Hunting APT Infrastructure with Validin
Contents
In today’s blog post we will look at how we can discover additional adversary infrastructure starting from an as simple as initial pivot point as a twitter post with Validin.
But first let’s discuss some of the basics.
The most basic definition of infrastructure hunting is the process of proactively developing hunting rules to identify malicious infrastructure in order to detect or block any connections coming to and from these servers.
It differs from traditional IOC lists in that we are hunting for live infrastructure which may not even be in use yet.
There are several tools to help us in this mission, some of them include: Censys, Fofa, Validin, Shodan.
We are going to focus on Validin which provides great historical passive DNS information.
Discover additional domains with validin
Our initial starting point comes from this twitter post:
There is nothing special about this post there are many like these every day we may have chosen any …
But first let’s discuss some of the basics.
The most basic definition of infrastructure hunting is the process of proactively developing hunting rules to identify malicious infrastructure in order to detect or block any connections coming to and from these servers.
It differs from traditional IOC lists in that we are hunting for live infrastructure which may not even be in use yet.
There are several tools to help us in this mission, some of them include: Censys, Fofa, Validin, Shodan.
We are going to focus on Validin which provides great historical passive DNS information.
Discover additional domains with validin
Our initial starting point comes from this twitter post:
There is nothing special about this post there are many like these every day we may have chosen any …
IoC
http://platform.mycrypto-invest.com
http://154.90.63.101
http://wetax-pay.online
http://154.90.63.101
http://wetax-pay.online