【ブログ】
◆Winnti Evolution - Going Open Source (PROTECTWISE, 2017/07/11)
https://www.protectwise.com/blog/winnti-evolution-going-open-source.html
【関連サイト】
◆Winnti (まとめ)
http://malware-log.hatenablog.com/entry/winnti
【インディケータ情報】
■通信先
Indicator | Description |
job.yoyakuweb.technology | Phishing email link destination. |
resume.immigrantlol.com | Phishing email link destination. |
macos.exoticlol.com | Likely phishing email link destination. |
css.google-statics[.]com | BeEF Landing and C2. |
minami.cc | Potential BeEF - Low confidence (Linode) |
vps2java.securitytactics.com | Malware C2 |
106.184.5.252 | Phishing email link destination. |
61.78.62.21 | Used in BeEF C2, reused Winnit Infra. |
139.162.106.19 | Linode - Used in BeEF C2. |
172.104.101.131 | Linode - Malware C2. |
139.162.17.161 | Linode - Used in BeEF C2. |
133.242.145.137 | Linode - Used in BeEF C2. |
106.185.31.128 | Linode - hosting BeEF landings. |