{"id":1475,"date":"2019-08-09T07:08:54","date_gmt":"2019-08-09T07:08:54","guid":{"rendered":"https:\/\/www.techmagazines.net\/?p=1475"},"modified":"2019-08-09T07:09:47","modified_gmt":"2019-08-09T07:09:47","slug":"godlua-malware-leverage-dns-over-https","status":"publish","type":"post","link":"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/","title":{"rendered":"Godlua: Malware Leverage DNS Over HTTPS"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time: <\/span> <span class=\"rt-time\"> 5<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>\n<p><strong>Godlua: A History<\/strong><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_78 counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #5ad602;color:#5ad602\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #5ad602;color:#5ad602\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#What_Does_It_Do\" >What Does It Do?&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#Godlua_An_Overview\" >Godlua: An Overview<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#How_Does_It_Work\" >How Does It Work?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#Lua_A_Script_Analysis\" >Lua: A Script Analysis<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#Godlua_Possible_Effects_Applications_and_Damages\" >Godlua: Possible Effects, Applications, and Damages<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#How_Does_It_Infiltrate_Computers\" >How Does It Infiltrate Computers?&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#How_to_Avoid_Godlua_and_Other_Malware\" >How to Avoid Godlua and Other Malware<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#To_Sum_It_All_Up\" >To Sum It All Up<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<p>On April 24, 2019, Netlab\u2019s Unknown Threat Detection System discovered a suspicious ELF file marked by several vendors as a mining-related Trojan. The file itself is a Lua-based Backdoor, which they named \u201cGodlua.\u201d It is the first-ever known malware to exploit the DNS over HTTPS (DoH) protocol. &lt;link to <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/blog.netlab.360.com\/\">https:\/\/blog.netlab.360.com\/<\/a>&gt;&nbsp;<\/p>\n\n\n\n<p>Researchers named it Godlua as the Lua-byte code file loaded by this sample contains a magic number of \u201cGod.\u201d&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Does_It_Do\"><\/span><strong>What Does It Do?&nbsp;<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>This newly discovered <strong><a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/securityaffairs.co\/wordpress\/87976\/malware\/godlua-backdoor-abuses-doh.html\">Godlua backdoor<\/a><\/strong> is aiming at Windows and Linux servers. It is the first malware capable of abusing the new DoH protocol.&nbsp;<\/p>\n\n\n\n<p>This malware uses DoH requests to obtain a domain name text record (TXT). Then, it determines where the URL of the subsequent command and control server (C2) is stored. Finally, it determines where the malware is supposed to connect for additional instructions.&nbsp;<\/p>\n\n\n\n<p>It is written to work on both Linux and Windows services. To infect old systems, attackers are using a Confluence exploit, CVE-2019-3396.&nbsp;<\/p>\n\n\n\n<p>It has a redundant communication mechanism for C2 connection. Furthermore, it has a combination of hardcoded DNS name, GitHub.com, and Pastebin.com. It also uses DNS TXT to store the C2 address, something that is not seen often.&nbsp;<\/p>\n\n\n\n<p>At the same time, it uses HTTPS to download Lua-byte code files and it uses DNS over HTTPS (DoH) to retrieve to C2 name, which ensures secure communication between the bots, the C2, and the webserver.&nbsp;<\/p>\n\n\n\n<p>Researchers believe that its main function is to cause DDoS (distributed denial-of-service) attacks.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Godlua_An_Overview\"><\/span><strong>Godlua: An Overview<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Presently, there are two known versions of Godlua.&nbsp;<\/p>\n\n\n\n<p><strong>Version 201811051556.<\/strong> This version is obtained by navigating Godlua download servers, and there has been no update on it. It focuses on the Linux platforms. Furthermore, it supports two kinds of C2 instructions to perform Linux system commands and to run custom files.