Thief Libra

Threat Actor updated 4 months ago (2024-05-04T17:01:21.652Z)

Download STIX

Preview STIX

Thief Libra, also known as WatchDog, is a threat actor identified in the cybersecurity world for its malicious activities. The group's operations involve exploiting vulnerabilities to execute actions with harmful intent. A notable aspect of Thief Libra's modus operandi involves targeting Redis instances, similar to other threat groups like Adept Libra (TeamTnT) and Money Libra (Kinsing). However, the exploitation method used by Thief Libra differs from these groups, particularly in their use of the P2PInfect worm's initial infection vector that exploits Redis through CVE-2022-0543, a technique not commonly observed among cryptojacking-focused worms. The P2PInfect worm campaign is unique in its approach, targeting vulnerable Redis instances and performing worm-like operations. Despite similarities in target selection, there are no known links between this campaign and other established threat actor groups known for targeting Redis and deploying worms. These groups include Automated Libra (PurpleUrchin), Adept Libra (TeamTnT), Thief Libra (WatchDog), Money Libra (Kinsing), Aged Libra (Rocke), and Returned Libra (8220). What sets the P2PInfect worm apart from other worms, including those operated by Thief Libra, is its ability to establish a foothold in cloud container environments. This strategic maneuver allows it to stand out from other worms that target Redis, such as the cryptojacking malware operated by Adept Libra (TeamTnT) and Thief Libra (WatchDog). As the cybersecurity landscape continues to evolve, understanding the tactics and techniques of these threat actors becomes increasingly crucial in developing robust defense mechanisms.

Description last updated: 2023-11-29T03:53:34.093Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
TeamTNT	2	TeamTNT, a threat actor group known for its malicious activities, has been implicated in a series of sophisticated attacks on Kubernetes, one of the most complex to date. The group is notorious for deploying malware, specifically the Hildegard malware, which was identified during a new campaign. The

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Redis

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
P2pinfect	Unspecified	2	P2Pinfect is a form of malware, malicious software designed to infiltrate and damage computer systems or devices without the user's knowledge. It can enter your system through suspicious downloads, emails, or websites and once inside, it has the ability to steal personal information, disrupt operati

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Adept Libra	Unspecified	2	Adept Libra, also known as TeamTNT, is a malicious threat actor that has been active in cybersecurity breaches since at least July 2021. The group is known for its innovative use of tools such as LaZagne to steal passwords from various operating systems, including Linux distributions in cloud-based

Source Document References

Information about the Thief Libra Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Preview	Source Link	CreatedAt	Title
	Unit42	a year ago	P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm
	CERT-EU	a year ago	ALERT: Self-Replicating P2PInfect Worm Hits Redis Instances