Rabbot

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Rabbot is a malicious software, or malware, discovered by Anomali Labs' cyber threat researchers. It shares the same code base with another malware called Linux Rabbit. Both were used in a campaign targeting Linux servers and Internet-of-Things (IoT) devices that started in August 2018 and continued until October 2018. The campaign was primarily focused on Russia, South Korea, the UK, and the US. While both strains of malware function similarly, Rabbot is not limited to infecting just Linux servers like Linux Rabbit; it can also target and infect IoT devices. Rabbot propagates itself as a worm and has the capability to exploit known vulnerabilities in systems, with specific exploits listed in various databases such as CVE and Exploit DB. These exploits allow Rabbot to infiltrate systems and carry out its damaging activities. Once inside a system, Rabbot installs CoinHive miners into various web pages via the infected web server. This is achieved by searching for “.HTML” files and inserting JavaScript files into the browser, effectively hijacking the system's resources to mine cryptocurrency. Despite their similarities, there are key differences between Rabbot and Linux Rabbit. Unlike Linux Rabbit, Rabbot sends all its payloads through an open port 80 to the Linux web servers without checking to ensure that the process is successful. This characteristic makes Rabbot more aggressive and potentially more harmful than Linux Rabbit. Threat bulletins associated with this information provide a thorough examination of the general campaign and individual malware processes for both Linux Rabbit and Rabbot.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Linux Rabbit
1
Linux Rabbit is a malicious software (malware) specifically designed to exploit Linux systems. The first campaign leveraging this malware began in August 2018, targeting Linux servers located in Russia, South Korea, the UK, and the US. This malware is capable of connecting to GitHub to receive updat
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Linux
Worm
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2018-1149Unspecified
1
CVE-2018-1149 is a vulnerability that affects the Cisco IOS XE software. This flaw allows an attacker to execute arbitrary code with elevated privileges, potentially compromising the entire system. The vulnerability exists due to insufficient input validation of certain parameters in the affected so
CVE-2018-9866Unspecified
1
CVE-2018-9866 is a vulnerability that was discovered in Apache Struts, an open-source web application framework used by many organizations. The vulnerability allows remote attackers to execute arbitrary code on the server by sending specially crafted requests to the affected server. This type of att
CVE-2017-6884Unspecified
1
None
CVE-2016-0792Unspecified
1
CVE-2016-0792 is a vulnerability that was discovered in March 2016 and affected the widely used Apache Struts 2 framework. This flaw allowed attackers to execute arbitrary code on affected servers, potentially leading to data theft or system compromise. This vulnerability was caused by the way the f
CVE-2015-2051Unspecified
1
None
Source Document References
Information about the Rabbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Linux Rabbit/Rabbot Malware