← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Leveraging DNS Tunneling for Tracking and Scanning
WHITE CyberHunter_NL 2024-05-14 Modified: 2024-06-13
119
IOCs
HIGH VOLUME
ip addressdns tunnelingpalo altounitfqdndns queryfqdnsdns traffictrkcdn campaignfigureoilrigalliancecobalt strikesunburstjunefebruaryexploitattacktrojan
Indicators of Compromise (119)
All CIDR CVE FileHash-MD5 domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
CIDR 103.8.88.64/27 2024-05-14
CIDR 146.70.0.0/16 2024-05-14
CIDR 185.121.0.0/16 2024-05-14
CVE CVE-2012-1033 2024-05-14
FileHash-MD5 04b16bbbf91be3e2fee2c83151131cf5 2024-05-14
FileHash-MD5 0fa17586a20ef2adf2f927c78ebaeca3 2024-05-14
FileHash-MD5 2c0b9017cf55630f1095ff42d9717732 2024-05-14
FileHash-MD5 4e09ef9806fb9af448a5efcd60395815 2024-05-14
FileHash-MD5 50e5927056538d5087816be6852397f6 2024-05-14
FileHash-MD5 6e4ae1209a2afe123636f6074c19745d 2024-05-14
FileHash-MD5 a8fc70b86e828ffed0f6b3408d30a037 2024-05-14
domain 3yfr6hh9dd3.com 2024-05-14
domain 4bs6hkaysxa.com 2024-05-14
domain 66tye9kcnxi.com 2024-05-14
domain 85hsyad6i2ngzp.com 2024-05-14
domain 8egub9e7s6cz7n.com 2024-05-14
domain 8jtuazcr548ajj.com 2024-05-14
domain 8kk68biiitj.com 2024-05-14
domain 93dhmp7ipsp.com 2024-05-14
domain afusdnfysbsf.com 2024-05-14
domain anrad9i7fb2twm.com 2024-05-14
domain api536yepwj.com 2024-05-14
domain aucxjd8rrzh7xf.com 2024-05-14
domain b5ba24k6xhxn7b.com 2024-05-14
domain bb62sbtk3yi.com 2024-05-14
domain cgb488dixfxjw7.com 2024-05-14
domain cytceitft8g.com 2024-05-14
domain d6zeh4und3yjt9.com 2024-05-14
domain dipgprjp8uu.com 2024-05-14
domain edrefo.com 2024-05-14
domain ege6wf76eyp.com 2024-05-14
domain epyujbhfhbs35j.com 2024-05-14
domain f6kf5inmfmj.com 2024-05-14
domain f6ywh2ud89u.com 2024-05-14
domain frotel.info 2024-05-14
domain h82c3stb3k5.com 2024-05-14
domain hhmk9ixaw9p3ec.com 2024-05-14
domain hjmpfsamfkj5m5.com 2024-05-14
domain hwa85y4icf5.com 2024-05-14
domain ifjh5asi25f.com 2024-05-14
domain iszedim8xredu2.com 2024-05-14
domain m9y6dte7b9i.com 2024-05-14
domain malicious.site 2024-05-14
domain n98erejcf9t.com 2024-05-14
domain npknraafbisrs7.com 2024-05-14
domain patycyfswg33nh.com 2024-05-14
domain pordasa.info 2024-05-14
domain rhctiz9xijd4yc.com 2024-05-14
domain rz53par3ux2.com 2024-05-14
domain secdns.site 2024-05-14
domain secshow.net 2024-05-14
domain secshow.online 2024-05-14
domain simitor.com 2024-05-14
domain sn9jxsrp23x63a.com 2024-05-14
domain swh9cpz2xntuge.com 2024-05-14
domain szd4hw4xdaj.com 2024-05-14
domain tp7djzjtcs6gm6.com 2024-05-14
domain uxjxfg2ui8k5zk.com 2024-05-14
domain vibnere.com 2024-05-14
domain vitrfar.info 2024-05-14
domain wj9ii6rx7yd.com 2024-05-14
domain wk7ckgiuc6i.com 2024-05-14
domain wzbhk2ccghtshr.com 2024-05-14
