ShadowV2 (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

elf.shadowv2 (Back to overview)

ShadowV2

According to Fortinet, this is a Mirai fork propagating through multiple vulnerabilities. ShadowV2 had previously been observed targeting AWS EC2 instances in campaigns disclosed in September 2025.

References

2025-11-26 ⋅ FortiGuard Labs ⋅ Vincent Li
ShadowV2 Casts a Shadow Over IoT Devices
ShadowV2

There is no Yara-Signature yet.

ShadowV2 Propose Change

References

ShadowV2