DNS Tunnelling Malware delivered via Word Documents

description: DNS Tunneling Malware primarily targeting Kuwait

publish date:

reference :

IOC Table
total 18
type value
domain check-updates.com
domain firewallsupports.com
FileHash-SHA256 ce6b44af79db56be053f63426acee02c591a2e19ef29f43227ea5b0640e9b24a
FileHash-SHA256 ffe2e9b274b00ea967c96eca9c177048c35de75599488f1b8be5ae1cceba00d9
FileHash-SHA256 a87c1a87d90f742614c61cf4fb15fdc400d2212fd14e96cd55bb9c1a0f09220f
FileHash-SHA256 b614370cad5c12a4fcd15c900d6a4019d489725375b8edb076285e815a5b2628
hostname 1fix.org.windows-updates.com
hostname auth.windows-updates.com
hostname crs.windows-updates.com
hostname dev.windows-updates.com
hostname ftp0.windows-updates.com
hostname home.windows-updates.com
hostname id.windows-updates.com
hostname mail.windows-updates.com
hostname microsoft.windows-updates.com
hostname mirror.windows-updates.com
URL http://dl.kcc.com.kw/%D9%82%D8%A7%D8%A6%D9%85%D8%A9-%D8%A7%D9%84%D9%86%D9%85%D8%A7%D8%B0%D8%AC-%D8%A7%D9%84%D8%B9%D8%A7%D9%85%D8%A9/PACI-FORMS.zip
URL http://windows-updates.com/software.php