216.73.217.86

New Backdoor Targeting Taiwan Employs Stealthy Communications

· Published 20/08/2024 15:46 · Modified 20/08/2024 16:25

Export JSON

Essential information

Published
20/08/2024 15:46
Modified
20/08/2024 16:25
Tags
2024-08-20 CVE-2024-4577 backdoor.msupedge
Related entities
1 vulnerabilities (cve), 3 observables, 4 techniques (mitre), 1 malware, 1 others

Description

A previously undiscovered backdoor malware, , has been deployed in an attack against a university in Taiwan. This backdoor utilizes an atypical technique, communicating with a command-and-control server through DNS traffic. It receives commands by resolving structured host names, and the resolved IP address itself serves as a command. The backdoor supports various commands, including process creation, file download, and sleep mode. The initial intrusion vector was likely the exploitation of a recently patched vulnerability in PHP, , which allows remote code execution. While multiple threat actors have been scanning for vulnerable systems, the motive behind this specific attack remains unknown.

External references