216.73.217.80

Threat Bulletin: Fire in the Woods – A New Variant of FireWood

· Published 15/08/2025 11:38 · Modified 15/08/2025 13:07

Export JSON

Essential information

Published
15/08/2025 11:38
Modified
15/08/2025 13:07
Tags
2025-08-15 backdoor firewood kernel rootkit linux project wood rat tea encryption
Related entities
1 intrusion sets (apt), 10 techniques (mitre), 1 malware, 2 others

Description

A new, low-detected variant of the has been discovered, showing changes in implementation and configuration while maintaining core functionality. This , linked to the '' malware lineage, operates as a remote access trojan on systems, using kernel-level rootkit modules and TEA-based encryption for stealth and persistence. The new variant modifies the execution process, alters network communication, and updates file paths. It removes some commands and adds others, including a new 'auto-kill' feature. Samples have been found from Iran and the Philippines, indicating a potentially wide distribution. The has possible connections to the China-aligned Gelsemium APT group, though this association remains uncertain.

External references