[MART] - Daily Diary #557 - Lightning, A New Linux Malware Framework

[CTAS-MAT]

Hello,

I hope everyone is doing well!

Below is the entry for today.

07/21/2022 - Diary entry #557:

A new undetected and highly modular Linux malware, dubbed Lightning Framework, was recently disclosed and documented, although no attack was observed yet in the wild.

Lightning Framework has a lot of capabilities such as installing additional plugins, and running multiple rootkits, and it establishes both passive and active communication with its “polymorphic malleable“ command & control.

The threat is comprised of a downloader, a core module, and its plugins, including open-source tools like OpenSSH and IPTraf (a network monitoring system). The downloader is responsible to download all the other modules and the core module to receive commands to then perform a variety of actions on the machine.

Threats like Lightning Framework (and Symbiote, a Linux rootkit covered in our Daily Diary #529) are very dangerous since they have capabilities to remain stealth on their targets, including mixing open-source tools and performing a variety of actions to execute their attack.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220721/00286eae/attachment.htm>