From ee034babba06ba2223d36e02b72bc6214803852b Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 8 Mar 2019 14:39:34 +0100 Subject: [PATCH] add SLUB backdoor --- clusters/backdoor.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/clusters/backdoor.json b/clusters/backdoor.json index 76fe3dc..0738f6c 100644 --- a/clusters/backdoor.json +++ b/clusters/backdoor.json @@ -61,6 +61,16 @@ }, "uuid": "0ae6636e-87e4-4b4c-a1c8-e14e1cab964f", "value": "Rising Sun" + }, + { + "description": "A new backdoor was observed using the Github Gist service and the Slack messaging system as communication channels with its masters, as well as targeting a very specific type of victim using a watering hole attack.\nThe backdoor dubbed SLUB by the Trend Micro Cyber Safety Solutions Team who detected it in the wild is part of a multi-stage infection process designed by capable threat actors who programmed it in C++.\nSLUB uses statically-linked curl, boost, and JsonCpp libraries for performing HTTP request, \"extracting commands from gist snippets,\" and \"parsing Slack channel communication.\"\nThe campaign recently observed by the Trend Micro security researchers abusing the Github and Slack uses a multi-stage infection process.", + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/new-slub-backdoor-uses-slack-github-as-communication-channels/" + ] + }, + "uuid": "a4757e11-0837-42c0-958a-7490cff58687", + "value": "SLUB" } ], "version": 5