'/%3e%3cpath%20d='M50.3943%2022.237V39.5876H43.5185V22.7481C43.5185%2019.2029%2042.0411%2017.3949%2039.036%2017.3949C35.7325%2017.3949%2034.0778%2019.5338%2034.0778%2023.7585V32.9759H27.2434V23.7585C27.2434%2019.5338%2025.5857%2017.3949%2022.2822%2017.3949C19.2949%2017.3949%2017.8027%2019.2029%2017.8027%2022.7481V39.5876H10.9298V22.237C10.9298%2018.6918%2011.835%2015.8754%2013.6453%2013.7877C15.5128%2011.7049%2017.9623%2010.6355%2021.0028%2010.6355C24.522%2010.6355%2027.1813%2011.9885%2028.9542%2014.6917L30.665%2017.5633L32.3788%2014.6917C34.1517%2011.9885%2036.811%2010.6355%2040.3243%2010.6355C43.3619%2010.6355%2045.8114%2011.7049%2047.6847%2013.7877C49.4931%2015.8734%2050.3963%2018.6899%2050.3943%2022.237Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_89_8'%20x1='30.5'%20y1='0'%20x2='30.5'%20y2='65'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%236364FF'/%3e%3cstop%20offset='1'%20stop-color='%23563ACC'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
ṫẎℭỚ◎ᾔ ṫ◎ℳ<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@briankrebs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>briankrebs</span></a></span> Is it true that a <a href="https://infosec.exchange/tags/microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microsoft</span></a> Dev found the <a href="https://infosec.exchange/tags/LinuxBackdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LinuxBackdoor</span></a> ?🤔</p>
101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.
Administered by:
Server stats:
507active users
101010.pl: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-beta.1
#linuxbackdoor
0 posts · 0 participants · 0 posts today
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:<p>"🚨 Earth Lusca's New Linux Backdoor: SprySOCKS Unveiled! 🐙"</p><p>Earth Lusca, a China-linked threat actor, has been spotted employing a novel Linux backdoor, dubbed "SprySOCKS". This malware seems to have evolved from the open-source Windows backdoor Trochilus. The backdoor showcases swift behavior and a SOCKS implementation, hence the name. 🐍💼</p><p>SprySOCKS's structure is reminiscent of the RedLeaves backdoor, a RAT known to infect Windows machines. This backdoor is still under development, with different versions observed. Its interactive shell seems to draw inspiration from the Linux variant of the Derusbi malware. 🕵️♂️🔍</p><p>Recent activities of Earth Lusca indicate a focus on Southeast Asia, Central Asia, and the Balkans. Their primary targets? Government departments in foreign affairs, technology, and telecommunications. They've been exploiting server-based N-day vulnerabilities, including CVE-2022-40684, CVE-2022-39952, and more. Once inside, they deploy Cobalt Strike for lateral movement, aiming to exfiltrate sensitive data and conduct long-term espionage. 🌍🎯</p><p>Source: <a href="https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html" rel="nofollow noopener" target="_blank">Trend Micro Research</a></p><p>Tags: <a href="https://infosec.exchange/tags/EarthLusca" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EarthLusca</span></a> <a href="https://infosec.exchange/tags/SprySOCKS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SprySOCKS</span></a> <a href="https://infosec.exchange/tags/LinuxBackdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LinuxBackdoor</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://infosec.exchange/tags/RedLeaves" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedLeaves</span></a> <a href="https://infosec.exchange/tags/Trochilus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trochilus</span></a> <a href="https://infosec.exchange/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> 🌐🔐🖥️</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload