Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)

Linux Rabbit is malware that targeted Linux servers and IoT devices in a campaign lasting from August to October 2018. It shares code with another strain of malware known as Rabbot. The goal of the campaign was to install cryptocurrency miners onto the targeted servers and devices.(Citation: Anomali Linux Rabbit 2018)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	1
Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	1
Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	1
Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	1
Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	1
Linux Rabbit - S0362 (0efefea5-78da-4022-92bc-d726139e8883)	Malware	External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	1
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	2
Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2