RST TI Report Digest: 31 Mar 2025

**Shedding Zmiy deployed the PUMA Linux kernel rootkit and Bulldog backdoor in a covert campaign, leveraging kernel-level stealth, privilege escalation, and legitimate service manipulation to maintain persistence and remote control; activity was traced from August 2023 with escalation by November 2023 and many IoCs (IPs, domains, file hashes) provided for detection and response.**