Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Erlangen
8 hours ago
|
parent
|
context
|
favorite
| on:
Notepad++ supply chain attack breakdown
> Notably, the first scan of this URL on the VirusTotal platform occurred in late September, by a user from Taiwan.
Could this be the attacker? The scan happened before the hack was first exposed on the forum.
gruez
8 hours ago
[–]
You would be a dumbass to do that, because virustotal allows security researchers to see submitted samples/urls. The last thing you want to do is to draw attention to your C&C server.
reply
wyldberry
6 hours ago
|
parent
[–]
It's not uncommon to use VT and other sandbox tools as a proxy indicator for if your attacks have tripped defenders and tooling.
reply
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
Could this be the attacker? The scan happened before the hack was first exposed on the forum.