MALWARE-BACKDOOR DNS request for open LocalXpose reverse proxy backdoor domain ANY.loclx.io
This event is generated when Local Xpose application begins proxying traffic from localhost ports to the Internet.
LocalXpose is a reverse proxy tool has opened a tunnel exposing a workstation's local ports to the wider Internet. The infected host may be running a web application or exposing file for exfiltration.
Ease of attack
- Cisco Talos Intelligence Group