&nbsp;<\/p>\n\n\n\n<p><strong>Version 20190415103713 \u2013 2019062117473.<\/strong> It is active and is constantly being updated. This active version runs on both Linux and Windows. Moreover, this control module is implemented in Lua, and it supports five C2 commands.&nbsp;<\/p>\n\n\n\n<p>Both versions are written in C. However, Version 20190415103713 \u2013 2019062117473 has more features and supports more computer platforms.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_Does_It_Work\"><\/span><strong>How Does It Work?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Godlua works in three stages:<\/p>\n\n\n\n<p><strong>Stage 1.<\/strong> The Godlua backdoor utilizes three different ways to store the Stage 1 URL: Github project description, Pastebin text, and hardcoded ciphertext. After retrieval and decryption of the Stage 1 URL, a start.png file is downloaded. This is actually a Lua bytecode. Then, the Bot loads the file into memory and executes it to get the Stage 2 URL.&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Stage 2.<\/strong> It uses two mechanisms to store the Stage 2 URL: DNS over HTTPS (DoH) and Github project file. After the retrieval and decryption of the Stage 2 URL, a run.png file will be downloaded. This is another Lua bytecode. Then, the Bot loads the file into memory and executes it to get the Stage 3 URL.&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Stage 3.<\/strong> Stage 3 C2 is hardcoded in the run.png file (a Lua byte-code file). Upon disassembling the file, the researchers discovered the file header\u2019s magic number has changed from \u201cLua\u201d to \u201cGod.\u201d<\/p>\n\n\n\n<p>We have noticed that attackers are using Lua commands to run the Lua code dynamically. Attackers are using this to initiate HTTP flood attacks, targeting specific websites.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Lua_A_Script_Analysis\"><\/span><strong>Lua: A Script Analysis<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The Bot sample downloads numerous Lua scripts when executing. These scripts can further be broken down into three categories: execute, auxiliary, and attack.&nbsp;<\/p>\n\n\n\n<p><strong>Execute. <\/strong>start.png, run.png, upgrade.png, watch.png, quit.png<\/p>\n\n\n\n<p><strong>Auxiliary. <\/strong>util.png, utils.png, curl.png, packet.png<\/p>\n\n\n\n<p><strong>Attack. <\/strong>CC.png, VM.png<\/p>\n\n\n\n<p><strong>Godlua: A Threat to the Cybersecurity Community<\/strong><\/p>\n\n\n\n<p>The discovery that Godlua utilizes DoH to hide DNS traffic has shaken the <strong><a href=\"https:\/\/www.techmagazines.net\/category\/cyber-security\/\">cybersecurity<\/a><\/strong> community. In fact, many people have expressed their fears that other malware strains may now adopt this feature. If this happens, it can render many DNS-reliant cybersecurity products useless.&nbsp;<\/p>\n\n\n\n<p>However, the <strong><a href=\"https:\/\/www.techmagazines.net\/most-dangerous-ransomware-attacks\/\">cybersecurity<\/a><\/strong> community has always found solutions to the various tricks that malware employs. It is expected that they will find one to deal with any malware strains that use DoH as well.&nbsp;<\/p>\n\n\n\n<p>For instance, Google supports DoH for its public DNS service. They provide this for free to users in countries where governments are blocking and filtering internet traffic based on passive DNS monitoring. &lt;link to <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/security.googleblog.com\/2019\/06\/google-public-dns-over-https-doh.html\">https:\/\/security.googleblog.com\/2019\/06\/google-public-dns-over-https-doh.html<\/a>&gt;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Godlua_Possible_Effects_Applications_and_Damages\"><\/span><strong>Godlua: Possible Effects, Applications, and Damages<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Through the Command and Control server, Godlua can be used to control operating systems remotely by sending commands to them. It allows attackers to open\/launch various files and execute different Linux commands.