D
DelJo63
Researchers say they've spotted two Godlua versions so far, with a somewhat similar architecture. Both versions used DNS over HTTPS requests to retrieve the TXT (text record) of a domain name, where the URL of a subsequent command and control (C&C) server was being stored, and to which the Godlua malware was supposed to connect for further instructions.
Looming problem for cyber-security community
The discovery that Godlua uses DoH to hide DNS traffic sent shockwaves through the cyber-security community this week.
See DoH shockwaves for details.
Looming problem for cyber-security community
The discovery that Godlua uses DoH to hide DNS traffic sent shockwaves through the cyber-security community this week.
See DoH shockwaves for details.