Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
DNS analytics
open-in-new
<h2 id="published-research">Published Research</h2> <p>Research within the public domain shows that state-sponsored malware and APT campaigns exhibit <a href="/facts/Domain_Name_System/rfxdWFsj">DNS</a> <i><a href="/facts/Indicator_of_compromise/oHwlcRJX">indicators of compromise</a></i> (IOC). Since June 2010, analysis of <a href="/facts/Cyberweapon/aGWb5cR6">cyberweapon</a> platforms and agents has been undertaken by labs including <a href="/facts/Kaspersky_Lab/WWX97cMP">Kaspersky Lab</a>, <a href="/facts/ESET/roFfK0Kh">ESET</a>, <a href="/facts/NortonLifeLock/uWvBqako">Symantec</a>, <a href="/facts/McAfee/yIytBc4w">McAfee</a>, <a href="/facts/Norman_Safeground/RuDpyfGB">Norman Safeground</a>, and <a href="/facts/Mandiant/1WRIdvhP">Mandiant</a>. The findings as released by these organizations include detailed analysis of <a href="/facts/Stuxnet/xa7gvYYF">Stuxnet</a>,<a class="footnote-ref" id="fnref:1" href="#fn:1"><sup>1</sup></a> <a href="/facts/Flame_(malware)/KUhH08VQ">Flame</a>,<a class="footnote-ref" id="fnref:2" href="#fn:2"><sup>2</sup></a> Hidden Lynx,<a class="footnote-ref" id="fnref:3" href="#fn:3"><sup>3</sup></a> Operation Troy,<a class="footnote-ref" id="fnref:4" href="#fn:4"><sup>4</sup></a> The NetTraveler,<a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a> Operation Hangover,<a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a> <a href="/facts/Mandiant/1WRIdvhP">Mandiant</a> <a href="/facts/APT1/0fCAzUfc">APT1</a>,<a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a> and Careto.<a class="footnote-ref" id="fnref:8" href="#fn:8"><sup>8</sup></a> These <a href="/facts/Malware/5ee7TLFR">malware</a> and <a href="/facts/Advanced_persistent_threat/cc8jXB2F">APT</a> campaigns can be reliably identified within computer networks through the use of DNS analytics tools. </p> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>"Stuxnet Under the Microscope" (PDF). ESET. Archived from the original (PDF) on 2011-07-10. Retrieved 2014-02-25. <a href="https://web.archive.org/web/20110710201455/http://www.eset.com/us/resources/white-papers/Stuxnet_Under_the_Microscope.pdf" target="_blank">https://web.archive.org/web/20110710201455/http://www.eset.com/us/resources/white-papers/Stuxnet_Under_the_Microscope.pdf</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>"The Roof is on Fire - Tracking Flames C&C Servers". Kaspersky Lab. 22 August 2023. <a href="https://www.securelist.com/en/blog/208193540/The_Roof_Is_on_Fire_Tackling_Flames_C_C_Servers" target="_blank">https://www.securelist.com/en/blog/208193540/The_Roof_Is_on_Fire_Tackling_Flames_C_C_Servers</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>"Hidden Lynx" (PDF). Symantec. Archived from the original (PDF) on 2014-08-09. Retrieved 2014-02-25. <a href="https://web.archive.org/web/20140809015929/http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf" target="_blank">https://web.archive.org/web/20140809015929/http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>"Dissecting Operation Troy" (PDF). McAfee. <a href="http://www.mcafee.com/sg/resources/white-papers/wp-dissecting-operation-troy.pdf" target="_blank">http://www.mcafee.com/sg/resources/white-papers/wp-dissecting-operation-troy.pdf</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>"The Nettraveler, Part 1" (PDF). Kaspersky Lab. Archived from the original (PDF) on 2013-09-27. Retrieved 2014-02-25. <a href="https://web.archive.org/web/20130927014114/http://www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf" target="_blank">https://web.archive.org/web/20130927014114/http://www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>"Unveiling an Indian Cyberattack Infrastructure" (PDF). Norman Safeground. Archived from the original (PDF) on 2014-03-17. Retrieved 2014-02-25. <a href="https://web.archive.org/web/20140317015447/http://normanshark.com/wp-content/uploads/2013/08/NS-Unveiling-an-Indian-Cyberattack-Infrastructure_FINAL_Web.pdf" target="_blank">https://web.archive.org/web/20140317015447/http://normanshark.com/wp-content/uploads/2013/08/NS-Unveiling-an-Indian-Cyberattack-Infrastructure_FINAL_Web.pdf</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>"Mandiant APT1 Report" (PDF). Mandiant. Archived from the original (PDF) on 2013-02-19. Retrieved 2014-02-25. <a href="https://web.archive.org/web/20130219155150/http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf" target="_blank">https://web.archive.org/web/20130219155150/http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>"Unveiling the Mask" (PDF). Kaspersky Lab. Archived from the original (PDF) on 2014-02-25. Retrieved 2014-02-25. <a href="https://web.archive.org/web/20140225072140/http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf" target="_blank">https://web.archive.org/web/20140225072140/http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> </ol>