Mirai IZ1H9
Oct 16, 2023 2:17:16 PM / by The Hivemind posted in Threat Bulletin, Linux, IoT, Mirai, Botnet, IZ1H9
Earth Lusca's SprySOCKS Linux Backdoor
Sep 25, 2023 2:06:11 PM / by The Hivemind posted in Threat Bulletin, Espionage, Government, Linux, Backdoor, Mandibule, SprySOCKS, Earth Lusca, Aquatic Panda
Related Families: Mandibule, Cobalt Strike, Trochilus, RedLeaves
Verticals Targeted: Government
Executive Summary
China nexus threat actor group Earth Lusca was observed using a Linux-based backdoor dubbed SprySOCKS to target government entities.
Monti Ransomware Linux Variant
Aug 21, 2023 12:49:38 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Conti, Monti
Related Families: Conti
Verticals Targeted: Legal, Government
BlackSuit Ransomware
Jun 12, 2023 2:55:54 PM / by The Hivemind posted in Ransomware, Windows, Linux, Royal, BlackSuit, encryption
Related Families: Royal
Executive Summary
BlackSuit ransomware targets both Windows and Linux systems and bears a striking resemblance to Royal ransomware.
SysUpdate Linux Variant
Mar 14, 2023 3:30:50 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, RAT, Trojan, SysUpdate, Iron Tiger, Emissary Panda, APT27
Verticals Targeted: Gambling
Executive Summary
Trend Micro recently reported on a new Linux variant of Emissary Panda’s SysUpdate. SysUpdate is one of Emissary Panda’s custom tools.
Royal Ransomware Linux Variant
Mar 3, 2023 1:25:10 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Royal
Verticals Targeted: IT, Financial, Materials, Healthcare, Food Production
Executive Summary
Trend Micro recently reported on a new Linux variant of Royal ransomware that targets Linux systems and ESXi servers. Royal ransomware is yet another contender among the many ransomware families now targeting Linux systems.
Cl0p Linux Variant
Feb 28, 2023 12:53:32 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Cl0p
Verticals Targeted: Education, Various
Executive Summary
SentinelLabs recently reported on a newly discovered Linux variant of Cl0p ransomware. The Linux variant is similar to the Windows variant but uses a flawed encryption logic.
ESXiArgs Ransomware
Feb 21, 2023 1:20:39 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, ESXiArgs, Babuk, CVE-2021-21974
Related Malware: Babuk
Verticals Targeted: Multiple
Executive Summary
Industry researchers recently reported on ESXiArgs ransomware, which targeted VMware ESXi servers around the globe. After CISA released a recovery script, the threat actors behind ESXiArgs distributed a new variant of the ransomware.
Key Takeaways