← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Introducing Showboat: A new malware family taunts defenses and targets international telecom firms.
WHITE PetrP.73 2026-05-30 Modified: 2026-05-30
14
IOCs
MEDIUM VOLUME
A newly identified Linux malware family, referred to as Showboat, has been linked to persistent cyber campaigns against international telecommunications firms. Discovered by Black Lotus Labs, Showboat has been operational since mid-2022 and operates as a modular post-exploitation framework, allowing attackers to spawn remote shells, transfer files, and function as a Socks5 proxy. It has been associated with activity clusters reportedly aligned with the People's Republic of China (PRC), affecting telecom providers in the Middle East and impersonating firms in Southeast Asia.
new malware discoveryblack lotuslabsshowboatlumenc2 nodesocks5ip addressvirustotaluuidlinux malwareorganizationpoisonivyshadowpadmalwareaprilblizzardfebruaryukraine
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (4 / 14 total)
All FileHash-SHA256 IPv4 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 2229e7f3cabbce4d67cd79c89fd5a100b20e8a99f4a2bf9aac77a978f49eb520 2026-05-30
FileHash-SHA256 27df475626aafce2ea1548a9f35efb9ad951298c8b11a6adb3ccdfcd5170c677 2026-05-30
FileHash-SHA256 a72427af3c046fd90999a6505b2372dc4ffde122227f30ed21621ecd4f2d3e8b 2026-05-30
FileHash-SHA256 e28a96f983b8605decd2ac1db16ebad5fa741a6aa4e585a38ade0e5ad7d6cec0 2026-05-30
References (1)
↗ https://www.lumen.com/blog/en-us/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms