Malware
Agent Racoon
First seen: 2023-01 • Status: active
Currently Active Threat
Agent Racoon is a newer backdoor that hides its communications in normal-looking DNS traffic.
Overview
Agent Racoon is a .NET backdoor used in Middle East targeted attacks. It uses DNS tunneling for command and control.
Also Known As
Agent.Raccoon
How It Spreads
- • Targeted attacks
What It Does
- • DNS tunneling C2
- • Command execution
- • Data exfiltration
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor DNS traffic patterns
- • Watch for unusual DNS queries
MITRE ATT&CK Techniques
T1071, T1059, T1005
If You're Infected
- 1.
Analyze DNS logs
- 2.
Block suspicious DNS traffic
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required