<\/p>\n\n\n\n<p>In simple terms, it can be used to control computers remotely. Moreover, it can be used to infect computers with other malicious software (i.e. ransomware). These types of programs prevent victims from gaining access to their data by encrypting them with strong encryption. Normally, the only way to get a decryption key and\/or tool is to pay the cybercriminals a specific amount of money (<strong><a href=\"https:\/\/www.techmagazines.net\/how-crypto-currencies-work-a-brief-overview\/\">cryptocurrency<\/a><\/strong>). These programs typically cause financial and\/or data loss. &lt;link to <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.pcrisk.com\/common-types-of-computer-infections#ransomware\">https:\/\/www.pcrisk.com\/common-types-of-computer-infections#ransomware<\/a>&gt;&nbsp;<\/p>\n\n\n\n<p>Moreover, computers can be infected with keystroke loggers that record each and every pressed key. With this method, these programs can be used to steal sensitive information, such as logins and passwords of various accounts, banking credentials, and more.&nbsp;<\/p>\n\n\n\n<p>Furthermore, cybercriminals might use Godlua to spread cryptocurrency miners that use computer hardware to mine cryptocurrency by solving mathematical problems. These programs cause high CPU and\/or GPU usage and slow down computers. It can even make them unusable.&nbsp;<\/p>\n\n\n\n<p>As mentioned above, one of the damages that can be done using Godlua is DDoS attacks. Essentially, the purpose of DDoS attacks is to close normal traffic of <strong><a href=\"https:\/\/www.techmagazines.net\/top-cyber-attacks-on-fintech-companies-and-5-ways-to-develop-a-secure-fintech-app\/\">the attacked network<\/a><\/strong>, service, or server by flooding it with unwanted traffic. Moreover, since one of Godlua\u2019s versions, Version 20190415103713 \u2013 2019062117473 targets both Linux and Windows systems and is being actively updated; this malware is capable of causing various damages.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_Does_It_Infiltrate_Computers\"><\/span><strong>How Does It Infiltrate Computers?&nbsp;<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Research shows that some people\u2019s computers got the Godlua malware through the Confluence exploit (CVE-2019-3396). However, this only applies to Linux users. Moreover, there is no specific information about other ways used to spread this malware.&nbsp;<\/p>\n\n\n\n<p>Typically, cybercriminals spread malicious software through fake software updaters, Trojans, spam email campaigns, and other untrustworthy sources that people use to download files and software.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Avoid_Godlua_and_Other_Malware\"><\/span><strong>How to Avoid Godlua and Other Malware<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>One of the best ways to avoid Godlua and other malware is by ignoring questionable emails and attached links. Moreover, download software through direct links and official, trustworthy sources only. Update installed programs with functions and\/or tools developed by official developers and avoid using \u201ccracking\u201d tools. Finally, make sure to install and enable a credible anti-spyware or anti-virus at all times.&nbsp;<\/p>\n\n\n\n<p>If you believe that your computer is already infected, talk to a tech professional immediately. The removal of Godlua and other malware can be a lengthy, complicated process that requires advanced computer skills.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"To_Sum_It_All_Up\"><\/span><strong>To Sum It All Up<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>We have yet to see the whole picture of the Godlua backdoor, how it works, and how it infects its targets. At this point, we know that at least some Linux users were infected through the Confluence exploit.&nbsp;<\/p>\n\n\n\n<p>For now, we suggest that people should monitor and block suspicious URLs, IP addresses, and domain names on the system.&nbsp;<\/p>\n\n\n\n<p>If you have any further information about the threat, we would love to hear your thoughts.&nbsp;<br><\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"wpm_excerpt clearfix\"><p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time: <\/span> <span class=\"rt-time\"> 5<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>Godlua: A History On April 24, 2019, Netlab\u2019s Unknown Threat Detection System discovered a suspicious ELF file marked by several vendors as a mining-related Trojan. The &hellip;<\/p>\n<\/div>","protected":false},"author":28,"featured_media":1476,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37],"tags":[],"class_list":["post-1475","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Godlua: Malware Leverage DNS Over HTTPS | Tech Magazine<\/title>\n<meta name=\"description\" content=\"Read everything about Godlua: Malware Leverage DNS Over HTTPS.Version 201811051556. This version is obtained by navigating Godlua download servers, and there has been no update on it. It focuses on the Linux platforms. Furthermore, it supports two kinds of C2 instructions to perform Linux system commands and to run custom files.