LINUX
| 6.4.23 | Mélofée | Mélofée: a new alien malware in the Panda's toolset targeting Linux hosts | MALWARE | Linux |
| 14.01.2026 | VoidLink | Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework | MALWARE | Linux |
| 22.08.2025 | VShell | The Silent, Fileless Threat of VShell | MALWARE | Linux |
| 20.08.2025 | DripDropper | Patching for persistence: How DripDropper Linux malware moves through the cloud | MALWARE | Linux |
| 16.04.2025 | SNOWLIGHT | According to sysdig, SNOWLIGHT is used as a dropper for its fileless payload (vshell). | MALWARE | Linux |
| 02.04.2025 | Outlaw | Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective | MALWARE | Linux |
| 26.02.2025 | Auto-Color | Auto-Color: An Emerging and Evasive Linux Backdoor | MALWARE | Linux |
| 18.02.2025 | ELF/Sshdinjector.A!tr | Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst | MALWARE | Linux |
| 27.10.2024 | FASTCash | Analysis of a newly discovered Linux based variant of the DPRK attributed FASTCash malware along with background information on payment switches used in financial networks. | MALWARE | LINUX |
| 14.09.2024 | Hadooken | Hadooken Malware Targets Weblogic Applications | MALWARE | Linux |
| 25.08.2024 | sedexp | Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules | MALWARE | Linux |
| 15.06.2024 | DISGOMOJI | DISGOMOJI Malware Used to Target Indian Government | MALWARE | Linux |
| 28.02.2024 | Cyclops Blink | Modular malware framework targeting SOHO network devices | MALWARE | Linux |
| 12.01.2024 | FBot | Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services | MALWARE | Linux |
| 27.12.2023 | SALTWATER | According to Mandiant, SALTWATER is a module for the Barracuda SMTP daemon (bsmtpd) that has backdoor functionality. SALTWATER can upload or download arbitrary files, execute commands, and has proxy and tunneling capabilities. | MALWARE | Linux |
| 27.12.2023 | SEASPY | According to CISA, this malware is a persistent backdoor that masquerades as a legitimate Barracuda Networks service. The malware is designed to listen to commands received from the Threat Actor’s Command-and-Control through TCP packets | MALWARE | Linux |
| 11.12.2023 | KEYPLUG | With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets | MALWARE | Linux |
| 22.11.2023 | Kinsing | CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits | MALWARE | Linux |
| 14.11.2023 | XorDdos | Linux DDoS C&C Malware | MALWARE | Linux |
| 02.11.2023 | Mozi | P2P Botnets: Review - Status - Continuous Monitoring | MALWARE | Linux |
| 28.10.2023 | StripedFly | It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. | MALWARE | Linux |
| 17.10.2023 | Poseidon | Part of Mythic C2, written in Golang. | MALWARE | Linux |
| 13.10.2023 | PerlBot | ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses | MALWARE | Linux |
| 19.09.2023 | SprySOCKS | Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement | MALWARE | Linux |
| 07.08.2023 | SkidMap | While analyzing the latest logs of our honeypot located in central Europe, we found a rather interesting entry that repeated again less than two weeks later. | MALWARE | Linux |
| 02.08.2023 | h2miner | A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities | MALWARE | Linux |
| 02.08.2023 | Rekoobe | A Trojan for Linux intended to infect machines with the SPARC architecture and Intel x86, x86-64 computers. | MALWARE | Linux |
| 22.07.2023 | BianLian | BianLian Ransomware Expanding C2 Infrastructure and Operational Tempo | MALWARE | Linux |
| 07.07.2023 | Tsunami | 8220 Gang Deploys a New Campaign with Upgraded Techniques | MALWARE | LINUX |
| 24.06.2023 | reptile | Operation Earth Berberoka | MALWARE | Linux |
| 24.06.2023 | Kaiten | According to netenrich, Kaiten is a Trojan horse that opens a back door on the compromised computer that allows it to perform other malicious activities. | MALWARE | Linux |
| 07.06.2023 | KEYPLUG | The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides) | MALWARE | Linux |
| 15.05.2023 | BPFDoor | BPFDoor is a passive backdoor used by a China-based threat actor. | MALWARE | Linux |
| 28.04.2023 | PingPull | Chinese Alloy Taurus Updates PingPull Malware | MALWARE | Linux |
| 23.03.2023 | VIRTUALPITA (LINUX) | Mandiant discovered two (2) additional VIRTUALPITA samples listening on TCP port 7475 that were persistent as an init.d startup service on Linux vCenter systems. To disguise themselves, the binaries shared the name of the legitimate binary ksmd. KSMD (Kernel Same-Page Merging Daemon) is normally in charge of memory-saving de-duplication on Linux and would not be listening on this port. | MALWARE | LINUX |
| 23.03.2023 | ShellBot | ShellBot Malware Being Distributed to Linux SSH Servers | MALWARE | Linux |
| 02.03.2023 | Rshell | Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users | MALWARE | Linux |
| 07.07.2022 | BPFDoor | BPFDoor is a passive backdoor used by a China-based threat actor. This backdoor supports multiple protocols for communicating with a C2 including TCP, UDP, and ICMP allowing the threat actor a variety of mechanisms to interact with the implant. | MALWARE | Linux |
| 07.07.2022 | Symbiote Linux | Symbiote, a new “nearly impossible to detect” Linux malware, targeted financial sectors in Latin America—and the threat actors behind it might have links to Brazil. These findings were revealed in a recent report, a joint effort between the Blackberry Research Team and Dr. Joakim Kennedy, a security researcher with Intezer. | MALWARE | Linux |
| 14.06.2022 | Syslogk | Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. | MALWARE | Linux |
| 14.06.2022 | Rekoobe | A Trojan for Linux intended to infect machines with the SPARC architecture and Intel x86, x86-64 computers. The Trojan’s configuration data is stored in a file encrypted with XOR algorithm | MALWARE | Linux |
| 20.05.2022 | XorDdos | XorDdos depicts the trend of malware increasingly targeting Linux-based operating systems, which are commonly deployed on cloud infrastructures and Internet of Things (IoT) devices. By compromising IoT and other internet-connected devices, XorDdos amasses botnets that can be used to carry out distributed denial-of-service (DDoS) attacks. | MALWARE | Linux |
| 21.11.2024 | WolfsBane | Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine | MALWARE | LINUX BACKDOOR |
| 20.01.2023 | BOLDMOVE | Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware. | MALWARE | Linux malware |
| 08.11.2024 | CRON#TRAP | CRON#TRAP: Emulated Linux Environments as the Latest Tactic in Malware Staging | MALWARE | LINUX |