Lupo — v2.0

C2 Domains/IPs OR URLs

I’ve added a new feature to Lupo that allows you to extract C2 IPs/Domains OR complete URLs. This was a feature request.

You can get the latest version from Lupo Github Repository here.

Usage:

Load the extension:

.load lupo

Run the module for URLs:

!lupo.url

This will extract URLs from the malware and output them to the console as well as write them to a file on your disk.

Run the module for C2 IPs/domains:

This will extract IPs or domains from the malware and output them to the console as well as write them to a file on your disk.

!lupo.c2

For a full write-up on Lupo, see this post.