RoyalDNS

Description

RoyalDNS is a DNS based backdoor used by APT15 that persistences on a system through a service called ‘Nwsapagent’.

Names

Name
RoyalDNS
Royal DNS

Category

Malware

Type

• Backdoor
• Tunneling

Information

• https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/march/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/
• https://github.com/nccgroup/Royal_APT

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.royal_dns

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:RoyalDNS

Other Information

Uuid

b2226556-ff96-4e28-9459-371d3c79bda7

Last Card Change

2022-12-28