Tim Brown

### Area Malware reports ### Parent threat Impact ### Finding https://cybersecurity.att.com/blogs/labs-research/blackcat-ransomware ### Industry reference _No response_ ### Malware reference BlackCat https://github.com/timb-machine/linux-malware/issues/512 ### Actor reference _No response_ ### Component _No response_...

### Area Malware reports ### Parent threat Impact ### Finding https://unit42.paloaltonetworks.com/blackcat-ransomware/ ### Industry reference _No response_ ### Malware reference BlackCat https://github.com/timb-machine/linux-malware/issues/512 ### Actor reference _No response_ ### Component _No response_...

### Area Malware reports ### Parent threat Impact ### Finding https://www.varonis.com/blog/alphv-blackcat-ransomware ### Industry reference _No response_ ### Malware reference BlackCat https://github.com/timb-machine/linux-malware/issues/512 ### Actor reference _No response_ ### Component _No response_...

### Area Malware reports ### Parent threat Impact ### Finding https://securelist.com/a-bad-luck-blackcat/106254/?_sp=3b4159db-9e20-4bfa-a47f-f8671b594d75.1649770307513 ### Industry reference _No response_ ### Malware reference BlackCat https://github.com/timb-machine/linux-malware/issues/512 ### Actor reference _No response_ ### Component _No response_...

### Area Malware source ### Parent threat Persistence, Defense Evasion, Command and Control ### Finding https://pastebin.com/raw/kmmJuuQP ### Industry reference uses:BPF attack:T1036:Masquerading attack:T1070:Indicator Removal on Host attack:T1205:Traffic Signaling ### Malware reference...

### Area Malware reports ### Parent threat Persistence, Defense Evasion, Command and Control ### Finding https://twitter.com/cyb3rops/status/1523227511551033349 ### Industry reference uses:BPF attack:T1036:Masquerading attack:T1070:Indicator Removal on Host attack:T1205:Traffic Signaling ### Malware reference...

### Area Malware reports ### Parent threat Persistence, Defense Evasion, Command and Control ### Finding https://twitter.com/CraigHRowland/status/1523266585133457408 ### Industry reference uses:BPF attack:T1036:Masquerading attack:T1070:Indicator Removal on Host attack:T1205:Traffic Signaling ### Malware reference...

### Area Malware binaries ### Parent threat Persistence, Defense Evasion, Command and Control ### Finding https://bazaar.abuse.ch/browse/tag/Symbiote/ ### Industry reference https://github.com/timb-machine/linux-malware/issues/452 attack:T1205:Traffic Signaling attack:T1036:Masquerading attack:T1070:Indicator Removal on Host attack:T1556.003:Pluggable Authentication Modules...

### Area Press/academia ### Parent threat _No response_ ### Finding https://blogs.vmware.com/security/2022/02/2022-vmware-threat-report-exposing-malware-in-linux-based-multi-cloud-environments.html ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux ###...

### Area Malware reports ### Parent threat Execution, Persistence, Defense Evasion ### Finding https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linux ### Industry reference attack:T1059:Command and Scripting Interpreter attack:T1569: System Service attack:T1569.002: Service Execution attack:T1543: Create or...