T9

T5-24-02-S-E-DL

Backdoor (with ARCANUS Tool)

Backdoor malware is malicious software designed to provide unauthorized access to a system. Attackers can use it to remotely control the system or steal data without the user’s knowledge. It is typically installed by exploiting software vulnerabilities or through infected files. Backdoors are difficult to detect and can be mitigated through regular security updates and proper firewall configurations. They pose a significant threat to system integrity, leading to severe data breaches and security compromises.

ARCANUS has the following two characteristics:

1. It is open-source and available on GitHub.

2. It is written in the Go programming language.

	OS	IP	Software	Log collection time	Program runtime
Attacker	-	-	-	35 sec	50 sec
Victim	Ubuntu 22.04	192.168.56.119	-	35 sec	50 sec

Installing

python3 -m pip install -r requirements.txt

Using

python3 run.py

MITRE ATT&CK Framework

Attack Tactic
Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion
Credential	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact

Logs

./log/2024_02_T5_{time}.xml # YYmmdd_HHMMSS

References

[1] Naver BLOG [칼리 리눅스 아르카누스로 악성코드 만들기]
[2] Boannews [해커가 사랑하는 마법의 문 ‘백도어’]
[3] Github - EgeBalci [ARCANUS]

※ Click on the attack name to see a description and scenario for the attack