There are some new additions in the latest target list. These are the targeted URIs extracted from the complete configs. Some of the regex'd URIs are very interesting and highly effective. Article by Vishal Thakur C2: http://103.119.144.250:8082 http://75.183.130.158:8082 http://96.36.253.146:8082 http://75.183.130.158:8082 http://96.36.253.146:8082 http://14.102.107.114:8082 http://181.115.156.218:80 http://200.21.51.30:80 http://36.91.93.114:80 http://97.87.127.198:80 http://190.152.125.162:80 http://192.210.152.173:443 http://212.80.216.228:443 http://185.68.93.59:443 http://31.202.132.5:443 http://107.175.132.141:443 http://185.86.148.195:443 Target list: <lm>https://us.etrade.com/webapiagg/aggregator</lm> <lm>https://us.etrade.com/etx/hw/0/accountshome.json</lm> <lm>https://www.nwolb.com/*.aspx*</lm> <lm>https://www.rbsdigital.com/*.aspx*</lm> <lm>https://www.ulsterbankanytimebanking....
Malware Analysis for Incident Response