MALWARE-BACKDOOR -- Snort has detected suspicious communication traffic unrelated to commands, such as exfiltration of data from the infected machine, especially larger chunks of data.
MALWARE-BACKDOOR DNS request for open LocalXpose reverse proxy backdoor domain ANY.loclx.io
This event is generated when Local Xpose application begins proxying traffic from localhost ports to the Internet. Impact: LocalXpose is a reverse proxy tool has opened a tunnel exposing a workstation's local ports to the wider Internet. The infected host may be running a web application or exposing file for exfiltration. Details: Ease of Attack: Simple
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None