LINUX  

6.4.23  Mélofée Mélofée: a new alien malware in the Panda's toolset targeting Linux hosts MALWARE Linux
14.01.2026 VoidLink Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework MALWARE Linux
22.08.2025 VShell The Silent, Fileless Threat of VShell MALWARE Linux
20.08.2025 DripDropper Patching for persistence: How DripDropper Linux malware moves through the cloud MALWARE Linux
16.04.2025 SNOWLIGHT According to sysdig, SNOWLIGHT is used as a dropper for its fileless payload (vshell).  MALWARE Linux
02.04.2025 Outlaw Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective MALWARE Linux
26.02.2025 Auto-Color Auto-Color: An Emerging and Evasive Linux Backdoor MALWARE Linux
18.02.2025 ELF/Sshdinjector.A!tr Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst MALWARE Linux
27.10.2024 FASTCash  Analysis of a newly discovered Linux based variant of the DPRK attributed FASTCash malware along with background information on payment switches used in financial networks.  MALWARE LINUX
14.09.2024 Hadooken  Hadooken Malware Targets Weblogic Applications MALWARE Linux
25.08.2024 sedexp Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules MALWARE Linux
15.06.2024 DISGOMOJI DISGOMOJI Malware Used to Target Indian Government MALWARE Linux
28.02.2024 Cyclops Blink Modular malware framework targeting SOHO network devices MALWARE Linux
12.01.2024 FBot  Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services MALWARE Linux
27.12.2023 SALTWATER According to Mandiant, SALTWATER is a module for the Barracuda SMTP daemon (bsmtpd) that has backdoor functionality. SALTWATER can upload or download arbitrary files, execute commands, and has proxy and tunneling capabilities. MALWARE Linux
27.12.2023 SEASPY According to CISA, this malware is a persistent backdoor that masquerades as a legitimate Barracuda Networks service. The malware is designed to listen to commands received from the Threat Actor’s Command-and-Control through TCP packets MALWARE Linux
11.12.2023 KEYPLUG With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets MALWARE Linux
22.11.2023 Kinsing CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits MALWARE Linux
14.11.2023 XorDdos Linux DDoS C&C Malware MALWARE Linux
02.11.2023 Mozi P2P Botnets: Review - Status - Continuous Monitoring MALWARE Linux
28.10.2023 StripedFly It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. MALWARE Linux
17.10.2023 Poseidon Part of Mythic C2, written in Golang.  MALWARE Linux
13.10.2023 PerlBot ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses MALWARE Linux
19.09.2023 SprySOCKS Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement MALWARE Linux
07.08.2023 SkidMap  While analyzing the latest logs of our honeypot located in central Europe, we found a rather interesting entry that repeated again less than two weeks later. MALWARE Linux
02.08.2023 h2miner A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities MALWARE Linux
02.08.2023 Rekoobe A Trojan for Linux intended to infect machines with the SPARC architecture and Intel x86, x86-64 computers. MALWARE Linux
22.07.2023 BianLian BianLian Ransomware Expanding C2 Infrastructure and Operational Tempo MALWARE Linux
07.07.2023 Tsunami 8220 Gang Deploys a New Campaign with Upgraded Techniques MALWARE LINUX
24.06.2023 reptile Operation Earth Berberoka MALWARE Linux
24.06.2023 Kaiten According to netenrich, Kaiten is a Trojan horse that opens a back door on the compromised computer that allows it to perform other malicious activities. MALWARE Linux
07.06.2023 KEYPLUG The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides) MALWARE Linux
15.05.2023 BPFDoor  BPFDoor is a passive backdoor used by a China-based threat actor. MALWARE Linux
28.04.2023 PingPull  Chinese Alloy Taurus Updates PingPull Malware MALWARE Linux
23.03.2023 VIRTUALPITA (LINUX) Mandiant discovered two (2) additional VIRTUALPITA samples listening on TCP port 7475 that were persistent as an init.d startup service on Linux vCenter systems. To disguise themselves, the binaries shared the name of the legitimate binary ksmd. KSMD (Kernel Same-Page Merging Daemon) is normally in charge of memory-saving de-duplication on Linux and would not be listening on this port.  MALWARE LINUX
23.03.2023 ShellBot ShellBot Malware Being Distributed to Linux SSH Servers MALWARE Linux
02.03.2023 Rshell Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users MALWARE Linux
07.07.2022 BPFDoor BPFDoor is a passive backdoor used by a China-based threat actor. This backdoor supports multiple protocols for communicating with a C2 including TCP, UDP, and ICMP allowing the threat actor a variety of mechanisms to interact with the implant.  MALWARE Linux
07.07.2022 Symbiote Linux Symbiote, a new “nearly impossible to detect” Linux malware, targeted financial sectors in Latin America—and the threat actors behind it might have links to Brazil. These findings were revealed in a recent report, a joint effort between the Blackberry Research Team and Dr. Joakim Kennedy, a security researcher with Intezer.  MALWARE Linux
14.06.2022 Syslogk  Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. MALWARE Linux
14.06.2022 Rekoobe A Trojan for Linux intended to infect machines with the SPARC architecture and Intel x86, x86-64 computers. The Trojan’s configuration data is stored in a file encrypted with XOR algorithm  MALWARE Linux
20.05.2022 XorDdos XorDdos depicts the trend of malware increasingly targeting Linux-based operating systems, which are commonly deployed on cloud infrastructures and Internet of Things (IoT) devices. By compromising IoT and other internet-connected devices, XorDdos amasses botnets that can be used to carry out distributed denial-of-service (DDoS) attacks. MALWARE Linux
21.11.2024 WolfsBane Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine MALWARE LINUX BACKDOOR
20.01.2023 BOLDMOVE Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware. MALWARE Linux malware
08.11.2024 CRON#TRAP CRON#TRAP: Emulated Linux Environments as the Latest Tactic in Malware Staging MALWARE LINUX  

Linux / Cdorked
Linux / Cdorked
Linux / Clapzok.A
Linux / Ebury
Linux / Onimiki
Linux / Roopre.A
Linux / Tsunami.NAS
Linux.Adore.Worm
Linux.Apaback
Linux.Backdoor.Kaiten
Linux.Backdoor.Rexob
Linux.Cdorked
Linux.Ddssh
Linux.DoS.tfn2k.tfn
Linux.Fokirtor
Linux.Hijacker.Worm
Linux.Chapro
Linux.Cheese.Worm
Linux.Jac.8759
Linux.Kaiten
Linux.Lion.Worm
Linux.Mare
Linux.Mare.K
Linux.Millen.Worm
Linux.Netweird
Linux.Perbot
Linux.Phalax
Linux.Plupii
Linux.Plupii.C
Linux.Psybot
Linux.Ramen.Worm
Linux.RST.B
Linux.Slapper.D
Linux.Slapper.Worm
Linux.Sorso
Linux.Sshdoor
Linux.SSHKit