August 20, 2024 at 06:40AM
A new backdoor named Msupedge has been discovered being used in a cyber attack on a university in Taiwan. This backdoor is notable for communicating with a command-and-control server via DNS traffic and using an open-source tool for its code. The attack vector was likely a critical flaw in PHP, and the backdoor’s commands include process creation and file download. Additionally, a threat group has been linked to a phishing campaign distributing Pupy RAT malware.
Based on the meeting notes, the key takeaways are:
1. A previously undocumented backdoor named Msupedge has been discovered, which communicates with a command-and-control server via DNS traffic. It is installed in specific paths and relies on DNS tunneling for communication with the C&C server.
2. The backdoor can perform various commands, such as creating a process, downloading files, sleeping for a predetermined time interval, and creating/deleting temporary files.
3. The UTG-Q-010 threat group is linked to a new phishing campaign that distributes an open-source malware called Pupy RAT, which is a Python-based Remote Access Trojan with reflective DLL loading and in-memory execution capabilities.
Please let me know if you need further details or analysis on any specific aspect of the meeting notes.