Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)

Linux Rabbit is malware that targeted Linux servers and IoT devices in a campaign lasting from August to October 2018. It shares code with another strain of malware known as Rabbot. The goal of the campaign was to install cryptocurrency miners onto the targeted servers and devices.(Citation: Anomali Linux Rabbit 2018)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	1
Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	1
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	1
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	1
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	2