Contact

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

NetmanageIT OpenCTI - opencti.netmanageit.com

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion



SUMMARY :

A new multiplatform backdoor named KTLVdoor, written in Golang with versions for Windows and Linux, has been discovered during monitoring of the Chinese-speaking threat actor Earth Lusca. This highly obfuscated malware impersonates system utilities and allows attackers to control infected systems, manipulate files, and gather information. The campaign involves over 50 C&C servers hosted in China, potentially shared with other threat actors. KTLVdoor uses sophisticated encryption and obfuscation techniques, including a custom TLV-like configuration format and AES-GCM encryption for C&C communication. The malware's capabilities include file operations, command execution, port scanning, and proxy functionality.

OPENCTI LABELS :

golang,ktlvdoor


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion