all InfoSec news
A technical analysis of the SALTWATER backdoor used in Barracuda 0-day vulnerability (CVE-2023-2868) exploitation
Malware Analysis, News and Indicators - Latest topics malware.news
Summary
SALTWATER is a backdoor that has been used in the exploitation of the Barracuda 0-day vulnerability CVE-2023-2868. It is a module for the Barracuda SMTP daemon called bsmtpd. The malware hooked the recv, send, and close functions using an open-source hooking library called funchook. The following functionalities are implemented: execute arbitrary commands, download and upload files, proxy functionality, and tunneling functionality.
Technical analysis
SHA256: 1c6cad0ed66cf8fd438974e1eac0bc6dd9119f84892930cb71cb56a5e985f0a4
The malware implements hooks on the recv, send, and close functions in …
0-day vulnerability analysis backdoor barracuda called cve cve-2023-2868 daemon exploitation functions hooking hooking library library malware malware analysis send smtp technical technical analysis vulnerability