Botnet C&C

LuminosityLink

Brief

LuminosityLink is a RAT (Remote Access Trojan or Remote Administration Tool) that contains many malicious features such as keylogging, form grabbing, password theft and backdoor creation. It will communicate with a remote C&C server to obtain instructions.

Symptoms

Some possible symptoms include, but are not limited to:

  • Creation of a service
  • Creation or modification of Windows registry entries to maintain persistence
  • Significant increase in outbound traffic which may indicate participation in a DDoS attack
  • Creation or modification of a Windows registry key to enables persistence

Analysis

LuminosityLink is sold very cheaply as a "tool" to provide Remote Administration services for IT administrators and managers, but is often seen distributed through Exploit Kits (EKs) and other infection vectors.

It is incredibly bold and aggressive and will inject itself into many processes on the target machine, in the hopes of collecting as much information as possible. It also has the ability to download and execute additional software.

Instructions

It is not recommended that any attempts to remove this malware be performed manually. Fortinet recommends that you remove this threat by running a complete scan of your system using FortiClient Endpoint Protection.