Skid

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Skid is a type of malware, or malicious software, known for its ability to infiltrate systems through suspicious downloads, emails, or websites. Once inside a directory, Skid reaches out to a webserver at the IP address 185.254.37.243 and downloads multiple files bearing its name. These files appear to be designed for different system architectures, indicating a broad range of potential targets. The individuals behind Skid are believed to be script kiddies, typically young people around 13 years old and slightly above, who use pre-existing codes and tools to launch cyberattacks without much understanding of their underlying principles. The impact of Skid has been significant, with Matyos Kidane, an organizer with the Stop LAPD Spying Coalition, stating that criminal justice reforms are "being cannibalized." This suggests that the malware has had a disruptive effect on the operations of various organizations, possibly including those involved in law enforcement and justice reform. The phrase "being cannibalized" may imply that internal systems or data have been compromised, causing these organizations to struggle with their operational effectiveness. Skid's behavior and naming conventions seem to share some similarities with other known malwares. For example, JenX, another malware, primarily contained the filename of "jkxl," while the assumed hailBot file names included the string "skid". The commonality might suggest a connection between these different types of malware or possibly a shared origin. The case of Blas Espinoza Cuahutzihua, who was killed when the arms of a skid-steer loader fell on him, appears unrelated to the Skid malware but rather seems to involve a tragic industrial accident.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Jenx
1
JenX is a variant of the Mirai malware, discovered in January 2018, that was primarily used by the group responsible for the InfectedSlurs botnet. This malware variant is known for its unique exploitation method, targeting hosting services running multiplayer versions of Grand Theft Auto to infect I
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Loader
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
JkxlUnspecified
1
None
HailbotUnspecified
1
HailBot is a malicious software variant that emerged in September 2023, based on the Mirai source code. This malware was identified and analyzed by cybersecurity firm NSFOCUS and content delivery network Akamai. It is known to propagate through exploitation of vulnerabilities and weak passwords, wit
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Skid Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
Biometrics Giant Accenture Quietly Took Over LA Residents’ Jail Reform Plan
CERT-EU
8 months ago
Mirai-based botnet targets routers and video recorders via zero-day flaws
CERT-EU
9 months ago
Techrights — Links 26/10/2023: Twitter/X Sees Scams Flourishing Under the Elon Musk Era
SANS ISC
8 months ago
Routers Targeted for Gafgyt Botnet [Guest Diary] - SANS Internet Storm Center
CERT-EU
a year ago
What Is a Script Kiddie?