New Backdoor Targeting Taiwan Employs Stealthy Communications
Aug. 20, 2024, 4:25 p.m.
Tags
External References
Description
A previously undiscovered backdoor malware, Backdoor.Msupedge, has been deployed in an attack against a university in Taiwan. This backdoor utilizes an atypical technique, communicating with a command-and-control server through DNS traffic. It receives commands by resolving structured host names, and the resolved IP address itself serves as a command. The backdoor supports various commands, including process creation, file download, and sleep mode. The initial intrusion vector was likely the exploitation of a recently patched vulnerability in PHP, CVE-2024-4577, which allows remote code execution. While multiple threat actors have been scanning for vulnerable systems, the motive behind this specific attack remains unknown.
Date
Published: Aug. 20, 2024, 3:46 p.m.
Created: Aug. 20, 2024, 3:46 p.m.
Modified: Aug. 20, 2024, 4:25 p.m.
Indicators
f5937d38353ed431dc8a5eb32c119ab575114a10c24567f0c864cb2ef47f9f36
a89ebe7d1af3513d146a831b6fa4a465c8edeafea5d7980eb5448a94a4e34480
e08dc1c3987d17451a3e86c04ed322a9424582e2f2cb6352c892b7e0645eda43
Attack Patterns
Backdoor.Msupedge
T1548
T1105
T1071
T1033
CVE-2024-4577
Additional Informations
Taiwan