{
  "name": "Auto-Color Backdoor: How a Stealthy Linux Intrusion Was Thwarted",
  "slug": "auto-color-backdoor-how-a-stealthy-linux-intrusion-was-thwarted",
  "description": "In April 2025, an Auto-Color backdoor malware attack was detected on a US-based chemicals company's network. The threat actor exploited CVE-2025-31324 in SAP NetWeaver to gain initial access, attempted to download suspicious files, and communicated with malicious infrastructure. The attack involved multi-stage tactics, including SAP NetWeaver exploitation paired with Auto-Color malware for the first time. Auto-Color employed suppression tactics to evade detection when unable to complete its kill chain. The malware assessed privilege levels, installed a malicious shared object, manipulated preload configurations for persistence, and attempted C2 communication. AI-driven detection and response successfully identified and contained the threat, preventing further escalation.",
  "published": "2025-07-31T08:04:54+00:00",
  "created_at": "2025-07-31T08:04:54+00:00",
  "modified_at": "2025-07-31T08:08:04+00:00",
  "created_at_opencti": "2025-07-31T08:04:54+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-07-31"
  ],
  "related_entities": {},
  "external_refs": []
}