[MART] - Daily Diary #333 - Malware Types - Backdoor

CTAS-MAT ctas-mat at appgate.com
Tue Aug 24 21:23:06 UTC 2021 

Hello,

I hope everyone is doing well!

Below is the entry for today.

08/24/2021 - Diary entry #333:


In this Daily, we are going to continue the thread about malware types. A Backdoor is a malicious software that installs itself into a system to allow the attacker access with little or no authentication. After being installed in a system, a backdoor will stealthily listen for the attacker's commands to perform malicious actions, such as file exfiltration or deploy other malware. Backdoors can be found attached to open ports, or as part of web applications running in the machine.


One example of Backdoor is the Pingback, covered in our Daily Diary #255. Pingback uses the DLL Hijacking technique to load the malware into a legitimate process and communicate with the C2 server using the Internet Control Message Protocol (ICMP) to exchange data, as requested via commands by the attacker.


Another example is the Glupteba backdoor, mentioned in our Daily Diary #308, being deployed by the MosaicLoader malware. First discovered in 2014, Glupteba can control infected devices remotely, steal data from browsers, propagate across the network using exploits, run crypto miners and compromise unpatched routers to use them as proxies for future attacks.


Web shells can also be considered a kind of backdoor. Those are found in compromised web applications and used by attackers to execute commands and deploy malware in the infected machine.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210824/1bce3462/attachment.htm>

More information about the MART mailing list