So, there is quite a lot of malware nowadays that use the tor network to communicate with c2 servers.
From what I see is they host their c2 server under a .onion domain and then they hardcode tor “proxies” into the malware which is uses to connect to which will then allow it to send data back to the c2 server.
Now when I asked people about how they get the “proxies” I was told they are not really proxies but that is what they look like
As you can see to me these look like proxies, now I know the tor project themselves every 20minutes has a page that auto updates of the latest tor exit nodes but my question is how are they getting the port number so they can route traffic through them too?
Now I was able to speak to someone once who made malware that used this and they simply said to me “They are free online, anyone can incorporate this into their malware” but he would not tell me where people get them from x_x
Anyone got any ideas at all?