LuminosityLink – Extracting The Config of 1.0 and 1.1

June 4, 2015

RATS are often not taken seriously in my opinion within malware, I’m not trying to go all APT on everyone here but groups doing large scale operations still use these as a simple and easy way to control systems. Take all these articles with a pinch a salt but it’s evident that it’s not just skids that use Remote Administration Tools. Many will use such tools due to how easy they are to use, they can be a gateway to initial infection, in which a attacker will then launch a more specialist strand of malware into the system to perform the original task.

Article #1

Article #2

Article #3

I decided to look at a emerging “stable” RAT that was released early April. It’s called LuminosityLink, the developer has previous experience in malware with being the author of the malware named “PLASMA HTTP”. I found a XSS vulnerability in this certain strand of malware and was able to takeover some panels and kill some botnets. It slowly dried up, I did not follow it religiously so I’m not fully aware of why they stopped creating updates for PLASMA HTTP. Perhaps they needed a break or did not like coding a HTTP bot, nevertheless, they strayed to RATS, in which LuminosityLink has gained attraction.

read more …