The Art of Domain Deception: New Tactic to Deceive Users [Thursday, February 29, 2024]

A recent Linux variant of the Bifrost remote access Trojan uses a deceptive domain, download.vmfare.com, mimicking a legitimate VMware domain to by...
The Art of Domain Deception: New Tactic to Deceive Users [Thursday, February 29, 2024]
The Art of Domain Deception: New Tactic to Deceive Users

The Art of Domain Deception: New Tactic to Deceive Users

Description :
A recent Linux variant of the Bifrost remote access Trojan uses a deceptive domain, download.vmfare.com, mimicking a legitimate VMware domain to bypass security measures. Bifrost allows attackers to gather sensitive information and there has been a spike in Linux variants in recent months.

Published Created Modified
2024-02-29 18:41:14 2024-02-29 18:41:14 2024-02-29 18:59:16

Tags

Indicators

IPv4s : Domains : Malwares :
  • AlienSpy
  • Sockrat
  • Adwind
  • Trojan.Maljava
  • Frutas
  • jBiFrost
  • jRAT - S0283
  • jFrutas
  • JSocket
  • Unrecom
Hashes :
  • 2aeb70f72e87a1957e3bc478e1982fe608429cad4580737abe58f6d78a626c05
  • 8e85cb6f2215999dc6823ea3982ff4376c2cbea53286e95ed00250a4a2fe4729
Intrusion set :
  • Bifrost
MITRE ATT&CK Techniques : Other observables :
  • Technology

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.