Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant)
AhnLab SEcurity intelligence Center (ASEC) recently discovered that Nood RAT is being used in malware attacks. Nood RAT is a variant of Gh0st RAT that works in Linux. Although the number of Gh0st RAT for Linux is fewer compared to Gh0st RAT for Windows, the cases of Gh0st RAT for
BlueShell Used in Attacks Against Linux Systems in Korea (2)
AhnLab SEcurity intelligence Center (ASEC) previously uploaded the article “BlueShell Used in APT Attacks Against Korean and Thai Targets” [1] on the ASEC blog which introduced BlueShell malware strains that were used against Linux systems in Thailand and Korea. The threat actor customized the BlueShell backdoor malware for their attack, and
Statistics Report on Malware Targeting Linux SSH Servers in Q4 2023
Overview AhnLab SEcurity intelligence Center (ASEC) conducts response and classification of brute force or dictionary attacks targeting poorly managed Linux SSH servers using honeypots. This report will cover the status of attack sources identified in the fourth quarter of 2023 based on logs, as well as statistics on attacks
Analysis of the Rekoobe Backdoor Being Used In Attacks Against Linux Systems in Korea
Rekoobe is a backdoor known to be used by APT31, a threat group based in China. AhnLab Security Emergency Response Center (ASEC) has been receiving reports of the Rekoobe malware from tenants in Korea for several years, and will hereby share its brief analysis. Additionally, the Rekoobe variants will be
Shc Linux Malware Installing CoinMiner
The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader,
