Geeks for your information News Privacy & Security News v
Glimpse malware uses alternative DNS to evade detection
Glimpse malware uses alternative DNS to evade detection
dhruv2193 Offline
Senior Member
****
Posts: 434
Threads: 153
Thanks Received: 589 in 348 posts
Thanks Given: 910
Joined: 25 October 17
#1
11 November 19, 13:50
Quote:Security researchers have detailed how the Glimpse malware uses a text mode as an alternative DNS resource record type.
 
According to a blog post by security researchers Jon Perez and Jonathan Lepore at IronNet, the malware is written in PowerShell and associated with APT34. It is executed by Visual Basic script, yet how the script is initiated remains unclear, researchers said.
 
They added that the malware is similar to the PoisonFrog malware. Both use "A" resource records to communicate with their controller. Glimpse differs by its ability to use text mode as an alternative DNS resource record type. This allows it to provide tasking in fewer transactions. Additionally, instead of relying on existing .NET DNS libraries, it manually crafts its DNS queries and communicates directly with the controller.
Source(full read)- https://www.scmagazineuk.com/glimpse-mal...le/1665336
[-] The following 2 users say Thank You to dhruv2193 for this post:
  • harlan4096, silversurfer
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Mullvad retires OpenVPN support on deskt...
OpenVPN gets the a...harlan4096 — 09:32
AdGuard VPN for Mac 2.8.2
AdGuard VPN for Ma...harlan4096 — 09:30
AMD FSR Redstone launched: ML-based Ups...
FSR Redstone’s ML Fr...harlan4096 — 09:29
(PC Game - Epic) Hogwarts Legacy (Dec 12...
  Hogwarts Legacy ...Mehdi — 18:56
AdGuard for Android 4.12.2
AdGuard for Androi...harlan4096 — 09:01

[-]
Birthdays
Today's Birthdays
avatar (43)ivyhuv
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>