Malware
PeerTime
According to Cisco Talos, PeerTime is an ELF-based backdoor compiled for multiple architectures including common embedded and server platforms, with one version written in C/C++ and a newer version wr
According to Cisco Talos, PeerTime is an ELF-based backdoor compiled for multiple architectures including common embedded and server platforms, with one version written in C/C++ and a newer version written in Rust. It is deployed via shell scripts and an auxiliary "instrumentor" component that can detect container runtimes and launch the loader in these environments, with the instrumentor containing debug strings in Simplified Chinese that point to Chinese-speaking developers. PeerTime’s loader decrypts and decompresses the main payload in memory, can rename its process to appear benign, and uses the BitTorrent protocol to discover command-and-control information, exchange data with peers, and download and execute additional payloads. The malware uses standard Unix utilities to copy and place downloaded files, enabling flexible post-compromise tool delivery across diverse Linux and embedded systems.
Family metadata imported from Malpedia (Fraunhofer FKIE).