P2pinfect

Malware updated 2 months ago (2024-08-14T09:59:07.113Z)

Download STIX

Preview STIX

P2Pinfect is a form of malware, malicious software designed to infiltrate and damage computer systems or devices without the user's knowledge. It can enter your system through suspicious downloads, emails, or websites and once inside, it has the ability to steal personal information, disrupt operations, or even hold your data hostage for ransom. A new version of P2Pinfect has emerged that delivers miners and ransomware on Redis servers. This upgraded variant not only targets computer systems but has also been found to infect routers and IoT devices, expanding its reach and potential damage. The malware operates by exploiting vulnerabilities in these systems, using them to mine cryptocurrencies or encrypt data for ransom. The report indicates that P2Pinfect has a wide geographical distribution, with nodes identified within providers located in China, the US, and Germany. This shows that regardless of where infrastructure is situated, it remains vulnerable to Linux and cloud-focused attacks. P2Pinfect's extensive reach and evolving methods of attack highlight the importance of robust cybersecurity measures across all digital platforms and devices.

Description last updated: 2024-08-14T08:46:24.696Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Redis

Worm

Windows

Linux

Malware

Botnet

Ransomware

Payload

Vulnerability

Exploits

Exploit

Rootkit

Sandbox

Ransom

Bot

SSH

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The TeamTNT Threat Actor is associated with P2pinfect. TeamTNT, a known threat actor group, has been identified as the force behind an advanced malware campaign targeting Kubernetes. The group's Hildegard malware is one of the most complex attacks seen to date in this area. Despite a common belief that TeamTNT disbanded in 2022, evidence of their activi	Unspecified	2
The Thief Libra Threat Actor is associated with P2pinfect. Thief Libra, also known as WatchDog, is a threat actor identified in the cybersecurity world for its malicious activities. The group's operations involve exploiting vulnerabilities to execute actions with harmful intent. A notable aspect of Thief Libra's modus operandi involves targeting Redis insta	Unspecified	2
The Adept Libra Threat Actor is associated with P2pinfect. Adept Libra, also known as TeamTNT, is a malicious threat actor that has been active in cybersecurity breaches since at least July 2021. The group is known for its innovative use of tools such as LaZagne to steal passwords from various operating systems, including Linux distributions in cloud-based	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2022-0543 Vulnerability is associated with P2pinfect. CVE-2022-0543 is a critical vulnerability in software design or implementation that was first identified in 2022. This flaw, known as a Lua sandbox escape vulnerability, affects Redis instances and has been exploited by P2PInfect, a self-replicating worm written in the Rust programming language. The	Unspecified	2

Source Document References

Information about the P2pinfect Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	3 months ago	security-affairs-malware-newsletter-round-5
CERT-EU	8 months ago	Cloud-focused malware campaigns on the increase
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	4 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	New P2Pinfect version delivers miners and ransomware on Redis servers
DARKReading	4 months ago	'P2PInfect' Worm Grows Teeth With Miner, Ransomware & Rootkit
Securityaffairs	4 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	7 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	7 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	7 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini