Feedly:Xanda's Blog !~!. How Did I Find APT16 New Infa with VirusTotal pDNS and a lil Bit of Luck

from Xanda's Blog !~!

[Quick and short update] Last couple of weeks, I was reading the The EPS Awakens – Part 2 blog entry from FireEye and found this one IP, 121.127.249.74, was previously used as their C2 server. I used VirusTotal IP information, these few domains appeared: 2015-07-01 frppl.com 2015-07-01 jrjfj.com 2015-07-01 pjntx.com 2015-07-01 vzflx.com 2015-07-01 yeaqm.com I […]