Leveraging DNS Tunneling for Tracking and Scanning
May 13, 2024, 7:28 p.m.
Tags
External References
Description
This article presents a case study on new applications of domain name system (DNS) tunneling PaloAlto Unit42 have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes.
Date
Published: May 13, 2024, 7:12 p.m.
Created: May 13, 2024, 7:12 p.m.
Modified: May 13, 2024, 7:28 p.m.
Indicators
y0vkmu2eh896he7.epyujbhfhbs35j.com
vfct3phbmc8qsx2.uxjxfg2ui8k5zk.com
trk.simitor.com
run0ibnpq8r34dj.hjmpfsamfkj5m5.com
q8udswcmvznk34q.8egub9e7s6cz7n.com
a8fc70b86e828ffed0f6b3408d30a037.trk.vibnere.com
6e4ae1209a2afe123636f6074c19745d.trk.edrefo.com
4e09ef9806fb9af448a5efcd60395815.trk.simitor.com
50e5927056538d5087816be6852397f6.trk.frotel.info
2c0b9017cf55630f1095ff42d9717732.trk.pordasa.info
z54zspih9h5588.com
21pwt2otx07d3et.wzbhk2ccghtshr.com
ydxpwzhidexgny.com
wzbhk2ccghtshr.com
y43dkbzwar7cdt.com
wk7ckgiuc6i.com
vitrfar.info
wj9ii6rx7yd.com
vibnere.com
uxjxfg2ui8k5zk.com
tp7djzjtcs6gm6.com
szd4hw4xdaj.com
swh9cpz2xntuge.com
sn9jxsrp23x63a.com
simitor.com
rz53par3ux2.com
rhctiz9xijd4yc.com
pordasa.info
patycyfswg33nh.com
npknraafbisrs7.com
n98erejcf9t.com
malicious.site
m9y6dte7b9i.com
iszedim8xredu2.com
ifjh5asi25f.com
hwa85y4icf5.com
hjmpfsamfkj5m5.com
hhmk9ixaw9p3ec.com
h82c3stb3k5.com
frotel.info
f6ywh2ud89u.com
f6kf5inmfmj.com
epyujbhfhbs35j.com
ege6wf76eyp.com
edrefo.com
dipgprjp8uu.com
d6zeh4und3yjt9.com
cytceitft8g.com
cgb488dixfxjw7.com
bb62sbtk3yi.com
b5ba24k6xhxn7b.com
aucxjd8rrzh7xf.com
api536yepwj.com
anrad9i7fb2twm.com
afusdnfysbsf.com
93dhmp7ipsp.com
8kk68biiitj.com
8jtuazcr548ajj.com
8egub9e7s6cz7n.com
85hsyad6i2ngzp.com
66tye9kcnxi.com
4bs6hkaysxa.com
3yfr6hh9dd3.com
Attack Patterns
Cobalt Strike
TA0011
T1572
T1071.001
T1132