DNS Tunneling - Format

Virtus · April 27, 2025, 7:36pm

I have checked virustotal and checked wireshark , seems like i found the variant name but it doesnt accept “An***” ( found from virustotal details ( news etc ) )
It seems like its a variant of trickbot .Tried everything as answer but didnt accept
Can we add format ? Or can someone help me out please (:

Thanks

@besimaltinok

Virtus · April 27, 2025, 7:45pm

Found it out format : **_ If anyone else stuck here (:

yorusec · April 29, 2025, 1:41pm

the answer can be found during pcap analysis after some decoding/decrypting ops