CISA Releases Malware Analysis Reports on Barracuda Backdoors

CISA has published an additional malware analysis report associated with malicious Barracuda activity. The report provides analysis on the following malware sample:  

  • WHIRLPOOL – WHIRLPOOL is a backdoor that establishes a Transport Layer Security (TLS) reverse shell to the Command-and-Control (C2) server. 

For more information, including indicators of compromise and YARA rules for detection, see the following malware analysis report: WHIRLPOOL Backdoor MAR-10459736.r1.v1.CLEAR