Fysbis

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[Fysbis](https://attack.mitre.org/software/S0410) is a Linux-based backdoor used by [APT28](https://attack.mitre.org/groups/G0007) that dates back to at least 2014.(Citation: Fysbis Palo Alto Analysis)

Associated Techniques (12)

ID	ATT&CK	Tactics
T1027.013	Encrypted/Encoded File	-
T1036.004	Masquerade Task or Service	-
T1036.005	Match Legitimate Resource Name or Location	-
T1056.001	Keylogging	-
T1057	Process Discovery	-
T1059.004	Unix Shell	-
T1070.004	File Deletion	-
T1082	System Information Discovery	-
T1083	File and Directory Discovery	-
T1132.001	Standard Encoding	-
T1543.002	Systemd Service	-
T1547.013	XDG Autostart Entries	-

Used by Actors (1)

APT28
Nation-state

Metadata

ID:	221
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00