Author: lomar
Help us to analyze specifically targeting a backdoor known as UPSTYLE and its relation to CVEs (Common Vulnerabilities and Exposures) that affect Palo Alto Networks’ products.
Solutions
Q1
What function is responsible for monitoring a log file for embedded commands and executing them, while also restoring the file to its original state?
Q2
What is the system path that is used by the threat actor?
Q3
What is the CSS path used by the script?
Q4
Where does the script attempt to remove certain license files from?
Q5
What specific signal does the protection function respond to?
Q6
What function is responsible for protecting the script itself?
protect()
Q7
What type of pattern does the script search for within the log file?
Q8
Which specific log file does the script read from?
