New Case Study: Threat Hunter finds renamed system utilities by file hash to uncover multiple attacks   

Read Case Study


Trickbot’s Anchor Framework Malware Comes to Linux

July 31, 2020

Originally discovered by Stage 2 Security researcher Waylon Grange and reported by Bleeping Computer, a new sample of Trickbot’s Anchor Framework has been discovered for Linux, aptly named “Anchor_Linux.” Trickbot’s Anchor Framework is typically deployed on high-value, high-impact targets with valuable financial information. The new Linux variant serves as an initial foothold for server environments and can be used to spread laterally to Windows machines in a Linux or UNIX environment.

Analyst Notes

As this Linux variant will typically be deployed to systems after an initial phishing email, Binary Defense recommends using caution when opening any files from unknown sources such as email. Additionally, Anchor_Linux saves a log to /tmp/anchor.log, which users can use to identify if they are infected.