A lot of SOCs rely on DNS requests to malicious domains as an early and low-false-positive indication of compromise. If they don't have visibility into DoH, they'll go dark(er) soon as malware starts taking advantage of it. https://t.co/9ULx3vYV4h

— Wesley McGrew (@McGrewSecurity) July 3, 2019

New Godlua Malware Evades Traffic Monitoring via DNS over HTTPS https://t.co/LEomNtBNot

— The Cyber Security Hub (@TheCyberSecHub) July 3, 2019

New Godlua Malware Evades Traffic Monitoring via DNS over HTTPS https://t.co/bWreBwlOQT

— Nicolas Krassas (@Dinosn) July 3, 2019

This is the first analysis of malware leveraging DNS over HTTPS I've seen - https://t.co/LcClinudzt

— Nick Biasini (@infosec_nick) July 2, 2019

Godlua Linux malware that engages in cryptomining and DDoS first to use DNS-over-HTTPS to get C&C server name https://t.co/aW9zqCd5P5 pic.twitter.com/plvWM7cjvh

— Virus Bulletin (@virusbtn) July 3, 2019

Ula Badula it's time for #Godlua:

- first-ever malware abusing new DoH (DNS over HTTPS) protocol
- it's a DDoS bot
- it's Lua-based backdoor
- targets Linux servers via Confluence exploit CVE-2019-3396

via @360Netlab @zom3y3
cc: @0xrb https://t.co/vh6csqfbdj pic.twitter.com/X0ZAkOaT6R

— Odisseus (@_odisseus) July 3, 2019

An Analysis of Godlua Backdoor - 360 Total Security https://t.co/o1tsfahR9m via @nuzzel thanks @stvemillertime

— alexander knorr (@opexxx) July 3, 2019

New Linux/Windows malware that abuses "DNS over HTTPS" protocol.#Godlua #IOC #MD5 #UNIX #Linux #Malware

Samples:https://t.co/CER0l7q8eN

Article:https://t.co/P00YoYnVWe

— Frankie McEyes (@theVirus00) July 3, 2019

First malware known to have used DNS over HTTPS - passive network visibility go *pooof* https://t.co/y5ZWWLzNO7

— /r/netsec (@_r_netsec) July 3, 2019

Our latest blog, Godlua Backdoor, it is something a little bit special, it uses a combination of hardcoded dns name, https://t.co/NMcKWbKudp, https://t.co/bNJuBoDSyo as well as DNS TXT to store the C2 address, which is something we don't see often. https://t.co/J7U0ggNPgs

— 360 Netlab (@360Netlab) July 1, 2019

First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol

- malware is named Godlua
- it's a DDoS bot
- targets Linux servers via Confluence exploit CVE-2019-3396https://t.co/L4AWjx5SrX pic.twitter.com/pfICAUx0Om

— Catalin Cimpanu (@campuscodi) July 3, 2019

A lot of SOCs rely on DNS requests to malicious domains as an early and low-false-positive indication of compromise. If they don't have visibility into DoH, they'll go dark(er) soon as malware starts taking advantage of it. https://t.co/9ULx3vYV4h

— Wesley McGrew (@McGrewSecurity) July 3, 2019

First-ever malware strain spotted abusing new #DoH (DNS over HTTPS) protocol | #Godlua #linux #netsec #malware | https://t.co/3ZEe1jq6li

— ⌈Phusion⌉ (@phusion) July 3, 2019

Not terribly surprising, but notable: "First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol” by @campuscodi https://t.co/AlpMh4bMpn

— Joseph Lorenzo Hall, PhD (@JoeBeOne) July 3, 2019

"Security researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have discovered the first ever malware strain seen abusing the DNS over HTTPS (DoH) protocol."https://t.co/k9b3BNPxGu#CyberSecurity #Tech #Technology #Malware

— US Cybersecurity Mag. (@USCyberMag) July 3, 2019

First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol https://t.co/gQjH11UkXk by @campuscodi

— ZDNet (@ZDNet) July 3, 2019

First-Ever Malware Strain Spotted Abusing New DoH Protocol https://t.co/qijJAGxJ4q #news

— packet storm (@packet_storm) July 3, 2019

Crooks are always one step ahead apparently... First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol https://t.co/mtHtbQA3uG

— Paolo Passeri (@paulsparrows) July 3, 2019

"Security researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have discovered the first ever malware strain seen abusing the DNS over HTTPS (DoH) protocol."https://t.co/nWjVuQL9jq

— ?? ?? (@0x2AE) July 3, 2019