2021-12-14
Finding out what one (java) attack tries to do
I checked the logs for some more actual attacks and found one to analyze. Digging out the java class and decompiling it made it clear what it does in a windows environment: enumerate the number of computers seen in active directory in the last 100 days. And post the result to the server it came from. In Russia.