P2pinfect

Malware Profile Updated a day ago
Download STIX
Preview STIX
P2Pinfect is a malicious software (malware) that has recently been updated to target Redis servers with miners and ransomware, as well as routers and Internet of Things (IoT) devices. This malware infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once infiltrated, P2Pinfect can steal personal information, disrupt operations, or hold data hostage for ransom. Its new version not only delivers miners and ransomware but also receives commands to download and run the rsagen binary, introducing a new ransomware payload. In addition to its primary functionalities, P2Pinfect also includes a user-mode rootkit that modifies .bashrc files in user home directories by appending export LD_PRELOAD=/home/ /.lib/libs.so.1. Interestingly, while Redis servers can be configured to save data to files, typically with the extension rdb, this extension is not included in the list of those that P2Pinfect will ransom. This suggests a specific focus on certain types of data within the targeted systems. Researchers believe that P2Pinfect might operate as a botnet for hire, allowing customers to deploy their payloads. This would imply a broad potential range of applications and targets for this malware, depending on the objectives of the individuals or groups hiring the botnet. With its capability to target a diverse array of devices and systems, P2Pinfect presents a significant cybersecurity threat.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Worm
Malware
Botnet
Redis
Linux
Windows
Payload
Vulnerability
Exploit
Ransomware
Exploits
Ransom
SSH
Bot
Sandbox
Rootkit
Smishing
Known Exploi...
Cron
Aws
Rust
Chrome
Akamai
Apt
Backdoor
Ddos
Dropper
RCE (Remote ...
Debian
Cryptominer
At
Ransomware P...
Spyware
Zero Day
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Money LibraUnspecified
1
Money Libra, also known as Kinsing, is a malicious software (malware) that has been active since late 2021. This malware primarily targets cloud-native environments and applications such as Kubernetes clusters, Docker API, Redis, Jenkins and Openfire servers, and cloud-hosted Apache NiFi instances,
MiraiUnspecified
1
Mirai is a type of malware that primarily targets Internet of Things (IoT) devices to form botnets, which are networks of private computers infected with malicious software and controlled as a group without the owners' knowledge. In early 2022, Mirai botnets accounted for over 7 million detections g
NoabotUnspecified
1
NoaBot is a sophisticated malware variant that primarily targets Linux systems, utilizing a cryptominer to exploit system resources. It is based on the Mirai botnet, a notorious malware strain known for its ability to compromise Internet of Things (IoT) devices. NoaBot has most of the capabilities o
PredatorUnspecified
1
Predator is a potent malware that, along with NSO Group's Pegasus, remains a leading provider of mercenary spyware. Despite public disclosures in September 2023, Predator's operators have continued their operations with minimal changes, exploiting recently patched zero-day vulnerabilities in Apple a
Predator SpywareUnspecified
1
Predator Spyware is a type of malware, or malicious software, that has recently been identified as a significant threat to digital security. This harmful program infiltrates devices without the user's knowledge, often through suspicious downloads, emails, or websites. Once installed, it can steal pe
KinsingUnspecified
1
Kinsing is a type of malware, short for malicious software, that is designed to exploit and damage computer systems or devices. It typically infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt o
Royal RansomwareUnspecified
1
Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi
SprysocksUnspecified
1
SprySOCKS is a new strain of malware that has recently been added to the arsenal of Earth Lusca, an advanced persistent threat (APT) group known for its sophisticated cyberattacks. Malware, short for malicious software, is designed to exploit and damage computers or devices without the user's knowle
LuadreamUnspecified
1
LuaDream is a type of malware, specifically designed to exploit and damage computer systems or devices. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Thief LibraUnspecified
2
Thief Libra, also known as WatchDog, is a threat actor identified in the cybersecurity world for its malicious activities. The group's operations involve exploiting vulnerabilities to execute actions with harmful intent. A notable aspect of Thief Libra's modus operandi involves targeting Redis insta
Adept LibraUnspecified
2
Adept Libra, also known as TeamTNT, is a malicious threat actor that has been active in cybersecurity breaches since at least July 2021. The group is known for its innovative use of tools such as LaZagne to steal passwords from various operating systems, including Linux distributions in cloud-based
TeamTNTUnspecified
2
TeamTNT, a threat actor group known for its malicious activities, has been implicated in a series of sophisticated attacks on Kubernetes, one of the most complex to date. The group is notorious for deploying malware, specifically the Hildegard malware, which was identified during a new campaign. The
Earth LuscaUnspecified
1
Earth Lusca, a threat actor known for its malicious activities in the cyber world, has recently expanded its arsenal with the addition of a new tool, SprySOCKS Linux malware. This development was reported by Security Affairs in October 2020. Earth Lusca can be an individual, a private company, or pa
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2022-0543Unspecified
2
CVE-2022-0543 is a critical vulnerability in software design or implementation that was first identified in 2022. This flaw, known as a Lua sandbox escape vulnerability, affects Redis instances and has been exploited by P2PInfect, a self-replicating worm written in the Rust programming language. The
CVE-2023-5009Unspecified
1
None
CVE-2023-36845Unspecified
1
CVE-2023-36845 is a significant software vulnerability, specifically a PHP external variable modification bug, identified by WatchTowr Labs' security researchers. The flaw was part of a series of vulnerabilities linked to the SRX firewall system, including a missing authentication for critical funct
Source Document References
Information about the P2pinfect Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
a day ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
8 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
15 days ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
18 days ago
New P2Pinfect version delivers miners and ransomware on Redis servers
DARKReading
20 days ago
'P2PInfect' Worm Grows Teeth With Miner, Ransomware & Rootkit
Securityaffairs
22 days ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
3 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 462 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 461 by Pierluigi Paganini
CERT-EU
5 months ago
Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security
CERT-EU
5 months ago
Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security
Securityaffairs
5 months ago
Security Affairs newsletter Round 460 by Pierluigi Paganini