Skip to content
MalwareWiki

Malware

GRIMBOLT

According to Mandiant, GRIMBOLT is a C#-written foothold backdoor compiled using native ahead-of-time (AOT) compilation and packed with UPX.

GRIMBOLT is a Linux malware family.

Background

Per Mandiant, GRIMBOLT is a foothold backdoor coded in C#, built with native ahead-of-time (AOT) compilation and packed using UPX. It offers a remote shell and relies on the same command-and-control infrastructure as the earlier BRICKSTORM payload. Whether the actor's swap from BRICKSTORM to GRIMBOLT reflected a planned tooling refresh or a response to incident-response activity remains uncertain.

Source: Malpedia (Fraunhofer FKIE).