A new Go-based Linux botnet named PumaBot has been identified targeting IoT devices, particularly surveillance systems. It brute-forces SSH credentials using lists from a C2 server, then deploys itself and establishes persistence. The malware disguises itself as legitimate system files, creates systemd services, and adds SSH keys for backdoor access. It also includes components for credential theft and system monitoring. The botnet demonstrates sophisticated evasion techniques and aims for long-term access to compromised devices. Author: AlienVault
Related Tags:
pumabot
T1547.006
T1553.004
T1205
SSH Brute-Force
T1543.002
T1036.004
T1562.004
T1021.004
Associated Indicators:
426276A76F20B823E896E3C08F1C42F3D15A91A55C3613C7B3BDFBEF0BBED9A9
0957884A5864DEB4389DA3B68D3D2A139B565241DA3BB7B9C4A51C9F83B0F838
AB50B0B9D5C9739383CE6178B258AF10B116299ECB3319BBFB94F27D6F7B1B01
A5125945D7489D61155723259990C168DB01DFEDCD76A2E1BA08CAA3C4532CA3
F8C75077C3E3C97314C729A7A5FE97B1D2868A94632A351BA3985F0CF66C09D7
F540F7AF0BA3995C2A35F623B83737456C93E55F
C39C96DC5C1E640D081DA30CF8F0638689700483
158F869A1AE3AA2A3586920E788A9110B7495B9D
A85C6874884F7D6DF2587FD51F65FF7593569683