MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

add SLUB backdoor

pull/357/head
Deborah Servili 2019-03-08 14:39:34 +01:00
parent 7afd311abc
commit ee034babba
No known key found for this signature in database
GPG Key ID: 7E3A832850D4D7D1
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
clusters/backdoor.json
View File

@ -61,6 +61,16 @@
},
"uuid": "0ae6636e-87e4-4b4c-a1c8-e14e1cab964f",
"value": "Rising Sun"
},
{
"description": "A new backdoor was observed using the Github Gist service and the Slack messaging system as communication channels with its masters, as well as targeting a very specific type of victim using a watering hole attack.\nThe backdoor dubbed SLUB by the Trend Micro Cyber Safety Solutions Team who detected it in the wild is part of a multi-stage infection process designed by capable threat actors who programmed it in C++.\nSLUB uses statically-linked curl, boost, and JsonCpp libraries for performing HTTP request, \"extracting commands from gist snippets,\" and \"parsing Slack channel communication.\"\nThe campaign recently observed by the Trend Micro security researchers abusing the Github and Slack uses a multi-stage infection process.",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/new-slub-backdoor-uses-slack-github-as-communication-channels/"
]
},
"uuid": "a4757e11-0837-42c0-958a-7490cff58687",
"value": "SLUB"
}
],
"version": 5