Promo2day | Giveaways, Offers, Crypto and Much More Security Center Security News v
Glimpse malware uses alternative DNS to evade detection

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Glimpse malware uses alternative DNS to evade detection
dhruv2193 Offline
Promo2day Fan
*****
Valued Member
Posts: 1,292
Threads: 308
Thanks Received: 1,767 in 713 posts
Thanks Given: 3,092
Joined: Jun 2016
Reputation: 34
ReporterSupporting MemberThe Century
#1
11-11-2019 , 02:52 PM
Quote:Security researchers have detailed how the Glimpse malware uses a text mode as an alternative DNS resource record type.
According to a blog post by security researchers Jon Perez and Jonathan Lepore at IronNet, the malware is written in PowerShell and associated with APT34. It is executed by Visual Basic script, yet how the script is initiated remains unclear, researchers said.
They added that the malware is similar to the PoisonFrog malware. Both use "A" resource records to communicate with their controller. Glimpse differs by its ability to use text mode as an alternative DNS resource record type. This allows it to provide tasking in fewer transactions. Additionally, instead of relying on existing .NET DNS libraries, it manually crafts its DNS queries and communicates directly with the controller.


Source(full read)-https://www.scmagazineuk.com/glimpse-mal...le/1665336
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  New malware DarkWatchman uses Windows Registry to evade detection mrtrout 0 1,246 12-25-2021 , 12:23 AM
Last Post: mrtrout
  Maze ransomware now encrypts via virtual machines to evade detection mrtrout 0 1,070 09-19-2020 , 08:30 AM
Last Post: mrtrout
  Malware Coders Find the Perfect Technique to Help RATs Avoid Detection baziroll 0 2,547 04-22-2016 , 10:25 PM
Last Post: baziroll
  New technique allows Trojans to remain in memory to evade detection baziroll 0 1,986 04-21-2016 , 10:25 PM
Last Post: baziroll



Users browsing this thread: 2 Guest(s)