Some basic terminology per questions: Infection vector: Like epidemiology, how does the malware infect initially and spread laterally?
-
-
Replying to @hacks4pancakes
Sinkholing: To seize or register a domain or subdomain which malware contacts, then point traffic to it at a benign research IP for tracking
2 replies 20 retweets 40 likes -
Replying to @hacks4pancakes
Interesting fact: sinkhole IPs are often published, and a great thing to monitor traffic to in your environment.
4 replies 7 retweets 36 likes -
Replying to @hacks4pancakes
I often see novice researchers calling sinkhole IPs malicious and erroneously putting them in IOC reports.
7 replies 4 retweets 25 likes
Replying to @hacks4pancakes
noob question: why is sinkhole traffic not an IOC? doesn't it indicate the presence of malware that has compromised something?
9:18 AM - 14 May 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.