all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

A technical analysis of the SALTWATER backdoor used in Barracuda 0-day vulnerability (CVE-2023-2868) exploitation

Add to bookmarks
June 26, 2023, 2:06 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Summary


SALTWATER is a backdoor that has been used in the exploitation of the Barracuda 0-day vulnerability CVE-2023-2868. It is a module for the Barracuda SMTP daemon called bsmtpd. The malware hooked the recv, send, and close functions using an open-source hooking library called funchook. The following functionalities are implemented: execute arbitrary commands, download and upload files, proxy functionality, and tunneling functionality.


Technical analysis


SHA256: 1c6cad0ed66cf8fd438974e1eac0bc6dd9119f84892930cb71cb56a5e985f0a4


The malware implements hooks on the recv, send, and close functions in …

0-day vulnerability analysis backdoor barracuda called cve cve-2023-2868 daemon exploitation functions hooking hooking library library malware malware analysis send smtp technical technical analysis vulnerability

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Change Healthcare hasn't given VA details on hack-impacted veterans, top lawmaker says 11 hours ago | malware.news
change change healthcare hack healthcare +4
Two years in, Google says passkeys now protect more than 400 million accounts 12 hours ago | malware.news
account accounts article google +7
CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome 12 hours ago | malware.news
blog browsers bug chrome +19
How to Talk to The Board About Exposure 12 hours ago | malware.news
topic
Pro-Russia hackers target OT weaknesses in critical infrastructure 12 hours ago | malware.news
american article breaches critical +21
Watch out for tech support scams lurking in sponsored search results 13 hours ago | malware.news
blog blog post campaign home +12
Threat Intelligence Snapshot: Week 18, 2024 13 hours ago | malware.news
access amp april find +13
CISA: Immediate GitLab account takeover flaw remediation crucial amid attacks 13 hours ago | malware.news
account account takeover agency article +30
Increased stealth introduced in updated Zloader malware 13 hours ago | malware.news
analysis anti-analysis article banking +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Cloud Security Analyst

@ Cloud Peritus | Bengaluru, India
View on infosec-jobs.com

Cyber Program Manager - CISO- United States – Remote

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com

Network Security Engineer (AEGIS)

@ Peraton | Virginia Beach, VA, United States
View on infosec-jobs.com

SC2022-002065 Cyber Security Incident Responder (NS) - MON 13 May

@ EMW, Inc. | Mons, Wallonia, Belgium
View on infosec-jobs.com

Information Systems Security Engineer

@ Booz Allen Hamilton | USA, GA, Warner Robins (300 Park Pl Dr)
View on infosec-jobs.com
View more jobs