The MX answer records for Muddling Meerkat are only observable in data collected outside of the normal DNS resolution chain because the source of the response is not a DNS resolver but instead a random Chinese IP address. Use servers in Chinese IP space to conduct campaigns by making DNS queries for random subdomains to a wide array of IP addresses, including open resolvers
Disclaimer: This article is part of X-Force OSINT Advisories automated collection to enable faster integration of open-source articles to client environments. All credit and copyright goes to the original authors.
Sample Indicators of Compromise:
tt.comgogo.comboxi.comxv9k.kb.compq5bo.kb.com
