DNSMessenger makes use of DNS TXT record queries and responses to create a bidirectional Command and Control (C2) channel. This allows the attacker to use DNS communications to submit new commands to be run on infected machines and return the results of the command execution to the attacker.
|2022-04-27 ⋅ ANSSI ⋅ |
LE GROUPE CYBERCRIMINEL FIN7
Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot
|2022-03-31 ⋅ APNIC ⋅ |
How to: Detect and prevent common data exfiltration attacks
Agent Tesla DNSMessenger PingBack Rising Sun
|2018-10-01 ⋅ FireEye ⋅ |
Bateleur BELLHOP Griffon ANTAK POWERPIPE POWERSOURCE HALFBAKED BABYMETAL Carbanak Cobalt Strike DNSMessenger DRIFTPIN PILLOWMINT SocksBot
|2017-10-11 ⋅ Wraith Hacker Blog ⋅ |
More info on 'Evolved DNSMessenger'
|2017-10-11 ⋅ Cisco Talos ⋅ |
Spoofed SEC Emails Distribute Evolved DNSMessenger
|2017-03-02 ⋅ Cisco ⋅ |
Covert Channels and Poor Decisions: The Tale of DNSMessenger
There is no Yara-Signature yet.