Adjusting the Anchor - A DNS Exfiltrator
released on 2021-07-20 @ 07:10:06 AM
AnchorDNS is a backdoor used by the TrickBot actors to target selected high value victims. It has been seen delivered by both TrickBot and Bazar malware campaigns. AnchorDNS is particularly difficult to track given that it is deployed only post-infection and that too only after a period of reconnaissance, once the malware operators have established that the target is of special interest.