Juba VoIP is referenced as a competing criminal threat actor operating in the ecosystem of internet-exposed VoIP platforms, particularly FreePBX-related environments. In the cited reporting, Juba VoIP is not the primary actor but is identified as one of at least seven rival groups whose implants and persistence mechanisms were explicitly targeted for removal by a separate FreePBX malware operation associated with VictamPbx. Artifacts linked to Juba VoIP included a system user named "juba" and webshell signature strings including "JUBAVOIP," which were searched for and deleted by the rival malware. The broader activity occurred in the context of criminal competition for exclusive control of vulnerable FreePBX, Elastix, Issabel, and Sangoma systems used for VoIP toll fraud and International Revenue Share Fraud. No additional high-confidence details about Juba VoIP’s own infrastructure, tooling, or nationality are directly provided in the content. Known alias from the content: juba_voip.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Sectors the actor has been observed targeting.
1 malware family attributed to this actor across reporting.
1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.