Open 4TheSmarts opened 5 days ago
{"Flames (Hypothesis-Driven)"=>"Based on assumptions about adversary behavior or specific activities."}
Cody Lunday
An adversary is utilizing DNS tunneling to exfiltrate data through DNS port 53.
Exfiltration Over Alternative Protocol
Attackers are interested in finding unmonitored communication channels to evade detection.
https://attack.mitre.org/techniques/T1048/ https://brightsec.com/blog/dns-tunneling/
Hunt Type 🔥
{"Flames (Hypothesis-Driven)"=>"Based on assumptions about adversary behavior or specific activities."}
HEARTH Crafter
Cody Lunday
Hunt Idea / Hypothesis
An adversary is utilizing DNS tunneling to exfiltrate data through DNS port 53.
MITRE ATT&CK Tactic
Exfiltration Over Alternative Protocol
Implementation Notes
Attackers are interested in finding unmonitored communication channels to evade detection.
Search Tags
DNS #Tunneling #Exfiltration
Value and Impact
Knowledge Base
https://attack.mitre.org/techniques/T1048/ https://brightsec.com/blog/dns-tunneling/