Static/Dynamic Analysis and Reversing
Right so again I will keep this intro very short. I have scanned (again) malicious infrastructure (maybe Threat Actors, maybe Red Teams, or maybe …)
and I was able to find out (again) an open directory with a bunch of interesting files (malicious DLLs and Sliver implants).
Malicious IP 220.127.116.11 hosting Sliver implants and DLLs.
Obviously, I dumped all the files into VT
After VT analysis I was able to find out that C2 server IP 18.104.22.168 (was resolved to pezimap[.]com. Now looks like the domain is not active anymore).