Glimpse malware uses alternative DNS to evade detection
#1
Quote:Security researchers have detailed how the Glimpse malware uses a text mode as an alternative DNS resource record type.
 
According to a blog post by security researchers Jon Perez and Jonathan Lepore at IronNet, the malware is written in PowerShell and associated with APT34. It is executed by Visual Basic script, yet how the script is initiated remains unclear, researchers said.
 
They added that the malware is similar to the PoisonFrog malware. Both use "A" resource records to communicate with their controller. Glimpse differs by its ability to use text mode as an alternative DNS resource record type. This allows it to provide tasking in fewer transactions. Additionally, instead of relying on existing .NET DNS libraries, it manually crafts its DNS queries and communicates directly with the controller.
Source(full read)- https://www.scmagazineuk.com/glimpse-mal...le/1665336
[-] The following 2 users say Thank You to dhruv2193 for this post:
  • harlan4096, silversurfer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes
26.7.3 New notes ...Kool — 03:49
Mozilla Firefox Browser 152.0.5
Mozilla Firefox Br...harlan4096 — 10:11
HWiNFO v8.48
HWiNFO v8.48 R...harlan4096 — 10:10
AdGuard for Mac 2.19
AdGuard for Mac 2....harlan4096 — 10:08
AnyViewer 5.8.0 for Windows
AnyViewer 5.8.0 fo...harlan4096 — 10:05

[-]
Birthdays
Today's Birthdays
avatar (48)ConradRoand
Upcoming Birthdays
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (36)pa.OpenTran

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>