THREATNOIR
Subscribe
Back to Feed
MalwareApr 29, 2026

In the TXT DNS record of sagiw.chatcamic[.]com, there is some PS code... (1/2) https://t.co/Oa1gJ...

Malicious PowerShell code discovered in DNS TXT record of suspicious domain.

Read at source

Summary

Security researchers identified PowerShell code embedded in the TXT DNS record of sagiw.chatcamic[.]com, suggesting use of DNS as a command-and-control or data exfiltration channel. This technique, known as DNS tunneling or DNS data exfiltration, is commonly employed by malware operators to evade detection and maintain persistence.

Indicators of Compromise

  • domain — sagiw.chatcamic.com

Entities

PowerShell (technology)DNS TXT records (technology)