Cyber Security Threat Summary:
CISA has published an additional malware analysis report associated with malicious Barracuda activity. The report provides analysis on the following malware samples:

• SUBMARINE – SUBMARINE is a backdoor that exploits a vulnerability on the target environment where the base64 string within the file name will be executed on the Linux shell. Note: Also see description and additional MAR below.
• SKIPJACK – SKIPJACK is a backdoor that enumerates file system information.
• SEASPRAY – SEASPRAY is a backdoor that registers an event handler for all incoming email attachments and is a launcher for WHIRLPOOL.
• WHIRLPOOL – WHIRLPOOL is a backdoor that can connect to a remote address then create a new process. Note: Also see description and additional MAR below.
• SALTWATER – SALTWATER is a backdoor that can perform DNS resolution and establish communications, over the network, using a TLS version 1 connection. The malware can execute any shell command with the same privileges as its calling process.

The reports can be accessed here: https://www.cisa.gov/news-events/alerts/2023/07/28/cisa-releases-malware-analysis-reports-barracuda-backdoors