← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Leveraging DNS Tunneling for Tracking and Scanning
WHITE Armature_TIP 2025-02-22 Modified: 2025-03-24
120
IOCs
HIGH VOLUME
ip addressdns tunnelingpalo altounitfqdndns queryfqdnsdns traffictrkcdn campaignfigureoilrigalliancecobalt strikesunburstjunefebruaryexploitattacktrojanhunt
Indicators of Compromise (120)
All CIDR CVE FileHash-MD5 domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
CIDR 103.8.88.64/27 2025-02-22
CIDR 146.70.0.0/16 2025-02-22
CIDR 185.121.0.0/16 2025-02-22
CVE CVE-2012-1033 2025-02-22
CVE CVE-2024-3400 2025-02-22
FileHash-MD5 04b16bbbf91be3e2fee2c83151131cf5 2025-02-22
FileHash-MD5 0fa17586a20ef2adf2f927c78ebaeca3 2025-02-22
FileHash-MD5 2c0b9017cf55630f1095ff42d9717732 2025-02-22
FileHash-MD5 4e09ef9806fb9af448a5efcd60395815 2025-02-22
FileHash-MD5 50e5927056538d5087816be6852397f6 2025-02-22
FileHash-MD5 6e4ae1209a2afe123636f6074c19745d 2025-02-22
FileHash-MD5 a8fc70b86e828ffed0f6b3408d30a037 2025-02-22
domain 3yfr6hh9dd3.com 2025-02-22
domain 4bs6hkaysxa.com 2025-02-22
domain 66tye9kcnxi.com 2025-02-22
domain 85hsyad6i2ngzp.com 2025-02-22
domain 8egub9e7s6cz7n.com 2025-02-22
domain 8jtuazcr548ajj.com 2025-02-22
domain 8kk68biiitj.com 2025-02-22
domain 93dhmp7ipsp.com 2025-02-22
domain afusdnfysbsf.com 2025-02-22
domain anrad9i7fb2twm.com 2025-02-22
domain api536yepwj.com 2025-02-22
domain aucxjd8rrzh7xf.com 2025-02-22
domain b5ba24k6xhxn7b.com 2025-02-22
domain bb62sbtk3yi.com 2025-02-22
domain cgb488dixfxjw7.com 2025-02-22
domain cytceitft8g.com 2025-02-22
domain d6zeh4und3yjt9.com 2025-02-22
domain dipgprjp8uu.com 2025-02-22
domain edrefo.com 2025-02-22
domain ege6wf76eyp.com 2025-02-22
domain epyujbhfhbs35j.com 2025-02-22
domain f6kf5inmfmj.com 2025-02-22
domain f6ywh2ud89u.com 2025-02-22
domain frotel.info 2025-02-22
domain h82c3stb3k5.com 2025-02-22
domain hhmk9ixaw9p3ec.com 2025-02-22
domain hjmpfsamfkj5m5.com 2025-02-22
domain hwa85y4icf5.com 2025-02-22
domain ifjh5asi25f.com 2025-02-22
domain iszedim8xredu2.com 2025-02-22
domain m9y6dte7b9i.com 2025-02-22
domain malicious.site 2025-02-22
domain n98erejcf9t.com 2025-02-22
domain npknraafbisrs7.com 2025-02-22
domain patycyfswg33nh.com 2025-02-22
domain pordasa.info 2025-02-22
domain rhctiz9xijd4yc.com 2025-02-22
domain rz53par3ux2.com 2025-02-22
domain secdns.site 2025-02-22
domain secshow.net 2025-02-22
domain secshow.online 2025-02-22
domain simitor.com 2025-02-22
domain sn9jxsrp23x63a.com 2025-02-22
domain swh9cpz2xntuge.com 2025-02-22
domain szd4hw4xdaj.com 2025-02-22
domain tp7djzjtcs6gm6.com 2025-02-22
domain uxjxfg2ui8k5zk.com 2025-02-22
domain vibnere.com 2025-02-22
domain vitrfar.info 2025-02-22
domain wj9ii6rx7yd.com 2025-02-22
domain wk7ckgiuc6i.com 2025-02-22
domain wzbhk2ccghtshr.com 2025-02-22
