SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.brute_entry (Back to overview)

BruteEntry

Actor(s): UAT-9244

According to Cisco Talos, BruteEntry is a Go-based ELF malware family used to convert compromised Linux systems, particularly edge devices, into operational relay boxes that perform large-scale credential brute forcing. It consists of a daemon-like agent and an "instrumentor" written in Go that ensures the agent is running, after which the agent registers with a command-and-control server and receives tasking that includes lists of target hosts and service types. BruteEntry uses embedded credential lists to systematically attempt logins against services such as SSH, PostgreSQL databases, and application servers, reporting back detailed results on success or failure. By distributing scanning and brute-force activity across many infected nodes, BruteEntry provides resilient, outsourced access acquisition capabilities for the operator’s broader intrusion campaigns.

References
2026-03-05Cisco TalosAsheer Malhotra, Brandon White
UAT-9244 targets South American telecommunication providers with three new malware implants
BruteEntry PeerTime TernDoor UAT-9244

There is no Yara-Signature yet.