Complete dissection of an APK with a suspicious C2 Server
released on 2022-04-05 @ 11:48:15 AM
During the analysis of the Penquin-related infrastructure Lab52 reported in their previous post, they paid special attention to the malicious binaries contacting these IP addresses, since as they showed in the analysis, they had been used as C2 of other threats used by Turla.