[question] Malware communicating using tor network

[cstayyab]

I have been worrying that some malware use Tor Nodes to communicate towards the C&C. Are you tracing that also? if yes, how?

Any hint or help will be appreciated.

[tomchop]

Yup, there's a feed that collects all Tor exit nodes: https://github.com/tomchop/malcom/blob/master/Malcom/feeds/public/tor_exit_nodes.py

Don't know if that list is the same as hosts for Tor hidden services though.