|
Malware:
|
fast16, FIRESTARTER, GoGra, Graphon, Mini Shai-Hulud, Ransomware Evil, REvil, Sha1-Hulud: The Second Coming, Shai-Hulud, Shai-Hulud 2.0, Shai-Hulud 3.0, Sodinokibi, WanaCrypt0r 2.0, WannaCry, WannaCrypt, WCry |
|
CVEs:
|
CVE-2016-5195, CVE-2022-0847, CVE-2026-31431, CVE-2026-43284, CVE-2026-43500 |
|
Technologies:
|
Alpine Linux, Amazon Linux, Arch Linux, CloudLinux OS, containerd, CRI-O, Debian, Docker, EuroLinux, Fedora, Gentoo, GitHub Actions, GitLab, Jenkins, Kubernetes, KylinSoft Kylin, Linux, LXC, Microsoft Entra ID, NixOS, openEuler, openSUSE, Pluggable Authentication Modules, Podman, Red Hat Enterprise Linux, Red Hat OpenShift Container Platform, Rocky Enterprise Software Foundation Rocky Linux, Rocky Linux, Slackware Linux, SUSE Linux Enterprise, Tizen, Turbolinux, Ubuntu, UnionTech UOS, Univention Corporate Server |
|
Threat Actors:
|
APT41, BanishedKitten, FlaxTyphoon, HandalaHack, HomelandJustice, RedSandstorm, SaltTyphoon, Storm-0842, VoidManticore, VoltTyphoon |
|
Attacker Domains:
|
audit[.]checkmarx[.]cx, copy[.]fail, github[.]com, git[.]kernel[.]org, lore[.]kernel[.]org, nvd[.]nist[.]gov, raw[.]githubusercontent[.]com, sploitus[.]com, xint[.]io |
|
Attacker URLs:
|
audit[.]checkmarx[.]cx/v1/telemetry, github[.]com/0xlane/pagecache-guard, hxxps[://]copy[.]fail, hxxps[://]copy[.]fail/, hxxps[://]copy[.]fail/#contact, hxxps[://]copy[.]fail/exp, hxxps[://]copy[.]fail/public/demo.mp4, hxxps[://]gist[.]github[.]com/blasty/d7b5d0599b154c9ec83c182acbd56e8b, hxxps[://]github[.]com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo/, hxxps[://]github[.]com/mhdgning131/CVE-2026-31431_poc.git, hxxps[://]github[.]com/Percivalll/Copy-Fail-CVE-2026-31431-Kubernetes-PoC, hxxps[://]github[.]com/rootsecdev/cve_2026_31431, hxxps[://]github[.]com/rootsecdev/cve_2026_31431/blob/f288952034d0d1b21c035d178c7a485dcf6a3618/exploit_cve_2026_31431.py#L183-L187, hxxps[://]github[.]com/theori-io/copy-fail-CVE-2026-31431, hxxps[://]github[.]com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py, hxxps[://]github[.]com/user-attachments/assets/27e0f28e-0cb8-438d-9fe4-ebd56035adad, hxxps[://]github[.]com/V4bel/dirtyfrag/tree/master, hxxps[://]git[.]kernel[.]org/pub/scm/linux/kernel/git/stable/linux.git/about/, hxxps[://]lore[.]kernel[.]org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/, hxxps[://]nvd[.]nist[.]gov/vuln/detail/CVE-2026-31431, hxxps[://]raw[.]githubusercontent[.]com/theori-io/copy-fail-CVE-2026-31431/main/copy_fail_exp.py, hxxps[://]securityaffairs[.]com/191629/hacking/u-s-cisa-adds-a-flaw-in-linux-kernel-to-its-known-exploited-vulnerabilities-catalog.html, hxxps[://]sploitus[.]com/exploit?id=A310CBC4-CE91-509B-ADDF-881523045AF1, hxxps[://]sploitus[.]com/exploit?id=MSF:EXPLOIT-LINUX-LOCAL-CVE_2026_31431_COPY_FAIL-, hxxps[://]www[.]openwall[.]com/lists/oss-security/2026/04/29/23, hxxps[://]xint[.]io/blog/copy-fail-linux-distributions, hxxps[://]xint[.]io/blog/copy-fail-linux-distributions#the-fix-6 |
|
Attacker Hashes:
|
0533cff5831152a2f6499b1c708a4344336b35b369151c64122335332a09b0a9, 100262da02453c33f4a4a6916423966b, 1111111111111111111111111111111111111111111111111111111111111111, 11596758ecc621a946c4f262a6d49ff3b45887c9, 1343309df1351265351b3c6053b53d340443151e, 1913180e3039f339580742b4980b80a34403193a, 19991118784b8969881432414811418151851111, 299c53293f32a67311514f5338125338, 39e8878922b183047d9be0da04402b23da289405, 3be49c5ddb11ad62610bdc9f2389f842b753cd53, 3c5ec61632d0699e048d8428461c4d65f89988a370396db2f070f63ebbf9dbae, 690691c6a03b84534484809601385a3c0970a42c0171f670998762c5e1b9438a, 72548b093ee38a6d4f2a19e6ef1948ae05c181f7, 83194d178f4b9c6fcdfaed0ea4ae3ec2ca3db6f4, 84f44c4a699e025ceff588028c9e041b213d6198fc7fa40b7d24ca6ebbf9b305, 87915e67782ebd34d91a2b557b22eccf0f6e3de1, 9454dbdde0ac2d1a8981c06db89f24a4753ec3b7, 985614541dd1239c773049335738d50c, 9b0f16503767336bc8a821482933c1111aafa23a, a4d4c899a00f948016279448356c49e8454a09f7, a567d09b15f6e4440e70c9f2aa8edec8ed59f53301952df05c719aa3911687f9, a79c6ab7e9d14e60af8d7dfc1c102e3bc93a910b, b35ddf2ecd035faf9b38af62779502b7fa19037115054a00ed8d5327a3f2ec03, d401e7d1c00605749d6c617ace73ab20a762b72e41c2e1590331596e38219a61, de824c48ca8e2d41dcbb99468148370b1f2c1497, e097ce64b1bf0933e69c9d342038fb52f4b278da62b265daa3adf22c00658a9c, ed0018054d8e7058b299b7591bc32364dbc439c25be4067450189b1a73033c67 |
|
Victim Industries:
|
Aerospace, Cloud Infrastructure, Data Centers, Financials, Government, Healthcare, Health Care Technology, Information Technology, Internet & Cloud Services, Internet of Things (IoT), Manufacturing, Public Sector, Semiconductors, Software, Technology Hardware, Telecommunications, Web Hosting |
|
Victim Countries:
|
Austria, Belgium, Bulgaria, China, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Singapore, Slovakia, Slovenia, South Korea, Spain, Sweden, United Kingdom, United States |