Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)

Linux Rabbit is malware that targeted Linux servers and IoT devices in a campaign lasting from August to October 2018. It shares code with another strain of malware known as Rabbot. The goal of the campaign was to install cryptocurrency miners onto the targeted servers and devices.(Citation: Anomali Linux Rabbit 2018)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	1
Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	1
Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	1
Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	1
Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	1
Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	2