lsdminer_dns_txt_decrypt

command module
v0.0.0-...-85ee73c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 26, 2019 License: MIT Imports: 8 Imported by: 0

README

LSDMiner_DNS_TXT_Decrypt

Decrypt DNS TXT data that encrypted by AES128bit of botnet lsdminer malicious sample

The latest malicious sample of LSDMiner uses DNS TXT as it's CC tunnel. It delivers multiple kinds of data encrypted by AES128bit via DNS TXT record. Now this is the decryption sccript.

Related blog post:

  1. https://www.anomali.com/blog/illicit-cryptomining-threat-actor-rocke-changes-tactics-now-more-difficult-to-detect
  2. Decrypt DNS TXT record data lookuped by latest LSDMiner sample
  3. 逆向解密 LSDMiner 新样本利用 DNS TXT 通道传输的数据

Usage:

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.