Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral MovementWhile monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
Source:
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement