We have identified the malware was using different URLs based on the originating country of where the infection was coming from. Mainly, the following countries were specifically targeted:
- United States
- United Kingdom
If you're interested in the internals of the malware as well as the actual malicious files, you can read the whitepaper.