xzbot (Malware Family)

xzbot

aka: xzorcist

A backdoor brought into version 5.6.0 and 5.6.1 of compression library/tool xz/liblzma, which was intended to enable access via (Open)SSH on affected servers.

References

2024-04-10 ⋅ 2024-04-10 ⋅ Antonio Pirozzi, Sarthak Misraa
XZ Utils Backdoor | Threat Actor Planned to Inject Further Vulnerabilities
xzbot

2024-04-09 ⋅ DCSO ⋅ DCSO CyTec
XZ Backdoor: How to check if your systems are affected
xzbot

2024-04-03 ⋅ Wired ⋅ Andy Greenberg, Matt Burgess
The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind
xzbot

2024-04-03 ⋅ ThreatMon ⋅ Kerime Gencay
XZ Utils Backdoor Research Report CVE-2024-3094
xzbot

2024-04-01 ⋅ Github (amlweems) ⋅ Anthony Weems
Analysis Repo with honeypot and backdoor patch for xzbot
xzbot

2024-03-31 ⋅ Twitter (@fr0gger) ⋅ Thomas Roccia
Tweet with visual summary of the execution flow
xzbot

2024-03-31 ⋅ Github (karcherm) ⋅ Michael Karcher
Information about the liblzma (xz-utils) backdoor
xzbot

2024-03-30 ⋅ Github (smx-smx) ⋅ smx
Gist with XZ Backdoor analysis
xzbot

2024-03-30 ⋅ Gynvael.Coldwind//vx.log ⋅ Gynvael Coldwind
xz/liblzma: Bash-stage Obfuscation Explained
xzbot

2024-03-29 ⋅ Openwall ⋅ Andres Freund
Initial email disclosing suspected backdoor in xz tarballs
xzbot

2024-03-29 ⋅ Github (thesamsam) ⋅ Sam James
Gist with XZ Backdoor analysis
xzbot

2024-03-29 ⋅ CISA ⋅ CISA
Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094
xzbot

2024-03-29 ⋅ boehs.org ⋅ Evan Boehs
Everything I Know About the XZ Backdoor
xzbot

There is no Yara-Signature yet.

xzbot Propose Change

References

xzbot