Cerberus

Malware Profile Updated 11 days ago
Download STIX
Preview STIX
Cerberus is a type of malware, a harmful software designed to exploit and damage systems. It has been found to be associated with various platforms and versions of Siemens Cerberus PRO UL, including the Compact Panel FC922/924 and the Engineering Tool, all versions prior to MP4. Additionally, Cerberus was also discovered in multiple versions of the Siemens Cerberus PRO UL X300 Cloud Distribution, all versions before V4.3.0001. The malware can infect systems through suspicious downloads, emails, or websites, often without user knowledge, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. A Cerberus sample (SHA-256 1249c4d3a4b499dc8a9a2b3591614966145daac808d440e5202335d9a4226ff8) was identified as being digitally code-signed with a generic Android certificate. This malware has been linked with other malicious programs such as Cobalt Strike, Meterpreter, DarkComet, and Empire Powershell. Moreover, it's been used in many Android-based banking Trojans like BianLian, Cerberus, and TeaBot, utilizing a method known as BadPack. To mitigate the risk from Cerberus, updates have been suggested for affected systems. For the Siemens Cerberus PRO UL Engineering Tool, Desigo Fire Safety UL Compact Panel FC2025/2050, and Desigo Fire Safety UL Engineering Tool, users should update to MP4 or later version. Similarly, for the Cerberus PRO UL X300 Cloud Distribution and Desigo Fire Safety UL X300 Cloud Distribution, an update to V4.3.0001 or later version is recommended. Successful exploitation of this malware requires an on-path attacker that intercepts the communication of the engineering tool in the fire system network. The possible impact is limited to the tool, not the underlying operating system, although code execution might be possible on the underlying OS with the privileges of the engineering tool user account.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Android
Vulnerability
Siemens
Mft
Exploit
Trojan
Extortion
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
TeabotUnspecified
2
TeaBot, also known as Anatsa, is a sophisticated Android banking Trojan that targets applications from over 650 financial institutions. It was first observed to use second-stage dropper applications that appear benign to users, deceiving them into installing the payload. TeaBot utilizes remote paylo
AnatsaUnspecified
1
Anatsa, a sophisticated Android banking trojan, is a malware designed to exploit and damage your device while stealing user financial data. It often masquerades as an innocuous file-management app to trick users into downloading it. Once installed, Anatsa downloads a target list of financial apps fr
BumblebeeUnspecified
1
Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The sam
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BianlianUnspecified
2
BianLian is a threat actor that has been increasingly active in cybercrimes. The group is known for its malicious activities, including the execution of actions with harmful intent. In a series of recent events, BianLian has exploited vulnerabilities in JetBrains TeamCity, a continuous integration a
AxiomUnspecified
1
Axiom is a recognized threat actor, also known as a hacking team, that has been associated with malicious activities. The group has ties to the Chinese intelligence apparatus and has operated under various names such as Winnti, PassCV, APT17, LEAD, BARIUM, Wicked Panda, and GREF. The naming conventi
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Cerberus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
9 days ago
'BadPack' APK Files Make Android Malware Hard to Detect
Unit42
11 days ago
Beware of BadPack: One Weird Trick Being Used Against Android Devices
Canadian Centre for Cyber Security
2 months ago
[Control systems] CISA ICS security advisories (AV24-283) - Canadian Centre for Cyber Security
CISA
2 months ago
Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems | CISA
Canadian Centre for Cyber Security
4 months ago
[Control systems] CISA ICS security advisories (AV24-150) - Canadian Centre for Cyber Security
CERT-EU
4 months ago
ChatGPT side-channel attack has easy fix: token obfuscation
CERT-EU
4 months ago
Multiple vulnerabilities in Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems
CERT-EU
4 months ago
Remote code execution in Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems
Canadian Centre for Cyber Security
4 months ago
[Control systems] Siemens security advisory (AV24-137) - Canadian Centre for Cyber Security
CERT-EU
5 months ago
Gen. Mark Milley’s Second Act: Multimillionaire
Bitdefender
7 months ago
Unveiling Mobile App Secrets: A 6-Month Deep Dive into Surprising Behavior Patterns
CERT-EU
8 months ago
Search | arXiv e-print repository
CERT-EU
9 months ago
The rise of mobile app overlay attacks and how to defend against them [Q&A]
CERT-EU
9 months ago
Semkel and Searchlight Cyber Form Strategic Partnership – Global Security Mag Online
CERT-EU
9 months ago
Semkel and Searchlight Cyber Form Strategic Partnership – Global Security Mag Online
Unit42
10 months ago
Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform
CERT-EU
a year ago
Hackers Allegedly Stole Activision's Upcoming Call Of Duty Games, Employee Data - TechShout
Recorded Future
a year ago
2022 Adversary Infrastructure Report
InfoSecurity-magazine
a year ago
Ransomware Attack Forces Closure of Nantucket Schools
CERT-EU
a year ago
Can 'Mad Libs for incident response' prevent the next MOVEit