Capybara dns tunneling campaign

Intel Name: Capybara dns tunneling campaign

Date of Scan: September 30, 2024

Impact: High

Summary:
We have identified a DNS tunneling campaign named Capybara that employs several techniques for encoding or obscuring data within the DNS tunnel. These techniques include tailored Base32 encoding. DNS tunneling can begin as soon as the second day following the registration of a Capybara domain. This campaign initiated in June 2024, and telemetry data showed a peak of 22,685,570 fully qualified domain name (FQDN) detections in a single day in August 2024. The specific purpose of this campaign remains undetermined.

More Details