Description
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, and TOR communication. It primarily focuses on cryptomining and proxy-jacking activities. The malware's persistence mechanisms involve modifying system files and dropping user land rootkits. It targets specific architectures and uses various methods to remain undetected, including hooking critical system functions. The campaign has potentially affected thousands of victims and demonstrates a high level of sophistication in its design and execution.
Date
| Published | Created | Modified |
|---|---|---|
| Oct. 4, 2024, 10:08 a.m. | Oct. 4, 2024, 10:08 a.m. | Oct. 4, 2024, 12:32 p.m. |
Indicators
e16fb2a22fce5241565784b5a8518ed2becc9948d4c398093edbb70a946f9331
ca3f246d635bfa560f6c839111be554a14735513e90b3e6784bedfe1930bdfd6
a6d3c6b6359ae660d855f978057aab1115b418ed277bb9047cd488f9c7850747
31ee4c9984f3c21a8144ce88980254722fd16a0724afb16408e1b6940fd599da
22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c13
78.47.18.110
211.234.111.116
104.183.100.189
46.101.139.173
Attack Patterns
perfctl
T1568
T1548
T1014
T1497
T1095
T1021
T1016
T1070
T1574
T1082
T1057
T1083
T1071
T1543
T1055
T1036
T1027
T1562
T1078
T1059
CVE-2021-4043
CVE-2023-33246
CVE-2021-4034