Contact

Unpacking the Diicot Malware Targeting Linux Environments

NetmanageIT OpenCTI - opencti.netmanageit.com

Unpacking the Diicot Malware Targeting Linux Environments



SUMMARY :

A new malware campaign attributed to the Romanian-speaking Diicot threat group has been discovered targeting Linux systems. The campaign shows significant advancements compared to previous iterations, including modified UPX headers with corrupted checksums, advanced payload staging, and environment-specific behavior. The malware targets Linux machines running OpenSSH, exploiting weak credentials for access. It employs various techniques such as file obfuscation, reverse shell capabilities, persistence mechanisms, and command and control communication. The campaign also includes SSH brute force functionality and potential cryptojacking capabilities. The attackers have earned over $16,000 from Monero mining alone.

OPENCTI LABELS :

malware,linux,brute-force,cryptomining,xmrig,persistence,openssh,upx,reverse-shell


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Unpacking the Diicot Malware Targeting Linux Environments