Backdoor - Cybersec Sentinel

Backdoor

A collection of 8 posts

UnsolicitedBooker Deploys MarsSnake Against Telecom Providers

UnsolicitedBooker Deploys MarsSnake Against Telecom Providers

Threat Group – UnsolicitedBooker Threat Type – Backdoor / Advanced Persistent Threat Exploited Vulnerabilities – CVE-2018-0802 Malware Used – MarsSnake, MarsSnakeLoader, LuciDoor, LuciLoad Threat Score – 8.7 🔥 Critical – State aligned espionage platform with wormable capability, decentralised IPFS command fallback, telecommunications targeting, long term persistence and advanced evasion techniques Last Threat Observation – 24 February 2026 Overview

Notepad++ Compromise Reinforces the Need for Strict Software Governance

Notepad++ Compromise Reinforces the Need for Strict Software Governance

Threat Group Lotus Blossom Billbug Threat Type Supply chain compromise via updater infrastructure hijack and malicious plugin persistence Exploited Vulnerabilities Weak certificate and signature validation in the Notepad++ auto updater prior to version 8.8.9. Abuse of shared hosting infrastructure trust. DLL search order hijacking in plugin loading mechanisms.

NET-STAR Backdoor Exploits IIS Modules for Persistent Access

NET-STAR Backdoor Exploits IIS Modules for Persistent Access

Threat Group – Phantom Taurus (China-linked APT) Threat Type – In-process web server backdoor for IIS (.NET managed and native module tradecraft) Exploited Vulnerabilities – ViewState abuse via compromised ASP.NET machineKey, insecure file write to application bin directory, misconfigured IIS extensibility, weak CI/CD controls, stolen deployment credentials (no CVEs assigned at

Earth Bluecrow Deploys BPFDoor Backdoor to Target Asia and Middle East Infrastructure

Earth Bluecrow Deploys BPFDoor Backdoor to Target Asia and Middle East Infrastructure

Threat Group: - Earth Bluecrow (also known as Red Menshen, DecisiveArchitect, and Red Dev 18) Threat Type: - Backdoor Malware Exploited Vulnerabilities: - None (leverages BPF and raw sockets for firewall evasion and passive packet monitoring) Malware Used: - BPFDoor (aka Backdoor.Linux.BPFDOOR or JustForFun) Threat Score: - 🔴 High

From Stealers to Ransomware PureCrypter Delivers It All

From Stealers to Ransomware PureCrypter Delivers It All

Threat Group: - Unknown (Distributed by cybercriminals through various malware-as-a-service campaigns) Threat Type: - Malware Loader Exploited Vulnerabilities: - Primarily relies on phishing emails with malicious attachments or links Malware Used: - PureCrypter Threat Score: - High (8.2/10) – Due to its ability to deliver multiple malware strains and

REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors

REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors

Threat Group: REF5961 Threat Type: Backdoor Malware Exploited Vulnerabilities: Potential exploitation of Microsoft Exchange ProxyLogon (CVE-2021-26855) Malware Used: EAGERBEE, RUDEBIRD, DOWNTOWN Threat Score: High (8.5/10) – Due to its focus on critical infrastructure, advanced evasion techniques, and persistent access capabilities. Last Threat Observation: January 7, 2025 Overview EAGERBEE is

Advanced Cyber Threat Exploits DLL Side Loading with Yokai Backdoor

Advanced Cyber Threat Exploits DLL Side Loading with Yokai Backdoor

Threat Group: Unspecified Threat Actor Threat Type: Backdoor Malware Exploited Vulnerabilities: DLL Side-Loading Malware Used: Yokai Backdoor Threat Score: High (8.5/10) – Due to its targeted approach against government officials, sophisticated delivery mechanisms, and potential for significant data exfiltration. Last Threat Observation: December 16, 2024 Overview A recent cyber-espionage

Golden Chickens more_eggs Exploits Social Engineering for Infections

Golden Chickens more_eggs Exploits Social Engineering for Infections

Threat Group: Golden Chickens (aka Venom Spider) Threat Type: Malware-as-a-Service (MaaS) Exploited Vulnerabilities: Social engineering via spear-phishing Malware Used: More_eggs backdoor, RevC2 backdoor, Venom Loader Threat Score: High (8.0/10) — Due to sophisticated delivery mechanisms, evasion techniques, and deployment of multi-functional payloads Last Threat Observation: December 7 Overview