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Godlua: Malware Leverage DNS Over HTTPS | Tech Magazine\" \/>\n<meta property=\"og:description\" content=\"Read everything about Godlua: Malware Leverage DNS Over HTTPS.Version 201811051556. This version is obtained by navigating Godlua download servers, and there has been no update on it. It focuses on the Linux platforms. Furthermore, it supports two kinds of C2 instructions to perform Linux system commands and to run custom files.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/\" \/>\n<meta property=\"og:site_name\" content=\"Tech Magazine\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/profile.php?id=100007079021205&amp;ref=br_rs\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-09T07:08:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-08-09T07:09:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.techmagazines.net\/wp-content\/uploads\/2019\/08\/Godlua-Malware-Leverage-DNS-Over-HTTPS.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"854\" \/>\n\t<meta property=\"og:image:height\" content=\"540\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"louise\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"louise\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/\"},\"author\":{\"name\":\"louise\",\"@id\":\"https:\/\/www.techmagazines.net\/#\/schema\/person\/727a4cdab57b31a218ef5980a6ed0841\"},\"headline\":\"Godlua: Malware Leverage DNS Over HTTPS\",\"datePublished\":\"2019-08-09T07:08:54+00:00\",\"dateModified\":\"2019-08-09T07:09:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/\"},\"wordCount\":1276,\"publisher\":{\"@id\":\"https:\/\/www.techmagazines.net\/#\/schema\/person\/9827714c3556d6a5d325c9af0386dac2\"},\"image\":{\"@id\":\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techmagazines.net\/wp-content\/uploads\/2019\/08\/Godlua-Malware-Leverage-DNS-Over-HTTPS.jpg\",\"articleSection\":[\"Cyber Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/\",\"url\":\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/\",\"name\":\"Godlua: Malware Leverage DNS Over HTTPS | Tech Magazine\",\"isPartOf\":{\"@id\":\"https:\/\/www.techmagazines.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techmagazines.net\/wp-content\/uploads\/2019\/08\/Godlua-Malware-Leverage-DNS-Over-HTTPS.jpg\",\"datePublished\":\"2019-08-09T07:08:54+00:00\",\"dateModified\":\"2019-08-09T07:09:47+00:00\",\"description\":\"Read everything about Godlua: Malware Leverage DNS Over HTTPS.Version 201811051556. This version is obtained by navigating Godlua download servers, and there has been no update on it. It focuses on the Linux platforms. Furthermore, it supports two kinds of C2 instructions to perform Linux system commands and to run custom files.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#primaryimage\",\"url\":\"https:\/\/www.techmagazines.net\/wp-content\/uploads\/2019\/08\/Godlua-Malware-Leverage-DNS-Over-HTTPS.jpg\",\"contentUrl\":\"https:\/\/www.techmagazines.net\/wp-content\/uploads\/2019\/08\/Godlua-Malware-Leverage-DNS-Over-HTTPS.jpg\",\"width\":854,\"height\":540},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techmagazines.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Godlua: Malware Leverage DNS Over HTTPS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techmagazines.net\/#website\",\"url\":\"https:\/\/www.techmagazines.net\/\",\"name\":\"Tech Magazines\",\"description\":\"Best Digital Tech Magazines Site\",\"publisher\":{\"@id\":\"https:\/\/www.techmagazines.net\/#\/schema\/person\/9827714c3556d6a5d325c9af0386dac2\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techmagazines.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.techmagazines.net\/#\/schema\/person\/9827714c3556d6a5d325c9af0386dac2\",\"name\":\"Amit Gupta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techmagazines.