Skip to main content


Showing posts from September, 2018

Emotet C2 Network IOC September 2018 Week 1 Campaign

IP Port Country State City United States Texas Padre Island Ntl Seashor United States Washington Bainbridge Island United States Kansas Park Switzerland Geneve 443 United States Missouri Springfield 443 Netherlands Diemen United States Virginia Virginia Beach 443 Germany Nordrhein-westfalen Huerth Korea, Republic Of Seoul 8443 United States Virginia Ashburn Thailand 8443 Spain Barcelona Barcelona United States Missouri Springfield United States South Carolina Rock Hill 7080 Argentina Buenos Aires Spain Madrid Madrid 443 Australia New South Wales Sydney China Tianjin 8080 Egypt 8080 Turkey Istanbul 443 United States Missouri Springfield Canada British Colum

Useful Regex for Malware Analysis

Article by  Vishal Thakur This post is a living post - I'll keep adding to it as I come across more useful regexs'. IP address: This should give you all strings that look like IP addresses - will also get you strings that are not valid IP addresses: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b This one is longer but should give you valid IP addresses: \b(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.   (25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.   (25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.   (25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b Grep: This will get you everything 'after' the word 'http' in ALL the lines in a file.  grep -o 'http:.*' > c2i-all