Rabbot

Malware updated 5 months ago (2024-05-04T20:58:34.473Z)
Download STIX
Preview STIX
Rabbot is a malicious software, or malware, discovered by Anomali Labs' cyber threat researchers. It shares the same code base with another malware called Linux Rabbit. Both were used in a campaign targeting Linux servers and Internet-of-Things (IoT) devices that started in August 2018 and continued until October 2018. The campaign was primarily focused on Russia, South Korea, the UK, and the US. While both strains of malware function similarly, Rabbot is not limited to infecting just Linux servers like Linux Rabbit; it can also target and infect IoT devices. Rabbot propagates itself as a worm and has the capability to exploit known vulnerabilities in systems, with specific exploits listed in various databases such as CVE and Exploit DB. These exploits allow Rabbot to infiltrate systems and carry out its damaging activities. Once inside a system, Rabbot installs CoinHive miners into various web pages via the infected web server. This is achieved by searching for “.HTML” files and inserting JavaScript files into the browser, effectively hijacking the system's resources to mine cryptocurrency. Despite their similarities, there are key differences between Rabbot and Linux Rabbit. Unlike Linux Rabbit, Rabbot sends all its payloads through an open port 80 to the Linux web servers without checking to ensure that the process is successful. This characteristic makes Rabbot more aggressive and potentially more harmful than Linux Rabbit. Threat bulletins associated with this information provide a thorough examination of the general campaign and individual malware processes for both Linux Rabbit and Rabbot.
Description last updated: 2024-01-06T11:10:03.220Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Rabbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
MITRE
2 years ago