C2 Activity: Sandboxes or Real Victims?, (Fri, Apr 2nd)

Read the original article: C2 Activity: Sandboxes or Real Victims?, (Fri, Apr 2nd)

In my last diary[1], I mentioned that I was able to access screenshots exfiltrated by the malware sample. During the first analysis, there were approximately 460 JPEG files available. I continued to keep an eye on the host and the number slightly increased but not so much. My diary conclusion was that the malware looks popular seeing the number of screenshots but waitâ€¦ Are we sure that all those screenshots are real victims? I executed the malware in my sandbox and probably other automated analysis tools were used to detonate the malware in a sandbox. This question popped up in my mind: How do have an idea about the ratio of automated tools VS. real victims?

Become a supporter of IT Security News and help us remove the ads.