{"id":53723,"date":"2023-09-18T00:00:00","date_gmt":"2023-09-18T00:00:00","guid":{"rendered":"urn:uuid:53272195-3b65-3a1a-2c56-7515013ad85e"},"modified":"2023-09-18T00:00:00","modified_gmt":"2023-09-18T00:00:00","slug":"earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/","title":{"rendered":"Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/sprysocks-cover:Large?qlt=80\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/sprysocks-cover.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>In early 2021, we published a research paper discussing the operation of a China-linked threat actor we tracked as <a href=\"https:\/\/www.trendmicro.com\/en_ca\/research\/22\/a\/earth-lusca-sophisticated-infrastructure-varied-tools-and-techni.html\">Earth Lusca<\/a>. Since our initial research, the group has remained active and has even extended its operations, targeting countries around the world during the first half of 2023.<\/p>\n<p>While monitoring the group, we managed to obtain an interesting, encrypted file hosted on the threat actor\u2019s delivery server. We were able to find the original loader of the file on VirusTotal and successfully decrypted it. Interestingly, the decrypted payload is a Linux-targeted backdoor that we have never seen before. The main execution routine and its strings show that it originates from the open-source Windows backdoor <a href=\"https:\/\/github.com\/RamadhanAmizudin\/malware\/tree\/62d0035db6bc9aa279b7c60250d439825ae65e41\/Trochilus\">Trochilus<\/a>, with several functions being re-implemented for Linux systems. We named this new Linux variant SprySOCKS, referring to the swift behaviors of Trochilus and the new Socket Secure (<a href=\"https:\/\/www.computerhope.com\/jargon\/s\/socks.htm\">SOCKS<\/a>) implementation inside the backdoor.<\/p>\n<p>Analysis of the SprySOCKS backdoor reveals some interesting findings. The backdoor contains a marker that refers to the backdoor\u2019s version number. We have identified two SprySOCKS payloads that contain two different version numbers, indicating that the backdoor is still under development. In addition, we noticed that the implementation of the interactive shell is likely inspired from the Linux variant of the <a href=\"https:\/\/www.cyber.airbus.com\/newcomers-derusbi-family\/\">Derusbi malware<\/a>.<\/p>\n<p>Meanwhile, the structure of SprySOCKS\u2019s command-and-control (C&amp;C) protocol is similar to one used by the <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/17\/g\/chessmaster-cyber-espionage-campaign.html\">RedLeaves backdoor<\/a>, a remote access trojan (RAT) <a href=\"https:\/\/blogs.jpcert.or.jp\/en\/2017\/04\/redleaves---malware-based-on-open-source-rat.html\">reported<\/a> to be infecting Windows machines. It consists of two components, the loader and the encrypted main payload. The loader is responsible for reading, decrypting, and running the main payload.<\/p>\n<p>Similar to the Windows version, the Linux variant analyzed in this report also consists of these two components. Previously, it was reported that RedLeaves was also built upon the publicly available source code of Trochilus.<\/p>\n<p>So far, we have only observed SprySOCKS used by Earth Lusca. In this blog entry, we will provide more context on Earth Lusca\u2019s use of the malware, together with a thorough analysis of its components and capabilities.<\/p>\n<p>Earth Lusca remained active during the first half of 2023, with its attacks focusing primarily on countries in Southeast Asia, Central Asia, and the Balkans (with a few scattered attacks on Latin American and African countries). The group\u2019s main targets are government departments that are involved in foreign affairs, technology, and telecommunications.<\/p>\n<p>Earth Lusca is now aggressively targeting the public-facing servers of its victims. Furthermore, we have seen them frequently exploiting server-based N-day vulnerabilities, including (but not limited to) the following:<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/i\/earth-lusca-employs-new-linux-backdoor.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor&#8217;s server \u2014 a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we&#8217;ve dubbed SprySOCKS due to its swift behavior and SOCKS implementation. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":53724,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9546,9510,9513,9509],"class_list":["post-53723","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-apttargeted-attacks","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-malware","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-18T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/sprysocks-cover:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement\",\"datePublished\":\"2023-09-18T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\\\/\"},\"wordCount\":433,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement.png\",\"keywords\":[\"Trend Micro Research : APT&amp;Targeted Attacks\",\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Malware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\\\/\",\"name\":\"Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement.png\",\"datePublished\":\"2023-09-18T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement.png\",\"width\":976,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : APT&amp;Targeted Attacks\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-apttargeted-attacks\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/","og_locale":"en_US","og_type":"article","og_title":"Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-09-18T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/sprysocks-cover:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement","datePublished":"2023-09-18T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/"},"wordCount":433,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement.png","keywords":["Trend Micro Research : APT&amp;Targeted Attacks","Trend Micro Research : Articles, News, Reports","Trend Micro Research : Malware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/","url":"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/","name":"Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement.png","datePublished":"2023-09-18T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement.png","width":976,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/earth-lusca-employs-new-linux-backdoor-uses-cobalt-strike-for-lateral-movement\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : APT&amp;Targeted Attacks","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-apttargeted-attacks\/"},{"@type":"ListItem","position":3,"name":"Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53723","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=53723"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53723\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/53724"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=53723"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=53723"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=53723"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}