ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool SprySOCKS

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: SprySOCKS

NamesSprySOCKS
CategoryMalware
TypeBackdoor
Description(Trend Micro) Analysis of the SprySOCKS backdoor reveals some interesting findings. The backdoor contains a marker that refers to the backdoor’s version number. We have identified two SprySOCKS payloads that contain two different version numbers, indicating that the backdoor is still under development. In addition, we noticed that the implementation of the interactive shell is likely inspired from the Linux variant of the Derusbi malware.

Meanwhile, the structure of SprySOCKS’s command-and-control (C&C) protocol is similar to one used by the RedLeaves backdoor, a remote access trojan (RAT) reported to be infecting Windows machines. It consists of two components, the loader and the encrypted main payload. The loader is responsible for reading, decrypting, and running the main payload.
Information<https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/elf.spry_socks>

Last change to this tool card: 13 October 2023

Download this tool card in JSON format

All groups using tool SprySOCKS

ChangedNameCountryObserved

APT groups

 Earth LuscaChina2019-Sep 2024 HOT 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]