Linux Rabbit

Linux Rabbit is malware that targeted Linux servers and IoT devices in a campaign lasting from August to October 2018. It shares code with another strain of malware known as Rabbot. The goal of the campaign was to install cryptocurrency miners onto the targeted servers and devices.[1]

Techniques Used

Domain ID Name Use
Enterprise VT0013 Brute Force

Linux Rabbit brute forces SSH passwords in order to attempt to gain access and install its malware onto the server. [1]

Enterprise VT0002 External Remote Services

Linux Rabbit attempts to gain initial access to the server via SSH.

Enterprise VT0005 Valid Accounts

Linux Rabbit acquires valid SSH accounts through brute force. [1]

References

Attachments

ID
VS0001
Type
MALWARE
Platforms
Linux
Version
1.2

Created: 07 January 2021

Last Modified: 14 April 2021