domain y43dkbzwar7cdt.com 2025-02-22
domain ydxpwzhidexgny.com 2025-02-22
domain z54zspih9h5588.com 2025-02-22
email unit42@not-a-real-domain.com 2025-02-22
hostname 0-53aa2a46-202401201-ans-dnssec.l-test.secdns.site 2025-02-22
hostname 0-53ea2a3a-202401201-ans-dnssec.l-test.secdns.site 2025-02-22
hostname 04b16bbbf91be3e2fee2c83151131cf5.trk.simitor.com 2025-02-22
hostname 0fa17586a20ef2adf2f927c78ebaeca3.trk.vitrfar.info 2025-02-22
hostname 1-103-170-192-121-103-170-192-9.f.secshow.online 2025-02-22
hostname 1-103-170-192-121-103-170-192-9.h.secshow.net 2025-02-22
hostname 20240212190003.bailiwick.secshow.net 2025-02-22
hostname 21pwt2otx07d3et.wzbhk2ccghtshr.com 2025-02-22
hostname 2c0b9017cf55630f1095ff42d9717732.trk.pordasa.info 2025-02-22
hostname 4e09ef9806fb9af448a5efcd60395815.trk.simitor.com 2025-02-22
hostname 50e5927056538d5087816be6852397f6.trk.frotel.info 2025-02-22
hostname 6a134b4f-1.c.secshow.net 2025-02-22
hostname 6e4ae1209a2afe123636f6074c19745d.trk.edrefo.com 2025-02-22
hostname a8fc70b86e828ffed0f6b3408d30a037.trk.vibnere.com 2025-02-22
hostname bc2874fb-1.c.secshow.net 2025-02-22
hostname c.secshow.net 2025-02-22
hostname cdn.simitor.com 2025-02-22
hostname htujn1rhh3553tc.cgb488dixfxjw7.com 2025-02-22
hostname ns.secshow.online 2025-02-22
hostname ns01.8egub9e7s6cz7n.com 2025-02-22
hostname ns01.cgb488dixfxjw7.com 2025-02-22
hostname ns01.epyujbhfhbs35j.com 2025-02-22
hostname ns01.hjmpfsamfkj5m5.com 2025-02-22
hostname ns01.uxjxfg2ui8k5zk.com 2025-02-22
hostname ns01.wzbhk2ccghtshr.com 2025-02-22
hostname ns02.8egub9e7s6cz7n.com 2025-02-22
hostname ns02.cgb488dixfxjw7.com 2025-02-22
hostname ns02.epyujbhfhbs35j.com 2025-02-22
hostname ns02.hjmpfsamfkj5m5.com 2025-02-22
hostname ns02.uxjxfg2ui8k5zk.com 2025-02-22
hostname ns02.wzbhk2ccghtshr.com 2025-02-22
hostname ns1.c.secshow.net 2025-02-22
hostname ns1.edrefo.com 2025-02-22
hostname ns1.frotel.info 2025-02-22
hostname ns1.l-test.secdns.site 2025-02-22
hostname ns1.pordasa.info 2025-02-22
hostname ns1.simitor.com 2025-02-22
hostname ns1.vibnere.com 2025-02-22
hostname ns1.vitrfar.info 2025-02-22
hostname ns2.c.secshow.net 2025-02-22
hostname ns2.edrefo.com 2025-02-22
hostname ns2.frotel.info 2025-02-22
hostname ns2.l-test.secdns.site 2025-02-22
hostname ns2.pordasa.info 2025-02-22
hostname ns2.simitor.com 2025-02-22
hostname ns2.vibnere.com 2025-02-22
hostname ns2.vitrfar.info 2025-02-22
hostname q8udswcmvznk34q.8egub9e7s6cz7n.com 2025-02-22
hostname run0ibnpq8r34dj.hjmpfsamfkj5m5.com 2025-02-22
hostname trk.simitor.com 2025-02-22
hostname vfct3phbmc8qsx2.uxjxfg2ui8k5zk.com 2025-02-22
hostname y0vkmu2eh896he7.epyujbhfhbs35j.com 2025-02-22
References (1)
↗ https://unit42.paloaltonetworks.com/three-dns-tunneling-campaigns/#post-133492-_yaeh1r34ced