Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement Indicators of Compromise ========================================================================================= Modified Mandibule Loader 65B27E84D9F22B41949E42E8C0B1E4B88C75211CBF94D5FD66EDC4EBE21B7359 ========================================================================================= Encrypted SprySOCKS payload (libmonitor.so.2) 6F84B54C81D29CB6FF52CE66426B180AD0A3B907E2EF1117A30E95F2DC9959FC ========================================================================================= SprySOCKS (Decrypted) F8BA9179D8F34E2643EE4F8BC51C8AF046E3762508A005A2D961154F639B2912 EEBD75AE0CB2B52B71890F84E92405AC30407C7A3FE37334C272FD2AB03DFF58 ========================================================================================= Delivery Server 207.148.75.122 ========================================================================================= SprySOCKS C&C server lt76ux.confenos.shop 2e6veme8xs.bmssystemg188.us =========================================================================================