mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
add SLUB backdoor
This commit is contained in:
parent
7afd311abc
commit
ee034babba
1 changed files with 10 additions and 0 deletions
|
@ -61,6 +61,16 @@
|
|||
},
|
||||
"uuid": "0ae6636e-87e4-4b4c-a1c8-e14e1cab964f",
|
||||
"value": "Rising Sun"
|
||||
},
|
||||
{
|
||||
"description": "A new backdoor was observed using the Github Gist service and the Slack messaging system as communication channels with its masters, as well as targeting a very specific type of victim using a watering hole attack.\nThe backdoor dubbed SLUB by the Trend Micro Cyber Safety Solutions Team who detected it in the wild is part of a multi-stage infection process designed by capable threat actors who programmed it in C++.\nSLUB uses statically-linked curl, boost, and JsonCpp libraries for performing HTTP request, \"extracting commands from gist snippets,\" and \"parsing Slack channel communication.\"\nThe campaign recently observed by the Trend Micro security researchers abusing the Github and Slack uses a multi-stage infection process.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bleepingcomputer.com/news/security/new-slub-backdoor-uses-slack-github-as-communication-channels/"
|
||||
]
|
||||
},
|
||||
"uuid": "a4757e11-0837-42c0-958a-7490cff58687",
|
||||
"value": "SLUB"
|
||||
}
|
||||
],
|
||||
"version": 5
|
||||
|
|
Loading…
Reference in a new issue