The Luminosity.Link Remote Administration Tool (RAT) has been observed by a number of companies over the past year being spread through phishing emails. The Luminosity.Link RAT is sold openly online and contains numerous features that make it popular among cyber criminals. Luminosity.Link is designed using the .NET framework for use on Windows Operating systems. The Key Findings of our analysis revealed:
- Recent samples leverage the AutoIt scripting tool
- Luminosity.Link uses the SundownEK (Exploit Kit) for delivery
- Luminosity.Link samples contain encrypted configurations
Wapack Labs has extensively reported on Remote Access Tools (RAT) in the past. An archive of related reporting can be found in the Red Sky Alliance Portal.
TLP: AMBER
ACTOR TYPE: (I&II)
SERIAL: FR17-002
COUNTRIES: Worldwide
INDUSTRIES: Any, DIB
REPORT DATE: 20170221
