Glupteba Backdoor Trojan

1.0Infoblox Bloghttps://www.infoblox.com/blogInfoblox Threat Intelhttps://www.infoblox.com/blog/author/infoblox-threat-intel/Glupteba Backdoor Trojanrich600338<blockquote class="wp-embedded-content" data-secret="EZHqfvxFya"><a href="https://www.infoblox.com/blog/threat-intelligence/glupteba-backdoor-trojan/">Glupteba Backdoor Trojan</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://www.infoblox.com/blog/threat-intelligence/glupteba-backdoor-trojan/embed/#?secret=EZHqfvxFya" width="600" height="338" title="“Glupteba Backdoor Trojan” — Infoblox Blog" data-secret="EZHqfvxFya" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://www.infoblox.com/blog/wp-includes/js/wp-embed.min.js /* ]]> */ </script> https://www.infoblox.com/blog/wp-content/uploads/april-14-2.jpg660454From 20 to 26 September, Infoblox detected communications between malicious Glupteba bots and command and control (C2) servers in customer DNS traffic. This activity was identified by our Threat Insight1 (TI) security solution, which employs machine learning models to detect and block certain types of malicious behavior, in this case data exfiltration.