Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new multiplatform backdoor named KTLVdoor, written in Golang with versions for Windows and Linux, has been discovered during monitoring of the Chinese-speaking threat actor Earth Lusca. This highly obfuscated malware impersonates system utilities and allows attackers to control infected systems, manipulate files, and gather information. The campaign involves over 50 C&C servers hosted in China, potentially shared with other threat actors. KTLVdoor uses sophisticated encryption and obfuscation techniques, including a custom TLV-like configuration format and AES-GCM encryption for C&C communication. The malware's capabilities include file operations, command execution, port scanning, and proxy functionality.
OPENCTI LABELS :
golang,ktlvdoor
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion