Leveraging DNS Tunneling for Tracking and Scanning
May 13, 2024, 7:28 p.m.
Description
This article presents a case study on new applications of domain name system (DNS) tunneling PaloAlto Unit42 have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes.
Tags
Date
- Created: May 13, 2024, 7:12 p.m.
- Published: May 13, 2024, 7:12 p.m.
- Modified: May 13, 2024, 7:28 p.m.
Indicators
- y0vkmu2eh896he7.epyujbhfhbs35j.com
- vfct3phbmc8qsx2.uxjxfg2ui8k5zk.com
- trk.simitor.com
- run0ibnpq8r34dj.hjmpfsamfkj5m5.com
- q8udswcmvznk34q.8egub9e7s6cz7n.com
- a8fc70b86e828ffed0f6b3408d30a037.trk.vibnere.com
- 6e4ae1209a2afe123636f6074c19745d.trk.edrefo.com
- 4e09ef9806fb9af448a5efcd60395815.trk.simitor.com
- 50e5927056538d5087816be6852397f6.trk.frotel.info
- 2c0b9017cf55630f1095ff42d9717732.trk.pordasa.info
- z54zspih9h5588.com
- 21pwt2otx07d3et.wzbhk2ccghtshr.com
- ydxpwzhidexgny.com
- wzbhk2ccghtshr.com
- y43dkbzwar7cdt.com
- wk7ckgiuc6i.com
- vitrfar.info
- wj9ii6rx7yd.com
- vibnere.com
- uxjxfg2ui8k5zk.com
- tp7djzjtcs6gm6.com
- szd4hw4xdaj.com
- swh9cpz2xntuge.com
- sn9jxsrp23x63a.com
- simitor.com
- rz53par3ux2.com
- rhctiz9xijd4yc.com
- pordasa.info
- patycyfswg33nh.com
- npknraafbisrs7.com
- n98erejcf9t.com
- malicious.site
- m9y6dte7b9i.com
- iszedim8xredu2.com
- ifjh5asi25f.com
- hwa85y4icf5.com
- hjmpfsamfkj5m5.com
- hhmk9ixaw9p3ec.com
- h82c3stb3k5.com
- frotel.info
- f6ywh2ud89u.com
- f6kf5inmfmj.com
- epyujbhfhbs35j.com
- ege6wf76eyp.com
- edrefo.com
- dipgprjp8uu.com
- d6zeh4und3yjt9.com
- cytceitft8g.com
- cgb488dixfxjw7.com
- bb62sbtk3yi.com
- b5ba24k6xhxn7b.com
- aucxjd8rrzh7xf.com
- api536yepwj.com
- anrad9i7fb2twm.com
- afusdnfysbsf.com
- 93dhmp7ipsp.com
- 8kk68biiitj.com
- 8jtuazcr548ajj.com
- 8egub9e7s6cz7n.com
- 85hsyad6i2ngzp.com
- 66tye9kcnxi.com
- 4bs6hkaysxa.com
- 3yfr6hh9dd3.com