DNS Interval

DNS Over HTTPS requests allows a maximum of 64 bytes per request. This means, if you execute a command where the response is more than 64 bytes, then the response would be split into multiple chunks. When the sleep is complete and Badger decides to check in, it encrypts the chunks available, and then sends the chunks without sleeping till all the chunks are sent. Once all the chunks are sent, it will fetch command from the c2, execute them, store their response in chunks and then go to sleep while hiding itself and also the responses in heap. DNS interval, in this case would be the time interval between various chunks it needs to send for a single request. During this interval Badger does not hide itself. It will just wait for a few seconds before sending the next chunk of data. Once all the chunks are sent, a single request is complete and then it will mask itself and sleep. Badger’s sleep and DNS interval are two different things. Badger can’t hide itself when performing any type of operation because the thread needs to actively read the RX region or read the RW code. However if the badger has zero threads active, then the Badger will encrypt itself, stack, heap and everything related to it. Thus DNS Interval allows to change the frequency at which packets of DNS for a single request is sent to the server. The dns_interval takes in miliseconds to wait before between sending multiple chunks of data.