The Pumpkin Eclipse - Chalubo Malware
Essential information
- Published
- 04/06/2024 15:58
- Modified
- 04/06/2024 16:31
- Tags
- 2024-06-04 actiontec black body button chalubo chalubo malware close code contact copy ddos download enterprise find footer form header dropdown iconbutton link lotus labs lua script lumen main meta next november october open path product reload script soho solutions span star template write
- Related entities
- 176 observables, 10 techniques (mitre), 1 malware
Description
Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and control (C2) server. Chalubo has payloads designed for all major SOHO/IoT kernels, pre-built functionality to perform DDoS attacks, and can execute any Lua script sent to the bot.