May be a bit of a n00b question but I can only find indirect references to it, nothing in the FAQs, or this forum.
If a given malware has specific c2 infrastructure associated with it, does VT expose the domains/IPs? I tested with a few hashes and didn't find any, so can't tell if that's just not something VT does, or if those particular variants didn't have any identified c2.
Simply stated, what I'm looking for is this:
input: file or hash
output: domain names and/or IPs tied to that malware
I know there are various threat intel feeds that provide this kind of info. Just wondering if VT can as well (on an interactive query basis, obviously, not as a feed).
Thanks,
Tim