MALWARE-BACKDOOR -- Snort has detected suspicious communication traffic unrelated to commands, such as exfiltration of data from the infected machine, especially larger chunks of data.
MALWARE-BACKDOOR TLS certificate securing LocalXpose reverse proxy backdoor
This event is generated when the LocalXpose backdoor attempts to securely connect to CNC proxy infrastructure.
A backdoor tunnel into the network is being opened.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information