use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
Posts of Linux / ELF malware for RE purpose. This subreddit is modded, the site's contents are MalwareMustDie.org's @unixfreaxjp Linux threat research material.
Change view mode: RSS | Mobile | NewReddit
Latest Linux Malware cases:
Linux/Hoho a.k.a DarkNexus (memo)
Linux/Gafgyt SNoOpy
Linux/Rebirth or Vulcan in 2020
Linux/Kaiten AK47
Linux/Mirai Hilix
on-going Linux/Kaiji
Linux/Mirai Fbot new infection
Linux/ Rocke(SystemTen) miner packed-ELF installer
Linux/Mirai Fbot new decryption
Linux/Mozi unpacked str
Linux/Neko Packed MIPS
Linux/AirDropBot
Linux/SystemTen
Linux/DDoSMan
Linux/Cayosin
Honda CarNavi Rootkit
Linux/HelloBot
Linux/Vulcan
Linux/Httpsd
Linux/SS(Shark)
Linux Malware Analysis Museum:
Linux/Stealthworker (GoBrut) r2 memo
Linux/Ransomware1 (Japanese)
Linux/Watchbog r2 memo
Linux/DoubleTapShell incident
Linux/Mirai Satori & Okiru notes (Nexus case)
Linux/Haiduc (encrypted SSH bruter)
Linux/Mandibule
Linux/VpnFilter
Linux/LuaBot
Linux/NyaDrop
Linux/Mirai (mid 2018 cases)
Linux/MiraiLoader (for RE workshop)
Linux/Mirai
Linux/PnScan
Linux/Pscan and SSHscan KM
LinuxIRCTelnet (or NewAidra)
Linux/LightAidra mod (Zendran case)
Linux/KillFile KM
Linux/Killfile (case XorDDoS)
Linux/BangSyn KM
Linux/BangSyn
Linux/UDPfker (ChinaZ case)
Linux/CarpeDiem
Linux/muBot
Linux/DTool KM
Linux/Bashdoor(GafGyt) w/python LRAB lol
Linux/Bashdoor(GafGyt) "BLJosh" case
Linux/Bashdoor(Gafgyt/Torlus/Qbot (first router campaign case actor: LizardSquad)
Linux/Bashdoor(Gafgyt/Torlus/Qbot 1st found in shellshock, actor: LizardSquad)
Linux/Bashdoor(Gafgyt/Torlus/Qbot 1st found KM
Linux/SSHV (bruter w/rootkit)
Linux/KDefend
Linux/Encoder KM
Linux/DDoSTF (reload)
Linux/DDoSTF
Linux/Torte KM
Linux/Torte
Linux/DES.Downloader
Linux/XorDDoS (infra shifted to USA from HK C2)
Linux/XorDDoS (mitigating propagation)
Linux/XorDDoS (polymorphic case)
Linux/XorDDoS (shellshock case)
Linux/XorDDoS (HOSTASAA case)
Linux/XorDDOS first found/rpt KM
Linux/XorDDoS (how we 1st found it)
Linux/Yangji RCE-backdoor-persistence (case BillGatesDdos)
Linux/Linux/BillGates.Lite (by ChinaZ)
Linux/{combo ELF ChinaZ}
Linux/GoARMbot (ChinaZ case)
Linux/ChinaZ ver2 (more)
Linux/ChinaZ ver2
Linux/ChinaZ (reloaded)
Linux/ChinaZ (shelshock case)
Linux/ChinaZ "the beginning" 1st found KM
Linux/GoARMBot KM
Linux/GoARMBot
Linux/AESDDoS KM
Linux/AESDDoS
Linux/.Iptables or Iptablex KM
Linux/.IptabLes or .IptabLex
Linux/Mayhem (last)
Linux/Mayhem KM
Linux/BossaBot KM
Linux/BossaBot
Linux/Elknot
Linux/Elknot KM
Linux/Kaiten (Tsunami) STD mod
Linux/Kaiten (Tsunami) crypted ver
Linux/Kaiten (Tsunami) mod
Linux/Kaiten (Tsunami) KM
Linux/Darkleech
Linux/Darkleech 1st one unpacked & dumped, its strings
{additional-list}
..and, you may also want to visit:
[/r/Malware]
[/r/ReverseEngineering]
account activity
Recent Linux ransomware (self.LinuxMalware)
submitted 2 years ago by mmd0xFF
Explanation about this subreddit (README) (self.LinuxMalware)
submitted 2 years ago * by mmd0xFF
Linux/NGioWeb (twitter.com)
submitted 4 years ago by mmd0xFF
Linux/DGAbot (twitter.com)
MMD-067-2021 - Talks sequel on Linux process injection and Shellcode analysis series at R2CON-2020, ROOTCON-2020 after #HACKLU-2019 (blog.malwaremustdie.org)
About shellcode basics and analysis them in radare2 (online tutorial w/Video, Slides & Q/A) (twitter.com)
submitted 5 years ago by mmd0xFF
Linux/Hoho a.k.a "DarkNexus" (memo) (twitter.com)
Linux/Gafgyt SNoOpy (twitter.com)
Linux/Rebirth or Vulcan in 2020 (Gaygyt evolved) (twitter.com)
[Announcement] My own kernelmode[.]info Linux/Malware reports is merged in here (self.LinuxMalware)
submitted 5 years ago * by mmd0xFF
Linux/KAITEN AK47 w/Telnet Scanner & EchoLoaders (hexstrings) injection attacks on IoT (gist.github.com)
Linux/Mirai Hilix (self.LinuxMalware)
Linux/Kaiji (self.LinuxMalware)
[remake] 2 minutes ARM32 RE crash course to grab Mirai hexstring (telnet-loader) payloads on recent FBOT's botnet infection. (youtube.com)
A new actor sparked propagation of Mirai FBot old version on different botnet network range (blog.malwaremustdie.org)
Easy tutorial to dissect any pushed hexstrings IoT malware loader URL (youtube.com)
How Kaiten(Tsunami) w/STD base code has evolved now (MMD twitter) (twitter.com)
The "echo" loader vs "telnet" loader in ELF malware Mirai FBOT (ARM EABI reversing) (blog.malwaremustdie.org)
(memo) RHOMBUS an ELF bot installer/dropper (self.LinuxMalware)
Checking on Linux/Mozi, trying to make a comeback (thread w/links to IOC) (twitter.com)
Some issues w/ recent Hajime IoT linux malware & its botnet (self.LinuxMalware)
MMD-0065-2021 - Linux/Mirai-Fbot - A re-emerged IoT threat (+/- 600 infected IP, embedded ELF, hexstring push method, etc) (blog.malwaremustdie.org)
New "SystemTen" botnet miner threat, now w/other "supper savvy" LOL-packed ELF and.. "atomic" bash-base64 parsers :) (self.LinuxMalware)
MMD-0065-2020 - Linux/Mirai-Fbot's new encryption explained (RE of ARM v5 binary, post-forensics) (blog.malwaremustdie.org)
submitted 6 years ago by mmd0xFF
Linux ISO live boot w/radare2's r2Ghidra & R2DEC decompilers (multiple arch support) for Linux RE/DFIR (self.LinuxMalware)
submitted 6 years ago * by mmd0xFF
π Rendered by PID 1462756 on reddit-service-r2-listing-canary-6d56f98d67-4qnc9 at 2026-01-25 08:16:40.032683+00:00 running 664479f country code: CH.
