<ciso brief/>
Tag Banner

All news with #dns c2 tag

all tags →

Fri, October 3, 2025

Detour Dog Using DNS to Distribute Strela Stealer Campaigns

#Backdoor Found #Data Exfil via Tools #Strela Stealer #DNS C2

🛡️ Infoblox links a threat actor dubbed Detour Dog to campaigns distributing the Strela Stealer, using compromised WordPress sites to host first-stage backdoors such as StarFish. The actor leverages DNS TXT records and modified name servers to deliver Base64-encoded commands and delivery URLs, selectively triggering redirects or remote execution to minimize detection. Infoblox and Shadowserver sinkholed multiple C2 domains in July–August 2025.

read more →