APT / THREAT GROUP
Gitpaste-12
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Gitpaste-12 is a modular malware first observed in October 2020 targeting Linux based x86 servers, as well as Linux ARM and MIPS based IoT devices. It uses GitHub and Pastebin as dead drop C2 locations.
Threat Analysis
Gitpaste-12 is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
elf.gitpaste12Gitpaste-12
External Intelligence
Malpedia: elf.gitpaste12Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.