LEMONSTICK

Description

(FireEye) LEMONSTICK is a Linux executable command line utility with backdoor capabilities. The backdoor can execute files, transfer files, and tunnel connections. LEMONSTICK can be started in two different ways: passing the -c command line argument (with an optional file) and setting the ‘OCB’ environment variable. When started with the -c command line argument, LEMONSTICK spawns an interactive shell. When started in OCB mode, LEMONSTICK expects to read from STDIN. The STDIN data is expected to be encrypted with the blowfish algorithm. After decrypting, it dispatches commands based on the name—for example: ‘executes terminal command’, ‘connect to remote system’, ‘send & retrieve file’, ‘create socket connection’.

Names

Name
LEMONSTICK

Type

Backdoor
Tunneling

Information

https://www.mandiant.com/resources/live-off-the-land-an-overview-of-unc1945

Other Information

Uuid

302afb62-797f-4e51-a073-f193e9e0030f

Last Card Change

2022-04-03

Threat Intelligence Garden

Explorer

LEMONSTICK

LEMONSTICK

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks