OTX Bot1d ago

Illuminating VoidLink: Technical analysis of the VoidLink rootkit framework

Elastic Security Labs analyzes VoidLink, a sophisticated Linux malware framework combining Loadable Kernel Modules (LKMs) and eBPF for persistence. The rootkit, developed by a Chinese-speaking threat actor, evolved through four generations, targeting kernels from CentOS 7 to Ubuntu 22.04. VoidLink employs advanced techniques like delayed initialization, runtime key rotation, and a hybrid LKM-eBPF architecture for comprehensive stealth. Notable features include an ICMP-based covert channel, process protection, and memfd-aware boot loading. Evidence suggests AI-assisted development, lowering the barrier for kernel-level rootkit creation. Detection strategies and defensive recommendations are provided to counter this emerging threat.

Pulse ID: 69c51fb010f23603d7d217ea
Pulse Link: https://otx.alienvault.com/pulse/69c51fb010f23603d7d217ea
Pulse Author: AlienVault
Created: 2026-03-26 11:59:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Chinese #CyberSecurity #ElasticSecurityLabs #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RAT #Rootkit #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
OTX BotMar 20

From Invitation to Infection: How SILENTCONNECT Delivers ScreenConnect — Elastic Security Labs

Pulse ID: 69bd45393fac7e92bd363cad
Pulse Link: https://otx.alienvault.com/pulse/69bd45393fac7e92bd363cad
Pulse Author: CyberHunter_NL
Created: 2026-03-20 13:01:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ElasticSecurityLabs #InfoSec #OTX #OpenThreatExchange #ScreenConnect #bot #CyberHunter_NL

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
Tarnkappe.infoNov 27, 2024
📬 Banshee Stealer Quellcode geleakt: macOS-Malware unschädlich gemacht
#ITSicherheit #Malware #BansheeStealer #ElasticSecurityLabs #macOS #macOSMalware #QuellcodeLeak #VXUnderground https://sc.tarnkappe.info/ad2a32
Banshee Stealer Quellcode geleakt: macOS-Malware unschädlich gemacht

Cyberkriminelle geben auf: Die Malware Banshee Stealer für MacOS wurde nach Veröffentlichung des Quellcodes aufgegeben.

TARNKAPPE.info
KrebsOnSecurity RSSOct 8, 2024

Patch Tuesday, October 2024 Edition

https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-edition/

#OpenSSHforWindows;PowerBI;WindowsHyper-V;WindowsMobileBroadband #AdobeSubstance3DPainter #ElasticSecurityLabs #Substance3DStager #NikolasCemerikic #AdobeFramemaker #LatestWarnings #CVE-2024-43572 #CVE-2024-43573 #SecurityTools #ImmersiveLabs #GrimResource #SatnamNarang #VisualStudio #TimetoPatch #Dimension #Lightroom #Commerce #InDesign #Animate #macOS15 #Sequoia #Tenable #InCopy #.NET

Patch Tuesday, October 2024 Edition – Krebs on Security

ITSEC NewsOct 8, 2024
Patch Tuesday, October 2024 Edition - Microsoft today released security updates to fix at least 117 security holes in Wi... https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-edition/ #opensshforwindows;powerbi;windowshyper-v;windowsmobilebroadband #adobesubstance3dpainter #elasticsecuritylabs #substance3dstager #nikolascemerikic #adobeframemaker #latestwarnings #cve-2024-43572 #cve-2024-43573 #securitytools #immersivelabs #grimresource #satnamnarang #visualstudio #timetopatch
Patch Tuesday, October 2024 Edition – Krebs on Security

Tarnkappe.infoMay 22, 2024
📬 GhostEngine: Krypto-Mining-Angriff überlistet Sicherheitslösungen
#Cyberangriffe #ITSicherheit #Antiy #ElasticSecurityLabs #GhostEngine #KryptoMining #Malware #Monero https://sc.tarnkappe.info/1e2a69
GhostEngine: Krypto-Mining-Angriff überlistet Sicherheitslösungen

GhostEngine ist eine raffinierte Krypto-Mining-Kampagne, die auf Computernetzwerke abzielt und Sicherheitssoftware austricksen kann.

Tarnkappe.info
Tanisha L. TurnerMar 22, 2023

Malware analysis of malware family SOMNIRECORD, a backdoor malware that conceals identity masquerading as DNS using C2 (Command and Control) methods.

https://www.elastic.co/security-labs/not-sleeping-anymore-somnirecords-wakeup-call

#ElasticSecurityLabs #malware
#malwareanalysis #malwarebackdoor #dnshack

Not sleeping anymore: SOMNIRECORD's wake-up call

Elastic Blog
uslMar 20, 2023

#NAPLISTENER Analysis by #elasticsecuritylabs

https://www.elastic.co/de/security-labs/naplistener-more-bad-dreams-from-the-developers-of-siestagraph?ultron=esl:_threat_research%2Besl_blog_post&blade=twitter&hulk=social&utm_content=9216526986&linkId=206234931

#infosec #malware #elastic

NAPLISTENER: more bad dreams from developers of SIESTAGRAPH

Elastic Blog
Tanisha L. TurnerMar 18, 2023

🔥🔥🤩 Check out this malware analysis report from Elastic Security Labs on a recent variant from the malware family ICEDID written by the MARE (Malware Analysis and Reverse Engineering) Team Senior Security Researchers Cyril F. and Daniel Stepanic !

#malwareanalysis #elastic #ElasticSecurityLabs #malware

https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary

Thawing the permafrost of ICEDID Summary

Elastic Blog
Tanisha L. TurnerMar 16, 2023

Check 🔥🔥out the latest #ElasticSecurityLabs research blog on Exploring the future of ChatGPT from Senior Security Researcher Mika Ayenson

https://www.elastic.co/security-labs/exploring-applications-of-chatgpt-to-improve-detection-response-and-understanding?oemf

#ElasticSecurityLabs #Elastic #chatgpt #DetectionAndResponse

Exploring the Future of Security with ChatGPT

Elastic Blog