Fysbis

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Fysbis is a modular Linux trojan/backdoor malware identified in late 2014, designed to exploit and damage computer systems. It's associated with Sofacy, an advanced persistent threat group, and is capable of installing itself onto a victim's system with or without root privileges. This malicious software can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Fysbis can cause significant disruption, including stealing personal information or holding data for ransom. Throughout 2015, Fysbis evolved and was detected in different forms. Initially, in early 2015, a 32-bit version of the malware was found. Later in the year, a more sophisticated 64-bit version emerged. Both versions exhibited similar behaviors, suggesting consistent objectives and tactics from the Sofacy group. The malware's architecture includes plug-in and controller modules as distinct classes, allowing it to be highly adaptable and resilient. The analysis of Fysbis revealed its capabilities through various binary strings references. Some references indicated RemoteShell capability, hinting at the malware's potential to remotely control infected systems. Other strings pointed towards installation methods and platform targeting. Furthermore, Fysbis demonstrated a propensity for "leakage," where certain aspects of its operation were inadvertently exposed, providing valuable insight into its functionality and potential countermeasures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Linux
Trojan
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SofacyUnspecified
1
Sofacy is a threat actor group that has been observed using multiple languages to create variants of the Zebrocy Trojan and Cannon. In one campaign, they relied heavily on filenames to lure victims into launching weaponized documents. The group packed only Delphi variants in an attempt to increase e
APT28Unspecified
1
APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Fysbis Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
A Look Into Fysbis: Sofacy’s Linux Backdoor