add SLUB backdoor

This commit is contained in:
Deborah Servili 2019-03-08 14:39:34 +01:00
parent 7afd311abc
commit ee034babba
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1

View file

@ -61,6 +61,16 @@
}, },
"uuid": "0ae6636e-87e4-4b4c-a1c8-e14e1cab964f", "uuid": "0ae6636e-87e4-4b4c-a1c8-e14e1cab964f",
"value": "Rising Sun" "value": "Rising Sun"
},
{
"description": "A new backdoor was observed using the Github Gist service and the Slack messaging system as communication channels with its masters, as well as targeting a very specific type of victim using a watering hole attack.\nThe backdoor dubbed SLUB by the Trend Micro Cyber Safety Solutions Team who detected it in the wild is part of a multi-stage infection process designed by capable threat actors who programmed it in C++.\nSLUB uses statically-linked curl, boost, and JsonCpp libraries for performing HTTP request, \"extracting commands from gist snippets,\" and \"parsing Slack channel communication.\"\nThe campaign recently observed by the Trend Micro security researchers abusing the Github and Slack uses a multi-stage infection process.",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/new-slub-backdoor-uses-slack-github-as-communication-channels/"
]
},
"uuid": "a4757e11-0837-42c0-958a-7490cff58687",
"value": "SLUB"
} }
], ],
"version": 5 "version": 5