Derusbi
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[Derusbi](https://attack.mitre.org/software/S0021) is malware used by multiple Chinese APT groups.(Citation: Novetta-Axiom)(Citation: ThreatConnect Anthem) Both Windows and Linux variants have been observed.(Citation: Fidelis Turbo)
Associated Techniques (18)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1008 | Fallback Channels | - |
| T1012 | Query Registry | - |
| T1033 | System Owner/User Discovery | - |
| T1055.001 | Dynamic-link Library Injection | - |
| T1056.001 | Keylogging | - |
| T1057 | Process Discovery | - |
| T1059.004 | Unix Shell | - |
| T1070.004 | File Deletion | - |
| T1070.006 | Timestomp | - |
| T1082 | System Information Discovery | - |
| T1083 | File and Directory Discovery | - |
| T1095 | Non-Application Layer Protocol | - |
| T1113 | Screen Capture | - |
| T1123 | Audio Capture | - |
| T1125 | Video Capture | - |
Aliases (105)
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
PHOTO
Used by Actors (4)
Metadata
| ID: | 420 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |