Tag: dns tunneling

6 Attack Reports | 0 Vulnerabilities

Attack reports

Inside Zloader's Latest Trick: DNS Tunneling

Zloader, a modular Trojan based on Zeus source code, has introduced new features in version 2.9.4.0 to enhance its anti-analysis capabilities and resilience against detection. Key updates include a custom DNS tunnel protocol for C2 communications, an interactive shell supporting over a dozen comman…
zloader
dns tunneling
banking trojan
2024-12-11
malware evolution
ghostsocks
zeus variant
Published: December 11, 2024
Downloadable IOCs: 3

Technical Analysis of Zloader 2.9.0.4

The latest version of Zloader (2.9.4.0) introduces significant enhancements to its capabilities. Key features include a custom DNS tunnel protocol for C2 communications, an interactive shell supporting various commands, and updated anti-analysis techniques. The malware's distribution has become mor…
zloader
zeus
dns tunneling
banking trojan
initial access
2024-12-11
ghostsocks
Published: December 11, 2024
Downloadable IOCs: 18

No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection

This article analyzes four previously undisclosed DNS tunneling campaigns identified through a new campaign monitoring system. The system detects tunneling domains based on common techniques and attributes used in malicious campaigns. Four new campaigns were uncovered: FinHealthXDS (targeting finan…
cobalt strike
icedid
dns tunneling
data exfiltration
redline stealer
2024-10-05
russiansite
nsfinder
8ns
covert communications
hiloti
finhealthxds
Published: October 5, 2024
Downloadable IOCs: 0

The Dark Knight Returns: Joker malware analysis

The report details sophisticated command and control (C2) techniques employed by the APT41 threat group. APT41 uses custom malware and legitimate tools to maintain persistent access to compromised networks while evading detection. Key techniques include DNS tunneling, domain fronting, and steganogr…
evasion
steganography
dns tunneling
social media
2024-10-03
command and control
apt41
cloud services
domain fronting
Published: October 3, 2024
Downloadable IOCs: 8

Targeted Iranian Attacks Against Iraqi Government Infrastructure

Check Point Research uncovered a new malware campaign targeting Iraqi government entities, employing custom tools named Veaty and Spearal. The attack utilizes various techniques including passive IIS backdoors, DNS tunneling, and C2 communication via compromised email accounts. The malware shows co…
backdoor
iran
government
dns tunneling
infrastructure
2024-09-12
spearal
email c2
veaty
cachehttp
iis module
iraq
Published: September 12, 2024
Downloadable IOCs: 16

Leveraging DNS Tunneling for Tracking and Scanning

This article presents a case study on new applications of domain name system (DNS) tunneling PaloAlto Unit42 have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes.
exploit
cobalt strike
dns query
trojan
2024-05-08
oilrig
dns tunneling
dns traffic
trkcdn campaign
alliance
attack
2024-05-09
2024-05-10
2024-05-13
Published: May 13, 2024
Downloadable IOCs: 63
Click here to see more Attack Reports