{"id":203320,"date":"2025-01-08T02:36:11","date_gmt":"2025-01-08T08:36:11","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/01\/new-eagerbee-variant-targets-isps-and-governments-with-advanced-backdoor-capabilities"},"modified":"2025-01-08T02:36:11","modified_gmt":"2025-01-08T08:36:11","slug":"new-eagerbee-variant-targets-isps-and-governments-with-advanced-backdoor-capabilities","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/01\/new-eagerbee-variant-targets-isps-and-governments-with-advanced-backdoor-capabilities","title":{"rendered":"New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/new-eagerbee-variant-targets-isps-and-governments-with-advanced-backdoor-capabilities.jpg\"><\/a><\/p>\n<p>Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework.<\/p>\n<p>The new variant of EAGERBEE (aka <a href=\"https:\/\/www.lac.co.jp\/lacwatch\/report\/20240605_004019.html\" rel=\"noopener\" target=\"_blank\">Thumtais<\/a>) comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute commands shells, demonstrating a significant evolution.<\/p>\n<p>\u201cThe key plugins can be categorized in terms of their functionality into the following groups: Plugin Orchestrator, File System Manipulation, Remote Access Manager, Process Exploration, Network Connection Listing, and Service Management,\u201d Kaspersky researchers Saurabh Sharma and Vasily Berdnikov <a href=\"https:\/\/securelist.com\/eagerbee-backdoor\/115175\/\" rel=\"noopener\" target=\"_blank\">said<\/a> in an analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework. The new variant of EAGERBEE (aka Thumtais) comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute commands shells, demonstrating a significant evolution. \u201cThe [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,385,418],"tags":[],"class_list":["post-203320","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-evolution","category-internet"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/203320","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=203320"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/203320\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=203320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=203320"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=203320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}