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.techmagazines.net\/wp-content\/uploads\/2019\/03\/cropped-technologies-2.png\",\"contentUrl\":\"https:\/\/www.techmagazines.net\/wp-content\/uploads\/2019\/03\/cropped-technologies-2.png\",\"width\":500,\"height\":125,\"caption\":\"Amit Gupta\"},\"logo\":{\"@id\":\"https:\/\/www.techmagazines.net\/#\/schema\/person\/image\/\"},\"description\":\"Amit Gupta is an experienced digital marketer, expert writer, and founder of Tech Magazine. With 5+ years in the industry, he specializes in creating in-depth content on Technology Updates, IoT, Gaming, Gadget, Web Development, and Artificial Intelligence. Connect on Facebook and Linkedin.\",\"sameAs\":[\"https:\/\/www.facebook.com\/profile.php?id=100007079021205&ref=br_rs\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techmagazines.net\/#\/schema\/person\/727a4cdab57b31a218ef5980a6ed0841\",\"name\":\"louise\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techmagazines.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/58fbfb9fcbbbce41d2f44e4e20542cd73b9afb14d2aa7e9a0d7fbfe59b47157f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/58fbfb9fcbbbce41d2f44e4e20542cd73b9afb14d2aa7e9a0d7fbfe59b47157f?s=96&d=mm&r=g\",\"caption\":\"louise\"},\"description\":\"I am Louise Savoie Digital Marketer at Proweaver , a web development company specializing in Custom Web Design which helps sole proprietors and small companies increase their sales and grow their business. I am responsible in Content Marketing and Social Media Marketing. You can find us on Twitter: @proweaver\",\"url\":\"https:\/\/www.techmagazines.net\/author\/louise\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Godlua: Malware Leverage DNS Over HTTPS | Tech Magazine","description":"Read everything about Godlua: Malware Leverage DNS Over HTTPS.Version 201811051556. This version is obtained by navigating Godlua download servers, and there has been no update on it. It focuses on the Linux platforms. Furthermore, it supports two kinds of C2 instructions to perform Linux system commands and to run custom files.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/","og_locale":"en_US","og_type":"article","og_title":"Godlua: Malware Leverage DNS Over HTTPS | Tech Magazine","og_description":"Read everything about Godlua: Malware Leverage DNS Over HTTPS.Version 201811051556. This version is obtained by navigating Godlua download servers, and there has been no update on it. It focuses on the Linux platforms. Furthermore, it supports two kinds of C2 instructions to perform Linux system commands and to run custom files.","og_url":"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/","og_site_name":"Tech Magazine","article_publisher":"https:\/\/www.facebook.com\/profile.php?id=100007079021205&ref=br_rs","article_published_time":"2019-08-09T07:08:54+00:00","article_modified_time":"2019-08-09T07:09:47+00:00","og_image":[{"width":854,"height":540,"url":"https:\/\/www.techmagazines.net\/wp-content\/uploads\/2019\/08\/Godlua-Malware-Leverage-DNS-Over-HTTPS.jpg","type":"image\/jpeg"}],"author":"louise","twitter_card":"summary_large_image","twitter_misc":{"Written by":"louise","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#article","isPartOf":{"@id":"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/"},"author":{"name":"louise","@id":"https:\/\/www.techmagazines.net\/#\/schema\/person\/727a4cdab57b31a218ef5980a6ed0841"},"headline":"Godlua: Malware Leverage DNS Over HTTPS","datePublished":"2019-08-09T07:08:54+00:00","dateModified":"2019-08-09T07:09:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/"},"wordCount":1276,"publisher":{"@id":"https:\/\/www.techmagazines.net\/#\/schema\/person\/9827714c3556d6a5d325c9af0386dac2"},"image":{"@id":"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#primaryimage"},"thumbnailUrl":"https:\/\/www.techmagazines.net\/wp-content\/uploads\/2019\/08\/Godlua-Malware-Leverage-DNS-Over-HTTPS.jpg","articleSection":["Cyber Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/","url":"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/","name":"Godlua: Malware Leverage DNS Over HTTPS | Tech Magazine","isPartOf":{"@id":"https:\/\/www.techmagazines.