CyberHappenings logo
☰

MystRodX Backdoor Uses DNS and ICMP Triggers for Stealthy Control

First reported
Last updated
📰 1 unique sources, 1 articles

Summary

Hide ▲

A new backdoor named MystRodX, also known as ChronosRAT, has been identified. This malware, implemented in C++, supports various features for capturing sensitive data and includes stealth and flexibility mechanisms. It uses DNS and ICMP triggers for passive activation and has been linked to a China-nexus cyber espionage group called Liminal Panda. MystRodX has been active since at least January 2024 and is delivered via a dropper that includes anti-debugging and anti-virtualization checks. The backdoor can operate in both passive and active modes, depending on its configuration. In passive mode, it waits for activation messages via DNS or ICMP packets. In active mode, it establishes communication with a command-and-control (C2) server to execute received commands.

Timeline

  1. 02.09.2025 17:56 📰 1 articles

    MystRodX Backdoor Identified with DNS and ICMP Triggers

    A new backdoor named MystRodX, also known as ChronosRAT, has been identified. This malware, implemented in C++, supports various features for capturing sensitive data and includes stealth and flexibility mechanisms. It uses DNS and ICMP triggers for passive activation and has been linked to a China-nexus cyber espionage group called Liminal Panda. MystRodX has been active since at least January 2024 and is delivered via a dropper that includes anti-debugging and anti-virtualization checks.

    Show sources

Information Snippets