domain y43dkbzwar7cdt.com 2024-05-14
domain ydxpwzhidexgny.com 2024-05-14
domain z54zspih9h5588.com 2024-05-14
email unit42@not-a-real-domain.com 2024-05-14
hostname 0-53aa2a46-202401201-ans-dnssec.l-test.secdns.site 2024-05-14
hostname 0-53ea2a3a-202401201-ans-dnssec.l-test.secdns.site 2024-05-14
hostname 04b16bbbf91be3e2fee2c83151131cf5.trk.simitor.com 2024-05-14
hostname 0fa17586a20ef2adf2f927c78ebaeca3.trk.vitrfar.info 2024-05-14
hostname 1-103-170-192-121-103-170-192-9.f.secshow.online 2024-05-14
hostname 1-103-170-192-121-103-170-192-9.h.secshow.net 2024-05-14
hostname 20240212190003.bailiwick.secshow.net 2024-05-14
hostname 21pwt2otx07d3et.wzbhk2ccghtshr.com 2024-05-14
hostname 2c0b9017cf55630f1095ff42d9717732.trk.pordasa.info 2024-05-14
hostname 4e09ef9806fb9af448a5efcd60395815.trk.simitor.com 2024-05-14
hostname 50e5927056538d5087816be6852397f6.trk.frotel.info 2024-05-14
hostname 6a134b4f-1.c.secshow.net 2024-05-14
hostname 6e4ae1209a2afe123636f6074c19745d.trk.edrefo.com 2024-05-14
hostname a8fc70b86e828ffed0f6b3408d30a037.trk.vibnere.com 2024-05-14
hostname bc2874fb-1.c.secshow.net 2024-05-14
hostname c.secshow.net 2024-05-14
hostname cdn.simitor.com 2024-05-14
hostname htujn1rhh3553tc.cgb488dixfxjw7.com 2024-05-14
hostname ns.secshow.online 2024-05-14
hostname ns01.8egub9e7s6cz7n.com 2024-05-14
hostname ns01.cgb488dixfxjw7.com 2024-05-14
hostname ns01.epyujbhfhbs35j.com 2024-05-14
hostname ns01.hjmpfsamfkj5m5.com 2024-05-14
hostname ns01.uxjxfg2ui8k5zk.com 2024-05-14
hostname ns01.wzbhk2ccghtshr.com 2024-05-14
hostname ns02.8egub9e7s6cz7n.com 2024-05-14
hostname ns02.cgb488dixfxjw7.com 2024-05-14
hostname ns02.epyujbhfhbs35j.com 2024-05-14
hostname ns02.hjmpfsamfkj5m5.com 2024-05-14
hostname ns02.uxjxfg2ui8k5zk.com 2024-05-14
hostname ns02.wzbhk2ccghtshr.com 2024-05-14
hostname ns1.c.secshow.net 2024-05-14
hostname ns1.edrefo.com 2024-05-14
hostname ns1.frotel.info 2024-05-14
hostname ns1.l-test.secdns.site 2024-05-14
hostname ns1.pordasa.info 2024-05-14
hostname ns1.simitor.com 2024-05-14
hostname ns1.vibnere.com 2024-05-14
hostname ns1.vitrfar.info 2024-05-14
hostname ns2.c.secshow.net 2024-05-14
hostname ns2.edrefo.com 2024-05-14
hostname ns2.frotel.info 2024-05-14
hostname ns2.l-test.secdns.site 2024-05-14
hostname ns2.pordasa.info 2024-05-14
hostname ns2.simitor.com 2024-05-14
hostname ns2.vibnere.com 2024-05-14
hostname ns2.vitrfar.info 2024-05-14
hostname q8udswcmvznk34q.8egub9e7s6cz7n.com 2024-05-14
hostname run0ibnpq8r34dj.hjmpfsamfkj5m5.com 2024-05-14
hostname trk.simitor.com 2024-05-14
hostname vfct3phbmc8qsx2.uxjxfg2ui8k5zk.com 2024-05-14
hostname y0vkmu2eh896he7.epyujbhfhbs35j.com 2024-05-14
References (1)
↗ https://unit42.paloaltonetworks.com/three-dns-tunneling-campaigns/