【図表】
Overview of campaign elements
Screenshot of the content hosted on the default landing page for the C2
Diagram of proxy C2 communications shift observed through Black Lotus Labs telemetry
Heatmap of bots observed through Black Lotus Labs telemetry
Image of the invalid certificate appended to the malicious program
Screenshot of the network traffic generated by CBeacon when run in the Black Lotus Labs lab environment
Screenshot of the Go agent network traffic
Images comparing the information when C2.Heartbeat was run on CBeacon versus GoBeacon
出典: https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
【ブログ】
◆ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks (Black Lotus Labs, 2022/06/28)
https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/