Date: 08/22/2025
Severity: High
Summary
Linux is trusted for its security, stability, and control, often seen as safer than Windows. But this trust can create blind spots, as attackers innovate beyond software exploits. New threats use behaviors, scripts, and even filenames to breach systems stealthily. We’ll explore a real Linux malware case where a filename alone triggers infection.
Indicators of Compromise (IOC) List
IP Address : | 47.98.194.60 |
Hash : |
5bde055523d3b5b10f002c5d881bed882e60fa47393dff41d155cab8b72fc5f4
8ef56b48ac164482dddf6a80f7367298d7b4d21be3aadf0ee1d82d63e3ac0c0a
72702d6ddb671dc75e2ee6caf15f98b752df6125a43dae71cda35d305d989cf4
5712d8a629d607c86a9d094dd24b4747b212d5a37b68ad7f10a84dd601fac751
dd1b1e6d548b32a3cde72418f1fb77353e42142676266641a9bb12447303e871
69e9eabfd18445352ece9383be55077cdb5bfb790a30a86758bc5249ff6b45bb
73000ab2f68ecf2764af133d1b7b9f0312d5885a75bf4b7e51cd7b906b36e2d4 |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
IP Address : | dstipaddress IN ("47.98.194.60") or srcipaddress IN ("47.98.194.60") |
Hash : |
sha256hash IN ("8ef56b48ac164482dddf6a80f7367298d7b4d21be3aadf0ee1d82d63e3ac0c0a","5bde055523d3b5b10f002c5d881bed882e60fa47393dff41d155cab8b72fc5f4","72702d6ddb671dc75e2ee6caf15f98b752df6125a43dae71cda35d305d989cf4","dd1b1e6d548b32a3cde72418f1fb77353e42142676266641a9bb12447303e871","69e9eabfd18445352ece9383be55077cdb5bfb790a30a86758bc5249ff6b45bb","73000ab2f68ecf2764af133d1b7b9f0312d5885a75bf4b7e51cd7b906b36e2d4") |
Reference:
https://hivepro.com/threat-advisory/efimer-trojan-from-fake-lawsuits-to-crypto-heists/?utm_sr=google&utm_cmd=organic&utm_ccn=(not%20set)&utm_ctr=(not%20provided)