HOMETHREATSPeerTime
APT / THREAT GROUP

PeerTime

2
aliases
Last seen:May 13, 2026

Intelligence Profile

According to Cisco Talos, PeerTime is an ELF-based backdoor compiled for multiple architectures including common embedded and server platforms, with one version written in C/C++ and a newer version written in Rust. It is deployed via shell scripts and an auxiliary "instrumentor" component that can detect container runtimes and launch the loader in these environments, with the instrumentor containing debug strings in Simplified Chinese that point to Chinese-speaking developers. PeerTime’s loader decrypts and decompresses the main payload in memory, can rename its process to appear benign, and uses the BitTorrent protocol to discover command-and-control information, exchange data with peers, and download and execute additional payloads. The malware uses standard Unix utilities to copy and place downloaded files, enabling flexible post-compromise tool delivery across diverse Linux and embedded systems.

Threat Analysis

PeerTime is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning PeerTime

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

elf.peer_timePeerTime

External Intelligence

Malpedia: elf.peer_time

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
PeerTime — APT / Threat Group | Threat Intelligence | CTIWATCH.COM