I implemented the Suricata rules and found some positive indicators outbound to 4 different Akamai hosted endpoints on port 80. I forwarded the information to Akamai.<p>104.113.24.20
23.38.164.37
23.63.214.115
23.64.100.151<p>However, the detection techniques on the host machine yielded no results (yara, volatility3) nor were any files found at the common locations on disk or in registry mentioned.<p>It does seem odd that virtually all of these are Akamai, leading me to believe it may be a false positive, which was stated as a possibility in the article. If it is and something suddenly stops working I'll report back here.
More info here:
<a href="https://www.cbsnews.com/news/fbi-takes-down-20-year-old-russian-malware-network/" rel="nofollow">https://www.cbsnews.com/news/fbi-takes-down-20-year-old-russ...</a>