ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool Luminosity RAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Luminosity RAT

NamesLuminosity RAT
TypeReconnaissance, Backdoor, Keylogger, Downloader
Description(Proofpoint) The stated purpose of LuminosityLink is ostensibly benign: 'LuminosityLink allows system administrators to manage a large amount of computers concurrently. Our product is ideal for business owners, educational institutions, and Windows system administrators.'

Analysis upon install, however, reveals a very aggressive key logger that injects its code in almost every running process on the computer, and multiple attempts are made if not initially successful. This 'injection' behavior is aggressive even by the standard of the Zeus family: very few malware families exhibit such an aggressive behavior, and it is particularly unusual to observe this in key loggers, even commercial ones. We have observed LuminosityLink being used to download additional payloads. It is possible that the actors involved here are using LuminosityLink as a platform to collect information from the victim, and using that information to decide whether to deploy more sophisticated malware at high-value targets.
AlienVault OTX<>

Last change to this tool card: 14 May 2020

Download this tool card in JSON format

All groups using tool Luminosity RAT


APT groups

 Transparent Tribe, APT 36Pakistan2013-Apr 2023 

4 groups listed (4 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]