A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #31608  by badwarehunter
 Sun May 27, 2018 12:15 pm
thanks for the samples, gonna take a look

here is an analysis of kaspersky on the way the first stage retrieve the IPs of the C2 (without using DND) :
hXXps://securelist.com/vpnfilter-exif-to-c2-mechanism-analysed/85721/

Regards