One Article Review
| Source |  SANS Institute |
|---|---|
| Identifiant | 5133656 |
| Date de publication | 2022-06-13 15:00:45 (vue: 2022-06-13 16:07:34) |
| Titre | Translating Saitama\'s DNS tunneling messages, (Mon, Jun 13th) (Recyclage) |
| Texte | Saitama is a backdoor that uses the DNS protocol to encapsulate its command and control (C2) messages - a technique known as DNS Tunneling (MITRE ATT&CK T1071). Spotted and documented by MalwareBytes in two articles posted last month (How the Saitama backdoor uses DNS tunneling and APT34 targets Jordan Government using new Saitama backdoor), Saitama was used in a phishing e-mail targeted to a government official from Jordan's foreign ministry on an attack attributed to the Iranian group APT34. |
| Envoyé | Oui |
| Condensat | 13th apt34 articles att&ck attack attributed backdoor command control dns documented encapsulate foreign from government group how iranian its jordan jordan's jun known last mail malwarebytes messages ministry mitre mon month new official phishing posted protocol saitama spotted t1071 targeted targets technique translating tunneling two used uses using |
| Tags | |
| Stories | APT 34 |
| Notes | |
| Move | 
|
Les reprises de l'article (1):
| Source |  Malwarebytes Labs |
|---|---|
| Identifiant | 4594055 |
| Date de publication | 2022-05-10 20:49:30 (vue: 2022-05-13 21:53:36) |
| Titre | APT34 targets Jordan Government using new Saitama backdoor |
| Texte | A deep dive into a sophisticated attack that used the Saitama backdoor. |
| Envoyé | Oui |
| Condensat | apt34 attack backdoor deep dive government jordan new saitama sophisticated targets used using |
| Tags | |
| Stories | APT 34 |
| Notes | |
| Move |
|
L'article ne semble pas avoir été repris sur un précédent.