Talos recently analyzed an interesting malware sample that made use of DNS TXT record queries and responses to create a bidirectional Command and Control (C2) channel. This allows the attacker to use DNS communications to submit new commands to be run on infected machines and return the results of the command execution to the attacker. The author of the malware called SourceFire out in the malware code itself shortly after we released Cisco Umbrella, a security product designed to protect organizations from DNS and web based threats as described here.”]
Source: https://blog.talosintelligence.com/2017/03/dnsmessenger.html