Threat Bulletin: Fire in the Woods – A New Variant of FireWood

Intezer researchers identified a new, low-detected variant of the FireWood Linux backdoor (RAT) that modifies startup sequencing, command set, persistence paths for root and non-root users, and connection logic while continuing to use kernel-level rootkit techniques and TEA-based communication; the report includes technical analysis, commands, persistence/file paths, and multiple SHA256 IOCs and notes a possible link to the long-running Project Wood/Gelsemium lineage.