Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

New Backdoor Targeting Taiwan Employs Stealthy Communications

Aug. 20, 2024, 4:25 p.m.

Description

A previously undiscovered backdoor malware, Backdoor.Msupedge, has been deployed in an attack against a university in Taiwan. This backdoor utilizes an atypical technique, communicating with a command-and-control server through DNS traffic. It receives commands by resolving structured host names, and the resolved IP address itself serves as a command. The backdoor supports various commands, including process creation, file download, and sleep mode. The initial intrusion vector was likely the exploitation of a recently patched vulnerability in PHP, CVE-2024-4577, which allows remote code execution. While multiple threat actors have been scanning for vulnerable systems, the motive behind this specific attack remains unknown.

Date

Published: Aug. 20, 2024, 3:46 p.m.

Created: Aug. 20, 2024, 3:46 p.m.

Modified: Aug. 20, 2024, 4:25 p.m.

Indicators

f5937d38353ed431dc8a5eb32c119ab575114a10c24567f0c864cb2ef47f9f36

a89ebe7d1af3513d146a831b6fa4a465c8edeafea5d7980eb5448a94a4e34480

e08dc1c3987d17451a3e86c04ed322a9424582e2f2cb6352c892b7e0645eda43

Attack Patterns

Backdoor.Msupedge

T1548

T1105

T1071

T1033

CVE-2024-4577

Additional Informations

Taiwan