McAfee

SEPTEMBER 14, 2021

The PlugX families we observed used DNS [ T1071.001 ] [ T1071.004 ] as the transport channel for C2 traffic, in particular TXT queries. We observed in the process dump the exfiltration of data on the system, such as OS, Processor (architecture), Domain, Username, etc. Application layer protocol: DNS. malware: Mozilla/5.0

Malware 144

Malware DNS Accountability Manufacturing 144

Security Affairs

OCTOBER 21, 2019

The PortReuse backdoor has a modular architecture, experts discovered that its components are separate processes that communicate through named pipes. PortReus e was used by the Winnti cyberespionage group to target a high-profile Asian mobile software and hardware manufacturer.

Malware 71

Malware Passwords Advertising DNS 71

eSecurity Planet

MAY 2, 2024

50,000 DDoS attacks on public domain name service (DNS) resolvers. 553% increase in DNS Flood attacks from 1H 2020 to 2H 2023. DDoS attacks on single networks or websites render them unavailable, but DDoS attacks on DNS resolvers bring down all networks and websites using that DNS resource.

Cybersecurity 103

Cybersecurity DDOS Penetration Testing Passwords 103

Security Boulevard

NOVEMBER 20, 2023

And it will proactively manufacture - not just require you to self-discover - custom insights aligned with your adversaries and your interests. Get unprecedented visibility into the origins of attacks, the campaign infrastructure being used, and the architecture likely to be used against you in the future.

Malware 72

Malware Spyware DNS Architecture 72

SecureList

MAY 31, 2021

A41APT is a long-running campaign, active from March 2019 to the end of December 2020, that has targeted multiple industries, including Japanese manufacturing and its overseas bases. The Apple M1, a direct relative of the processors used in the iPhone and iPad, will ultimately allow Apple to unify its software under a single architecture.

Malware 128

Malware Adware Encryption Architecture 128

eSecurity Planet

MARCH 22, 2023

Similarly, spoofed domain name system (DNS) and IP addresses can redirect users from legitimate connections to dangerous and malicious websites. Additional protection may be deployed using browser security, DNS security, or secure browsers to protect endpoints from malicious websites.

Firewall 100

Firewall Network Security Penetration Testing Encryption 100

SecureList

APRIL 27, 2022

While we were unable to obtain the same results by analyzing the CERT-UA samples, we subsequently identified a different WhiteBlackCrypt sample matching the WhisperKill architecture and sharing similar code. On February 23, ESET published a tweet announcing new wiper malware targeting Ukraine.

Malware 141

Malware Firmware Government Phishing 141

Security Boulevard

JUNE 15, 2023

In particular, the code checks for the manufacturer ID string (with a length of 12 bytes) for the following values: “XenVMMXenVMM” (Xen HVM) “VMwareVMware” (VMware) “Microsoft Hv” (Microsoft Hyper-V) “ KVMKVMKVM “ (KVM) “prl hyperv “ (Parallels) “VBoxVBoxVBox” (VirtualBox) This detection code is likely derived from Pafish.

Cryptocurrency 52

Cryptocurrency Password Management Malware DNS 52

Security Boulevard

JANUARY 20, 2022

Overlap of Passive DNS resolution of domain observed on current attack infrastructure with the IP used by Molerats APT group in the past. Collects the machine manufacture and machine model information using WMI which is used for execution environment checks and is later exfiltrated to C2 server. Attack flow. Data from Local System.

Accountability 118

Accountability DNS Phishing Architecture 118