xHunt Campaign: New PowerShell Backdoor Blocked Through DNS Tunnel Detection

In June 2019, we observed one of these overlapping domains, specifically, windows64x[.]com, being used as the C2 server for a new. backdoor that weve named CASHY200. This. backdoor used DNS tunneling to communicate with its C2. server, specifically by issuing DNS A queries to the actor controlled name server at the aforementioned domain. By analyzing the lineage of this tool, we found that actors may have used CASH.Y200 when targeting Kuwait government organizations starting in the spring of 2018 and continuing throughout 2019.”]

Source: https://unit42.paloaltonetworks.com/more-xhunt-new-powershell-backdoor-blocked-through-dns-tunnel-detection/

Something Fresh

What to Know About The Jamaica Data Protection Act

St Vincent and the Grenadines embracing CariSECURE

Jamaica's Gov’t Looking to Finalize Data Protection Act Regulations

What People Reading

RSA: Geolocation shows just how dead privacy is

Intel Confirms Unauthorized Access of Earnings-Related Data

Launching AnonLeaks, Ready To Dump More HBGary E-mails!

Beware these 4 types of IRS scams

Complacency Increases Security Risk

Categories

Partners

Just add here your partners image or promo text