ioc[.]one - OSINT Cyber Threat Intelligence Database

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement

Tags

country:	China France Laos
attack-pattern:	Data Direct Credentials - T1589.001 Email Account - T1087.003 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Web Shell - T1100

Show in Graph

Common Information

Type	Value
UUID	529767f6-7751-45b9-bd88-a8b84809939c
Fingerprint	bc98a559e6b9f4c3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 18, 2023, midnight
Added to db	Nov. 19, 2023, 10:07 p.m.
Last updated	Nov. 17, 2024, 5:54 p.m.
Headline	Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
Title	Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
Detected Hints/Tags/Attributes	77/2/19

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_au/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_my/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_hk/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_th/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_sg/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_be/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_ie/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_ae/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_se/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_nl/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_no/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_ph/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_id/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_in/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_ca/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_gb/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_nz/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_dk/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Details	Source	https://www.trendmicro.com/en_fi/research/23/i/earth-lusca-employs-new-linux-backdoor.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	119	✔	Trend Micro Research, News and Perspectives	https://feeds.feedburner.com/TrendMicroSimplySecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	62	cve-2022-40684
Details	CVE	38	cve-2022-39952
Details	CVE	43	cve-2021-22205
Details	CVE	67	cve-2019-18935
Details	CVE	22	cve-2019-9670
Details	CVE	6	cve-2019-9621
Details	CVE	168	cve-2021-34473
Details	CVE	143	cve-2021-31207
Details	Domain	397	asp.net
Details	Domain	1	libmonitor.so
Details	Domain	2	lt76ux.confenos.shop
Details	Domain	2	2e6veme8xs.bmssystemg188.us
Details	Domain	1	rvxzn49eghqj.bmssystemg188.us
Details	Domain	1	793tggz7mw91.itcom666.live
Details	Domain	2	itcom666.live
Details	File	1	clientinfomanager.cpp
Details	sha256	1	65b27e84d9f22b41949e42e8c0b1e4b88c75211cbf94d5fd66edc4ebe21b7359
Details	IPv4	4	207.148.75.122
Details	IPv4	2	38.60.199.208