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#primaryimage"},"image":{"@id":"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#primaryimage"},"thumbnailUrl":"https:\/\/www.techmagazines.net\/wp-content\/uploads\/2019\/08\/Godlua-Malware-Leverage-DNS-Over-HTTPS.jpg","datePublished":"2019-08-09T07:08:54+00:00","dateModified":"2019-08-09T07:09:47+00:00","description":"Read everything about Godlua: Malware Leverage DNS Over HTTPS.Version 201811051556. This version is obtained by navigating Godlua download servers, and there has been no update on it. It focuses on the Linux platforms. Furthermore, it supports two kinds of C2 instructions to perform Linux system commands and to run custom files.","breadcrumb":{"@id":"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#primaryimage","url":"https:\/\/www.techmagazines.net\/wp-content\/uploads\/2019\/08\/Godlua-Malware-Leverage-DNS-Over-HTTPS.jpg","contentUrl":"https:\/\/www.techmagazines.net\/wp-content\/uploads\/2019\/08\/Godlua-Malware-Leverage-DNS-Over-HTTPS.jpg","width":854,"height":540},{"@type":"BreadcrumbList","@id":"https:\/\/www.techmagazines.net\/godlua-malware-leverage-dns-over-https\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techmagazines.net\/"},{"@type":"ListItem","position":2,"name":"Godlua: Malware Leverage DNS Over HTTPS"}]},{"@type":"WebSite","@id":"https:\/\/www.techmagazines.net\/#website","url":"https:\/\/www.techmagazines.net\/","name":"Tech Magazines","description":"Best Digital Tech Magazines Site","publisher":{"@id":"https:\/\/www.techmagazines.net\/#\/schema\/person\/9827714c3556d6a5d325c9af0386dac2"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techmagazines.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.techmagazines.net\/#\/schema\/person\/9827714c3556d6a5d325c9af0386dac2","name":"Amit Gupta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techmagazines.net\/#\/schema\/person\/image\/","url":"https:\/\/www.techmagazines.net\/wp-content\/uploads\/2019\/03\/cropped-technologies-2.png","contentUrl":"https:\/\/www.techmagazines.net\/wp-content\/uploads\/2019\/03\/cropped-technologies-2.png","width":500,"height":125,"caption":"Amit Gupta"},"logo":{"@id":"https:\/\/www.techmagazines.net\/#\/schema\/person\/image\/"},"description":"Amit Gupta is an experienced digital marketer, expert writer, and founder of Tech Magazine. With 5+ years in the industry, he specializes in creating in-depth content on Technology Updates, IoT, Gaming, Gadget, Web Development, and Artificial Intelligence. Connect on Facebook and Linkedin.","sameAs":["https:\/\/www.facebook.com\/profile.php?id=100007079021205&ref=br_rs"]},{"@type":"Person","@id":"https:\/\/www.techmagazines.net\/#\/schema\/person\/727a4cdab57b31a218ef5980a6ed0841","name":"louise","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techmagazines.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/58fbfb9fcbbbce41d2f44e4e20542cd73b9afb14d2aa7e9a0d7fbfe59b47157f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/58fbfb9fcbbbce41d2f44e4e20542cd73b9afb14d2aa7e9a0d7fbfe59b47157f?s=96&d=mm&r=g","caption":"louise"},"description":"I am Louise Savoie Digital Marketer at Proweaver , a web development company specializing in Custom Web Design which helps sole proprietors and small companies increase their sales and grow their business. I am responsible in Content Marketing and Social Media Marketing. You can find us on Twitter: @proweaver","url":"https:\/\/www.techmagazines.net\/author\/louise\/"}]}},"_links":{"self":[{"href":"https:\/\/www.techmagazines.net\/wp-json\/wp\/v2\/posts\/1475","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.techmagazines.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techmagazines.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techmagazines.net\/wp-json\/wp\/v2\/users\/28"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techmagazines.net\/wp-json\/wp\/v2\/comments?post=1475"}],"version-history":[{"count":0,"href":"https:\/\/www.techmagazines.net\/wp-json\/wp\/v2\/posts\/1475\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.techmagazines.net\/wp-json\/wp\/v2\/media\/1476"}],"wp:attachment":[{"href":"https:\/\/www.techmagazines.net\/wp-json\/wp\/v2\/media?parent=1475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techmagazines.net\/wp-json\/wp\/v2\/categories?post=1475"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techmagazines.net\/wp-json\/wp\/v2\/tags?post=1475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}