September 4, 2024 at 03:51AM
Summary:
The Chinese-speaking threat actor Earth Lusca has been found using a new multiplatform backdoor named KTLVdoor, which is highly obfuscated and has both Windows and Linux versions. The malware allows attackers to carry out various tasks and features sophisticated encryption and obfuscation techniques. The attack campaign involves significant infrastructure hosted in China.
The meeting notes summarize the discovery of a new multiplatform backdoor malware named KTLVdoor, used by the threat actor Earth Lusca. The malware is highly obfuscated and can masquerade as system utilities, allowing attackers to execute various tasks including file manipulation, command execution, and remote port scanning. The malware uses sophisticated encryption and obfuscation techniques to hinder analysis. The attack campaign involves over 50 C&C servers hosted at a China-based company. The meeting notes also provide details on the malware’s configuration, communication methods, and handlers for processing tasks from the C&C server. The analysis concluded that while samples of KTLVdoor were tied to Earth Lusca, other samples may not be directly linked to this threat actor.
The notes suggest using security technologies such as Trend Vision One™ for defending against sophisticated attacks and provide a link to the full list of Indicators of Compromise (IOCs).
Please let me know if you need any further information.