SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.peer_time (Back to overview)

PeerTime

Actor(s): UAT-9244

According to Cisco Talos, PeerTime is an ELF-based backdoor compiled for multiple architectures including common embedded and server platforms, with one version written in C/C++ and a newer version written in Rust. It is deployed via shell scripts and an auxiliary "instrumentor" component that can detect container runtimes and launch the loader in these environments, with the instrumentor containing debug strings in Simplified Chinese that point to Chinese-speaking developers. PeerTime’s loader decrypts and decompresses the main payload in memory, can rename its process to appear benign, and uses the BitTorrent protocol to discover command-and-control information, exchange data with peers, and download and execute additional payloads. The malware uses standard Unix utilities to copy and place downloaded files, enabling flexible post-compromise tool delivery across diverse Linux and embedded systems.

References
2026-03-05Cisco TalosAsheer Malhotra, Brandon White
UAT-9244 targets South American telecommunication providers with three new malware implants
BruteEntry PeerTime TernDoor UAT-9244

There is no Yara-Signature yet.