Cyber Security Threat Summary:
CISA has published an additional malware analysis report associated with malicious Barracuda activity. The report provides analysis on the following malware samples:
- SUBMARINE – SUBMARINE is a backdoor that exploits a vulnerability on the target environment where the base64 string within the file name will be executed on the Linux shell. Note: Also see description and additional MAR below.
- SKIPJACK – SKIPJACK is a backdoor that enumerates file system information.
- SEASPRAY – SEASPRAY is a backdoor that registers an event handler for all incoming email attachments and is a launcher for WHIRLPOOL.
- WHIRLPOOL – WHIRLPOOL is a backdoor that can connect to a remote address then create a new process. Note: Also see description and additional MAR below.
- SALTWATER – SALTWATER is a backdoor that can perform DNS resolution and establish communications, over the network, using a TLS version 1 connection. The malware can execute any shell command with the same privileges as its calling process.