Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0)
released on 2020-02-21 @ 09:11:36 PM
"The new command and control (C2) protocol that was implemented in one of the 4.0 samples was completely different from the existing understanding of the 3.0 protocol. TAU is providing this analysis as well as the investigation results of discovered C2s or victim hosts infected with the server variants on the Internet."