Open Source Context

Donald McCarthy

CNAME and Control

It’s always DNS… and in this case, it was also a state sponsored RAT cleverly designed to accept C2 using CNAME records. We’ll break apart the encoding and (accidental) detection methodology which discovered a Chinese state actor’s attack on the DIB and related entities.

Donald McCarthy is director of field operations at Open Source Context, where he works to empower security teams and researchers with passive DNS and passive BGP data.