AnchorDNS (Malware Family)

AnchorDNS

Backdoor deployed by the TrickBot actors. It uses DNS as the command and control channel as well as for exfiltration of data.

2022-03-02 ⋅ Cyware ⋅ Cyware
TrickBot’s AnchorDNS is Now Upgraded to AnchorMail
AnchorDNS AnchorMail

2022-02-25 ⋅ IBM ⋅ Charlotte Hammond, Ole Villadsen
Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail
AnchorDNS AnchorMail

2021-07-28 ⋅ DomainTools ⋅ Chad Anderson
Finding AnchorDNS C2s With Iris Investigate
AnchorDNS

2021-05-10 ⋅ Mal-Eats ⋅ mal_eats
Overview of Campo, a new attack campaign targeting Japan
AnchorDNS BazarBackdoor Cobalt Strike ISFB Phobos TrickBot Zloader

2020-10-28 ⋅ CISA ⋅ CISA, FBI, HHS
AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector
AnchorDNS Anchor BazarBackdoor Ryuk

2020-07-13 ⋅ Stage 2 Security ⋅ Waylon Grange
Anchor_dns malware goes cross platform
AnchorDNS

2020-07-06 ⋅ NTT ⋅ Security division of NTT Ltd.
TrickBot variant “Anchor_DNS” communicating over DNS
AnchorDNS TrickBot

There is no Yara-Signature yet.