Chinese hackers have unleashed a never-before-seen Linux backdoor::SprySOCKS borrows from open source Windows malware and adds new tricks.

  • @[email protected]
    link
    fedilink
    English
    24
    edit-2
    1 year ago

    SprySOCKS Capabilities:

       ID	     NOTES
    
    • 0x09 Gets machine information
    • 0x0a Starts interactive shell
    • 0x0b Writes data to interactive shell
    • 0x0d Stops interactive shell
    • 0x0e Lists network connections (parameters: “ip”, “port”, “commName”, “connectType”)
    • 0x0f Sends packet (parameter: “target”)
    • 0x14, 0x19 Sends initialization packet
    • 0x16 Generates and sets clientid
    • 0x17 Lists network connections (parameters: “tcp_port”, “udp_port”, “http_port”, “listen_type”, “listen_port”)
    • 0x23 Creates SOCKS proxy
    • 0x24 Terminates SOCKS proxy
    • 0x25 Forwards SOCKS proxy data
    • 0x2a Uploads file (parameters: “transfer_id”, “size”)