Inside Zloader’s Latest Trick: DNS Tunneling
Tags
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Security Support Provider - T1547.005 Server - T1583.004 Server - T1584.004 Security Support Provider - T1101
Show in Graph
Common Information
Type Value
UUID 003b93ee-06a0-43bd-b4d0-6750690c4594
Fingerprint a83974350e3bb251
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 10, 2024, midnight
Added to db Dec. 10, 2024, 5:26 p.m.
Last updated Dec. 20, 2024, 12:03 p.m.
Headline Inside Zloader’s Latest Trick: DNS Tunneling
Title Inside Zloader’s Latest Trick: DNS Tunneling
Detected Hints/Tags/Attributes 67/1/21
Source URLs
Redirection Url
Details Source https://www.zscaler.com/blogs/security-research/inside-zloader-s-latest-trick-dns-tunneling
URL Provider
Details Provider Source level domain
Details zscaler.com www.zscaler.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 406 Security Research | Blog Category Feed https://www.zscaler.com/blogs/feeds/security-research 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 3 
ns1.brownswer.com
Details Domain 5 
bigdealcenter.world
Details Domain 2 
unitedcommunity.world
Details sha256 2 
6713bfbe1a8dea1ce0b97a5196762fe327f8da770a06e9aff09fff3a4f07cc14
Details sha256 4 
22c5858ff8c7815c34b4386c3b4c83f2b8bb23502d153f5d8fb9f55bd784e764
Details sha256 2 
603bd9ee50f7dc6de37f314bda227561f0fd67cdebf53a672ea32cce73a2efd3
Details sha256 2 
d212042504f851253347754c3d3624628e7ebf7c0bbd8160220bf6edcff24f16
Details sha256 2 
ec8414631644269ab230c222055beb36546ff3ee39cebbbfa7e794e2e609c8d9
Details sha256 2 
17a9900aff30928d54ce77bdcd0cdde441dd0215f8187bac0a270c5f8e4db9cc
Details sha256 2 
2794a703aff5549a89834d0ef8ad4b97ce12e27fa37852dd2a504e5a0078b093
Details sha256 2 
3610f213db22a9de07dbbed4fbf6cec78b6dd4d58982c91f3a4ef994b53a8adc
Details sha256 2 
cbff717783ee597448c56a408a066aaae0279dd8606e6d99e52a04f0a7a55e03
Details sha256 4 
a9f2c4bc268765fc6d72d8e00363d2440cf1dcbd1ef7ee08978959fc118922c9
Details sha256 5 
db34e255aa4d9f4e54461571469b9dd53e49feed3d238b6cfb49082de0afb1e4
Details sha256 4 
49405370a33abbf131c5d550cebe00780cc3fd3cbe888220686582ae88f16af7
Details sha256 2 
f1a9ef13784ba05628c12decbbe44e7708793d1a707f9fbc2475c42e1ec2cb7d
Details sha256 2 
40b4bb1919e9079d1172c5dee5ac7d96c5e80ede412b8e3ef382230a908733cc
Details IPv4 8 
2.9.4.0
Details IPv4 4 
45.61.152.154
Details IPv4 67 
8.8.4.4
Details IPv4 315 
8.8.8.8