This in .Net witten backdoor abuses the DNS protocoll for its C2 communication. Also other techniques (e.g. long random sleeps, compression) are used to become more stealthy.
|2022-06-24 ⋅ XJunior ⋅ |
APT34 - Saitama Agent
|2022-06-13 ⋅ SANS ISC ⋅ |
Translating Saitama's DNS tunneling messages
|2022-05-11 ⋅ Fortinet ⋅ |
Please Confirm You Received Our APT
|2022-05-10 ⋅ Malwarebytes Labs ⋅ |
APT34 targets Jordan Government using new Saitama backdoor
There is no Yara-Signature yet.