DNSMessenger

Description

DNSMessenger makes use of DNS TXT record queries and responses to create a bidirectional Command and Control (C2) channel. This allows the attacker to use DNS communications to submit new commands to be run on infected machines and return the results of the command execution to the attacker.

Names

Name
DNSMessenger
TEXTMATE

Type

Tunneling

Information

https://blog.talosintelligence.com/2017/03/dnsmessenger.html
https://blog.talosintelligence.com/2017/10/dnsmessenger-sec-campaign.html
http://wraithhacker.com/2017/10/11/more-info-on-evolved-dnsmessenger/

Mitre Attack

https://attack.mitre.org/software/S0146/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.dnsmessenger

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:DNSmessenger

Other Information

Uuid

144b25e9-f0dc-479b-8eec-9fbeba5560d2

Last Card Change

2020-05-13

Threat Intelligence Garden

Explorer

DNSMessenger

DNSMessenger

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks