← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Detour Dog Uses DNS TXT Records to Deliver Strela Stealer
WHITE CODERED_VTA 2025-10-01 Modified: 2025-10-31
22
IOCs
MEDIUM VOLUME
A malware campaign is using compromised websites worldwide to distribute the Strela Stealer information-stealing malware through a novel technique that abuses DNS TXT records. This method represents a significant evolution in cyber threats, researchers said.
detour dogstrongjuneaugustjulynovemberlos pollosseptemberfebruaryaprilcloudserviceprotecttofseevirustotalcontacttoolsspeedblackexampletrojantestpathdefensemikrotikgolosecondstarfishstrela
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
MikroTik Golo Second StarFish Strela
Indicators of Compromise (22)
All URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://176.65.138.152/script.php?u=j6cwaj0h67 2025-10-01
URL http://updatemsdnserver.com/script.php. 2025-10-01
URL http://updatemsdnserver.com/script.php?u= 2025-10-01
URL https://advertipros.com//?u=script 2025-10-01
domain advertipros.com 2025-10-01
domain aeroarrows.io 2025-10-01
domain airlogs.net 2025-10-01
domain braraildye.live 2025-10-01
domain cdn-routing.com 2025-10-01
domain domainzone123.com 2025-10-01
domain ecomicrolab.com 2025-10-01
domain flow-distributor.com 2025-10-01
domain infosystemsllc.com 2025-10-01
domain msdnupdate.com 2025-10-01
domain mssoftupdateserver.com 2025-10-01
domain nupdate0625.com 2025-10-01
domain thinkpadwork.com 2025-10-01
domain updatemsdnserver.com 2025-10-01
domain updatemssoft.com 2025-10-01
domain webdmonitor.io 2025-10-01
domain ywcanevada.org 2025-10-01
hostname nwuuj6cwaj0h67.webmonitor.io 2025-10-01
References (1)
↗ https://blogs.infoblox.com/threat-intelligence/detour-dog-dns-malware-powers-strela-stealer-campaigns/