{
  "name": "New Backdoor Targeting Taiwan Employs Stealthy Communications",
  "slug": "new-backdoor-targeting-taiwan-employs-stealthy-communications",
  "description": "A previously undiscovered backdoor malware, Backdoor.Msupedge, has been deployed in an attack against a university in Taiwan. This backdoor utilizes an atypical technique, communicating with a command-and-control server through DNS traffic. It receives commands by resolving structured host names, and the resolved IP address itself serves as a command. The backdoor supports various commands, including process creation, file download, and sleep mode. The initial intrusion vector was likely the exploitation of a recently patched vulnerability in PHP, CVE-2024-4577, which allows remote code execution. While multiple threat actors have been scanning for vulnerable systems, the motive behind this specific attack remains unknown.",
  "published": "2024-08-20T13:46:43+00:00",
  "created_at": "2024-08-20T13:46:43+00:00",
  "modified_at": "2024-08-20T14:25:35+00:00",
  "created_at_opencti": "2024-08-20T13:46:43+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-08-20",
    "CVE-2024-4577",
    "backdoor.msupedge"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "f5937d38353ed431dc8a5eb32c119ab575114a10c24567f0c864cb2ef47f9f36"
      },
      {
        "id": "",
        "name": "a89ebe7d1af3513d146a831b6fa4a465c8edeafea5d7980eb5448a94a4e34480"
      },
      {
        "id": "",
        "name": "e08dc1c3987d17451a3e86c04ed322a9424582e2f2cb6352c892b7e0645eda43"
      }
    ],
    "malware": [
      {
        "id": "de1a0d81-861f-4f20-b408-efe1b32a9501",
        "name": "Backdoor.Msupedge",
        "slug": "backdoormsupedge"
      }
    ],
    "attack_patterns": [
      {
        "id": "1f2ce0cc-430c-4317-a332-83a27cbad1d3",
        "name": "T1548"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "5b7c66d1-0466-4ba7-af6f-eb82c2f9d05b",
        "name": "T1033"
      }
    ],
    "vulnerabilities": [
      {
        "id": "",
        "name": "CVE-2024-4577"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Taiwan"
      }
    ]
  },
  "external_refs": [
    "https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns",
    "https://otx.alienvault.com/pulse/66c4ba635a25decc74fc502a"
  ]
}