Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study
Fox IT
AUGUST 11, 2022
This Saitama implant uses DNS as its sole Command and Control channel and utilizes long sleep times and (sub)domain randomization to evade detection. As no server-side implementation was available for this implant, our detection engineers had very little to go on to verify whether their detection would trigger on such a communication channel.
Let's personalize your content