NAPLISTENER: More Bad Dreams from the Developers of SIESTAGRAPH
In recent research, we observed a shift in tactics from the threat group behind SIESTAGRAPH, focusing more on establishing persistent access rather than data theft. A new malware variant called NAPLISTENER, an HTTP listener written in C#, is designed to evade network-based detection. NAPLISTENER acts similarly to legitimate services, blending into the background by processing web requests and running commands in memory.
This blog post goes into the technical details of how NAPLISTENER operates, its evasion techniques, and its use in maintaining persistent access. If you’re interested in the full technical breakdown, check out the complete analysis over on the ESL blog: