MALWARE-BACKDOOR -- Snort has detected suspicious communication traffic unrelated to commands, such as exfiltration of data from the infected machine, especially larger chunks of data.
MALWARE-BACKDOOR TLS certificate securing LocalXpose reverse proxy backdoor
This event is generated when the LocalXpose backdoor attempts to securely connect to CNC proxy infrastructure. Impact: A backdoor tunnel into the network is being opened. Details: Ease of Attack:
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
