A Look Into Fysbis: Sofacy’s Linux Backdoor
Tags
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Sharepoint - T1213.002 Tool - T1588.002 Vulnerabilities - T1588.006
Show in Graph
Common Information
Type Value
UUID c19a455d-74a4-4fe2-b3f3-2b1deaddd7fc
Fingerprint 941489fbc1478685
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 12, 2016, 1 p.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline A Look Into Fysbis: Sofacy’s Linux Backdoor
Title A Look Into Fysbis: Sofacy’s Linux Backdoor
Detected Hints/Tags/Attributes 69/1/13
Source URLs
Redirection Url
Details Source http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/
Details Source https://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/
Details Source https://unit42.paloaltonetworks.com/a-look-into-fysbis-sofacys-linux-backdoor/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
Details paloaltonetworks.com researchcenter.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details CVE 2 
cve-2016-0728
Details Domain 2 
azureon-line.com
Details Domain 1 
mozilla-plugins.com
Details Domain 1 
mozillaplagins.com
Details md5 2 
364ff454dcf00420cff13a57bcb78467
Details md5 3 
075b6695ab63f36af65f7ffd45cccd39
Details md5 2 
e107c5c84ded6cd9391aede7f04d64c8
Details md5 1 
02c7cf55fd5c5809ce2dce56085ba437
Details md5 1 
95f2480423a4256537bfdfda0df85592
Details IPv4 2 
198.105.125.74
Details IPv4 1 
193.169.244.190
Details IPv4 1 
111.90.148.148
Details Threat Actor Identifier - APT 783 
APT28