While analyzing malware that uses PowerShell for infection, Palo Alto Networks managed to uncover the infrastructure behind recent attacks that leveraged the Chthonic and Nymaim Trojans, along with other threats.

The analysis kicked off from one malicious sample, but resulted in security researchers from Palo Alto Networks being able to identify 707 IPs and 2,611 domains supposedly being utilized for malicious activity. While some of these resources are used to host malware, others are leveraged in other types of attacks and schemes, the researchers say.