Tim Brown

### Area Defensive tools ### Parent threat _No response_ ### Finding https://github.com/Gui774ume/krie ### Industry reference uses:eBPF ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux ###...

### Area Defensive tools ### Parent threat Execution ### Finding https://github.com/evilsocket/ebpf-process-anomaly-detection ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux ###...

### Area Malware reports ### Parent threat Defense Evasion ### Finding https://sansec.io/research/nginrat ### Industry reference uses:/dev/shm attack:T1036.005:Match Legitimate Name or Location attack:T1574.006:Dynamic Linker Hijacking attack:T1027:Obfuscated Files or Information ### Malware...

### Area Malware reports ### Parent threat Defense Evasion, Command and Control ### Finding https://sansec.io/research/cronrat ### Industry reference uses:/dev/shm attack:T1053.003:Cron attack:T1027:Obfuscated Files or Information attack:T1001.003:Protocol Impersonation attack:T1036.005:Match Legitimate Name or...

### Area Malware reports ### Parent threat Impact ### Finding https://sysdig.com/blog/muhstik-malware-botnet-analysis/ ### Industry reference uses:k8s uses:/dev/shm attack:T1190:Exploit Public-Facing Application attack:T1505.003:Web Shell attack:T1105:Ingress Tool Transfer attack:T1053.003:Cron attack:T1037.004:RC Scripts ### Malware reference...

### Area Malware reports ### Parent threat _No response_ ### Finding https://vms.drweb.com/virus/?i=15389228 ### Industry reference ? ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No response_...

### Area Malware reports ### Parent threat Persistence, Defense Evasion ### Finding https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/ ### Industry reference uses:LD_PRELOAD attack:T1574.006:Dynamic Linker Hijacking attack:T1548.001:Setuid and Setgid attack:T1556.003:Pluggable Authentication Modules attack:T1027:Obfuscated Files or Information...

[Intel]: https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/

3

### Area Malware reports ### Parent threat Initial Access, Credential Access, Impact ### Finding https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/ ### Industry reference attack:T1078:Valid Accounts attack:T1100:Brute Force attack:T1498:Network Denial of Service attack:T1053.003:Cron attack:T1105:Ingress Tool Transfer...

### Area Malware reports ### Parent threat Initial Access, Persistence, Defense Evasion, Impact ### Finding https://cujo.com/threat-alert-krane-malware/ ### Industry reference attack:T1110.003:Password Spraying attack:T098:Account Manipulation attack:T1105:Ingress Tool Transfer attack:T1562.003:Impair Command History Logging...

### Area Malware source ### Parent threat Defense Evasion, Command and Control ### Finding https://pastebin.com/kmmJuuQP ### Industry reference attack:T1205.002:Socket Filters attack:T1205:Traffic Signaling uses:BPF uses:Non-persistentStorage uses:ProcessTreeSpoofing ### Malware reference BPFDoor [/malware/binaries/BPFDoor](../tree/main/malware/binaries/BPFDoor)...