Fysbis

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Fysbis is a modular Linux trojan/backdoor malware identified in late 2014, designed to exploit and damage computer systems. It's associated with Sofacy, an advanced persistent threat group, and is capable of installing itself onto a victim's system with or without root privileges. This malicious software can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Fysbis can cause significant disruption, including stealing personal information or holding data for ransom. Throughout 2015, Fysbis evolved and was detected in different forms. Initially, in early 2015, a 32-bit version of the malware was found. Later in the year, a more sophisticated 64-bit version emerged. Both versions exhibited similar behaviors, suggesting consistent objectives and tactics from the Sofacy group. The malware's architecture includes plug-in and controller modules as distinct classes, allowing it to be highly adaptable and resilient. The analysis of Fysbis revealed its capabilities through various binary strings references. Some references indicated RemoteShell capability, hinting at the malware's potential to remotely control infected systems. Other strings pointed towards installation methods and platform targeting. Furthermore, Fysbis demonstrated a propensity for "leakage," where certain aspects of its operation were inadvertently exposed, providing valuable insight into its functionality and potential countermeasures.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Fysbis Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
A Look Into Fysbis: Sofacy’s Linux Backdoor