Common Information
| Type | Value |
|---|---|
| Value |
DNS - T1071.004 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may communicate using the Domain Name System (DNS) application layer protocol to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server. The DNS protocol serves an administrative function in computer networking and thus may be very common in environments. DNS traffic may also be allowed even before network authentication is completed. DNS packets contain many fields and headers in which data can be concealed. Often known as DNS tunneling, adversaries may abuse DNS to communicate with systems under their control within a victim network while also mimicking normal, expected traffic.(Citation: PAN DNS Tunneling)(Citation: Medium DnsTunneling) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2011-07-13 | 0 | Binary C&C Over HTTP | ||
| Details | Website | 2011-07-06 | 1015 | Hacker Media and Pentesting List | ||
| Details | Website | 2011-07-02 | 0 | TRAINING: Python For Hackers | ||
| Details | Website | 2011-06-27 | 4 | MS11-030: Exploitable or Not? | Rapid7 Blog | ||
| Details | Website | 2011-06-20 | 60 | Apr 13 CVE-2011-2100 PDF - Adobe DLL Loading Vulnerability - Agenda.7z | ||
| Details | Website | 2011-06-18 | 0 | Talk: Attack UPnP โ The Useful plug and pwn protocols | ||
| Details | Website | 2011-06-17 | 9 | Intercepting Blackberry Application Traffic | ||
| Details | Website | 2011-06-07 | 0 | Defend Online Anonymity โ Set Up a Tor Relay | dc414 | ||
| Details | Website | 2011-06-05 | 18 | Netgear FVS318 einrichten & Geschwindigkeitstest | ||
| Details | Website | 2011-06-02 | 0 | vSploit - Virtualizing Intrusion & Exploitation Attributes with Metasploit Framework | Rapid7 Blog | ||
| Details | Website | 2011-06-01 | 161 | Tor security advisory: "relay early" traffic confirmation attack | Tor Project | ||
| Details | Website | 2011-05-31 | 60 | May 17 CVE-2010-2883 PDF Bin Laden's successor from spoofed Nationalpost.com | ||
| Details | Website | 2011-05-16 | 66 | Dumping Hashes on Win2k8 R2 x64 with Metasploit :: malicious.link โ welcome | ||
| Details | Website | 2011-05-05 | 13 | Setting up Cerberus RAT(Remote Administration tool) | ||
| Details | Website | 2011-04-20 | 38 | Apr 16 CVE-2011-0611 DOC urgent files from 97.66.14.11 | ||
| Details | Website | 2011-04-17 | 1 | dnsmap-bulk | ||
| Details | Website | 2011-04-13 | 43 | Bold FBI Move Shutters COREFLOOD Bot | ||
| Details | Website | 2011-03-28 | 20 | Mar 25-28 CVE-2009-3129 XLS LES Request or Lybia Crisis from bran343@yahoo.com | ||
| Details | Website | 2011-03-24 | 0 | Virus Bulletin :: Rogue SSL certificates issued for popular websites | ||
| Details | Website | 2011-03-09 | 3 | At least, I got DoS ยท The Recurity Lablog | ||
| Details | Website | 2011-02-28 | 0 | 27c3 - 27th Chaos Communication Congress in Berlin (2010-12-27 to 2010-12-30) | ||
| Details | Website | 2011-02-23 | 0 | Checking for infections with the Bohu trojan | ||
| Details | Website | 2011-02-07 | 163 | Vulnerability Summary for the Week of January 31, 2011 | CISA | ||
| Details | Website | 2011-01-24 | 32 | Jan 24 CVE-2010-3970 DOC 'Secretary-General Liao' from dogviceroy@yahoo.com.tw (Update - Analysis by the Sematic) | ||
| Details | Website | 2011-01-20 | 49 | Jan 20 CVE-2010-3333 DOC Materials.doc from 216.183.175.3 (Cleveland Council on World Affairs) |