Contact

Unveiling WolfsBane: Linux counterpart to Gelsevirine

NetmanageIT OpenCTI - opencti.netmanageit.com

Unveiling WolfsBane: Linux counterpart to Gelsevirine



SUMMARY :

ESET researchers have discovered previously unknown Linux backdoors attributed to the China-aligned Gelsemium APT group. The main backdoor, named WolfsBane, is the Linux equivalent of Gelsemium's Gelsevirine backdoor for Windows. Another backdoor, FireWood, is connected to the group's Project Wood malware. These tools are designed for cyberespionage, targeting system information, credentials, and specific files. The malware uses sophisticated techniques for persistence, stealth, and command execution. This discovery marks Gelsemium's first known use of Linux malware, indicating a shift in APT tactics towards exploiting vulnerabilities in internet-facing Linux systems.

OPENCTI LABELS :

apt,backdoor,linux,rootkit,cyberespionage,persistence,wolfsbane,gelsevirine,project wood,firewood


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Unveiling WolfsBane: Linux counterpart to Gelsevirine