SPAWNSNARE (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

elf.spawnsnare (Back to overview)

SPAWNSNARE

According to Mandiant, this is a utility that is written in C and targets Linux. It can be used to extract the uncompressed linux kernel image (vmlinux) into a file and encrypt it using AES without the need for any command line tools.

References

2025-04-03 ⋅ Mandiant ⋅ Jacob Thompson, John Wolfram, Josh Murchie, Matt Lin, Michael Edie
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
SPAWNSNARE

There is no Yara-Signature yet.

SPAWNSNARE Propose Change

References

SPAWNSNARE