A new backdoor was observed using the Github Gist service and Slack messaging system as communication channels with its masters, as well as targeting a very specific type of victim using a watering hole attack. Trend Micro Cyber Safety Solutions Team detected it in the wild is part of a multi-stage infection process designed by capable threat actors who programmed it in C++. SLUB uses statically-linked curl, boost, and JsonCpp libraries for performing HTTP request, “extracting commands from gist snippets
Source: security