Malware Spotlight: Linodas aka DinodasRAT for Linux [Monday, April 01, 2024]

A Chinese-nexus cyber espionage threat actor is focusing on Southeast Asia, Africa, and South America, aligning with insights on threat actor Earth...
Malware Spotlight: Linodas aka DinodasRAT for Linux [Monday, April 01, 2024]
Malware Spotlight: Linodas aka DinodasRAT for Linux

Malware Spotlight: Linodas aka DinodasRAT for Linux

Description :
A Chinese-nexus cyber espionage threat actor is focusing on Southeast Asia, Africa, and South America, aligning with insights on threat actor Earth Krahang. The actor uses a cross-platform backdoor DinodasRAT, aka XDealer, linking it to Chinese actor LuoYu. While the Windows version is analyzed, the Linux version is not. Here we analyze Linux version 11 of DinodasRAT, called Linodas. It adds Linux-specific capabilities like reverse shells and logs monitoring. The latest version hides malware via a module proxying/modifying system binaries. Linodas shows continued targeting of Linux servers as pivot points in networks.

Published Created Modified
2024-04-01 09:40:45 2024-04-01 09:40:45 2024-04-01 10:07:58

Tags

Indicators

Malwares :
  • DinodasRAT
  • Linodas
  • XDealer
Hashes :
  • 3d93b8954ed1441516302681674f4989bd0f20232ac2b211f4b601af0fcfc13b
  • 6302acdfce30cec5e9167ff7905800a6220c7dda495c0aae1f4594c7263a29b2
  • 15412d1a6b7f79fad45bcd32cf82f9d651d9ccca082f98a0cca3ad5335284e45
  • 98b5b4f96d4e1a9a6e170a4b2740ce1a1dfc411ada238e42a5954e66559a5541
  • a2c3073fa5587f8a70d7def7fd8355e1f6d20eb906c3cd4df8c744826cb81d91
  • bf830191215e0c8db207ea320d8e795990cf6b3e6698932e6e0c9c0588fc9eff
  • 57f64f170dfeaa1150493ed3f63ea6f1df3ca71ad1722e12ac0f77744fb1a829
  • ebdf3d3e0867b29e66d8b7570be4e6619c64fae7e1fbd052be387f736c980c8e
Intrusion set :
  • Earth Krahang
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.