[MART] - Daily Diary #557 - Lightning, A New Linux Malware Framework
CTAS-MAT
ctas-mat at appgate.com
Thu Jul 21 19:55:37 UTC 2022
Hello,
I hope everyone is doing well!
Below is the entry for today.
07/21/2022 - Diary entry #557:
A new undetected and highly modular Linux malware, dubbed Lightning Framework, was recently disclosed and documented, although no attack was observed yet in the wild.
Lightning Framework has a lot of capabilities such as installing additional plugins, and running multiple rootkits, and it establishes both passive and active communication with its “polymorphic malleable“ command & control.
The threat is comprised of a downloader, a core module, and its plugins, including open-source tools like OpenSSH and IPTraf (a network monitoring system). The downloader is responsible to download all the other modules and the core module to receive commands to then perform a variety of actions on the machine.
Threats like Lightning Framework (and Symbiote, a Linux rootkit covered in our Daily Diary #529) are very dangerous since they have capabilities to remain stealth on their targets, including mixing open-source tools and performing a variety of actions to execute their attack.
Kind Regards,
[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>
[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/> [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity> [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>
Felipe Tarijon de Almeida
Malware Analyst
Appgate
E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220721/00286eae/attachment.htm>
More information about the MART
mailing list