BruteEntry

According to Cisco Talos, BruteEntry is a Go-based ELF malware family used to convert compromised Linux systems, particularly edge devices, into operational relay boxes that perform large-scale credential brute forcing. It consists of a daemon-like agent and an "instrumentor" written in Go that ensures the agent is running, after which the agent registers with a command-and-control server and receives tasking that includes lists of target hosts and service types. BruteEntry uses embedded credential lists to systematically attempt logins against services such as SSH, PostgreSQL databases, and application servers, reporting back detailed results on success or failure. By distributing scanning and brute-force activity across many infected nodes, BruteEntry provides resilient, outsourced access acquisition capabilities for the operator’s broader intrusion campaigns.