Derusbi

Malware updated 23 days ago (2024-11-29T13:41:48.979Z)
Download STIX
Preview STIX
Derusbi is a sophisticated malware family known for its ability to target both Linux and Windows systems. It has been predominantly associated with Chinese cyber espionage operations since 2008, making it a significant concern in the realm of cybersecurity. The malware primarily functions as a tool for gaining and maintaining remote access to targeted systems, enabling attackers to steal sensitive information, conduct reconnaissance, and perform other malicious activities. Its unique structure of network communication and distinctive techniques have made it stand out among other malware families. A notable feature of Derusbi is its use of the LD_PRELOAD technique to load a malicious shared object library that exports PAM APIs. This technique allows the malware to infiltrate system processes and execute harmful actions without being detected. Furthermore, Derusbi implements an interactive shell, which is believed to be inspired by the Linux variant of the malware. This shell provides the attacker with a command-line interface to the compromised system, further enhancing their control over the victim's machine. Recent analyses of new backdoor malware variants have revealed striking similarities to Derusbi, suggesting that these newer threats may have drawn inspiration from or had direct access to Derusbi's source code. In particular, the implementation of the SprySOCKS' interactive shell in the Earth Lusca malware and others appears to be based on the Linux variant of Derusbi. These findings underscore the enduring influence of Derusbi in the evolving landscape of cyber threats.
Description last updated: 2024-05-04T19:34:59.809Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Linux
Backdoor
Windows
Reconnaissance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Sprysocks Malware is associated with Derusbi. SprySOCKS is a new strain of malware that has recently been added to the arsenal of Earth Lusca, an advanced persistent threat (APT) group known for its sophisticated cyberattacks. Malware, short for malicious software, is designed to exploit and damage computers or devices without the user's knowleUnspecified
2