Not sleeping anymore: SOMNIRECORD's wake-up call

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
While monitoring the REF2924 activity group, Elastic Security Labs researchers identified a new malware family written in C++ that we refer to as SOMNIRECORD. This malware functions as a backdoor and communicates with command and control (C2) while masquerading as DNS, allowing attackers to bypass network security controls such as firewalls and intrusion detection systems. Like NAPLISTENER and SIESTAGRAPH, these factors make it difficult to detect and block using strictly network-based technologies.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top