Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations

Researchers have published details of an advanced malware strain called Squidoor, also known as FinalDraft, which has been targeting Windows and Linux users.
Squidoor serves as a backdoor, allowing the attacker to maintain access and run commands on compromised machines.
The threat actor typically targeted Internet Information Services (IIS) servers, after which they would deploy a number of web shells which could serve as persistent backdoors.
There are ten different communication methods for C2 available in Windows, and nine in Linux, which helps the attacker to adjust and work quietly.
The malware can execute a range of commands, perform host reconnaissance and exfiltrate files after it has infected a target.
The malware sends an HTTP GET request to a unique Pastebin page that hard-coded in its configuration to track the number of implants that have connected via the Outlook API.
Threat actors used Microsoft Office components and executed additional modules that they injected into other Windows processes to move laterally using Windows Remote Management (WinRM), steal data and execute commands.

Fast Feed