ISA Releases Additional Malware Analysis Report on Barracuda Backdoors

Cyber Security Threat Summary:
CISA has published an additional malware analysis report associated with malicious Barracuda activity. The report provides analysis on the following malware samples:

  • SUBMARINE – SUBMARINE is a backdoor that exploits a vulnerability on the target environment where the base64 string within the file name will be executed on the Linux shell. Note: Also see description and additional MAR below.
  • SKIPJACK – SKIPJACK is a backdoor that enumerates file system information.
  • SEASPRAY – SEASPRAY is a backdoor that registers an event handler for all incoming email attachments and is a launcher for WHIRLPOOL.
  • WHIRLPOOL – WHIRLPOOL is a backdoor that can connect to a remote address then create a new process. Note: Also see description and additional MAR below.
  • SALTWATER – SALTWATER is a backdoor that can perform DNS resolution and establish communications, over the network, using a TLS version 1 connection. The malware can execute any shell command with the same privileges as its calling process.
The reports can be accessed here: