Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective

SUMMARY :

OUTLAW is a persistent Linux malware that uses basic techniques like SSH brute-forcing, SSH key manipulation, and cron-based persistence to maintain a long-lasting botnet. Despite its lack of sophistication, it remains active by leveraging simple but impactful tactics. The malware deploys modified XMRig miners, uses IRC for command and control, and includes publicly available scripts for persistence and defense evasion. OUTLAW's infection chain spans nearly the entire MITRE ATT&CK framework, offering many detection opportunities. It propagates in a worm-like manner, using compromised hosts to launch further SSH brute-force attacks on local subnets, rapidly expanding the botnet.

OPENCTI LABELS :

linux,botnet,brute-force,xmrig,cryptocurrency mining,worm,persistence,irc,ssh,outlaw,stealth shellbot,blitz


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective