Landing and C2.
minami.cc Potential BeEF - Low confidence (Linode)
vps2java.securitytactics.com Malware C2
106.184.5.252 Phishing email link destination.
61.78.62.21 Used in BeEF C2, reused Winnit Infra.
139.162.106.19 Linode - Used in BeEF C2.
172.104.101.131 Linode - Malware C2.
139.162.17.161 Linode - Used in BeEF C2.
133.242.145.137 Linode - Used in BeEF C2.
106.185.31.128 Linode - hosting BeEF landings.

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2017