← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Introducing Showboat: A new malware family taunts defenses and targets international telecom firms.
A newly identified Linux malware family, referred to as Showboat, has been linked to persistent cyber campaigns against international telecommunications firms. Discovered by Black Lotus Labs, Showboat has been operational since mid-2022 and operates as a modular post-exploitation framework, allowing attackers to spawn remote shells, transfer files, and function as a Socks5 proxy. It has been associated with activity clusters reportedly aligned with the People's Republic of China (PRC), affecting telecom providers in the Middle East and impersonating firms in Southeast Asia.
MITRE ATT&CK & Malware Families
Indicators of Compromise (14)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-SHA256 | 2229e7f3cabbce4d67cd79c89fd5a100b20e8a99f4a2bf9aac77a978f49eb520 | — | 2026-05-30 | |
| FileHash-SHA256 | 27df475626aafce2ea1548a9f35efb9ad951298c8b11a6adb3ccdfcd5170c677 | — | 2026-05-30 | |
| FileHash-SHA256 | a72427af3c046fd90999a6505b2372dc4ffde122227f30ed21621ecd4f2d3e8b | — | 2026-05-30 | |
| FileHash-SHA256 | e28a96f983b8605decd2ac1db16ebad5fa741a6aa4e585a38ade0e5ad7d6cec0 | — | 2026-05-30 | |
| IPv4 | 101.36.105.222 | CC=HK ASN=AS135377 ucloud information technology (hk) limited | 2026-05-30 | |
| IPv4 | 116.169.244.208 | CC=CN ASN=AS4837 china unicom china169 backbone | 2026-05-30 | |
| IPv4 | 139.84.227.139 | CC=US ASN=AS20473 the constant company llc | 2026-05-30 | |
| IPv4 | 194.135.25.132 | CC=RU ASN=ASNone | 2026-05-30 | |
| IPv4 | 23.27.201.160 | CC=US ASN=AS18779 egihosting | 2026-05-30 | |
| IPv4 | 64.176.43.209 | CC=US ASN=ASNone | 2026-05-30 | |
| domain | kaztelecom.shop | — | 2026-05-30 | |
| domain | singtelcom.site | — | 2026-05-30 | |
| hostname | telecom.webredirect.org | — | 2026-05-30 | |
| IPv4 | 192.9.141.111 | — | 2026-05-30 |