Tim Brown
Tim Brown
### Area Malware reports ### Parent threat Defense Evasion ### Finding https://unfinished.bike/fun-with-the-new-bpfdoor-2023 ### Industry reference attack:T1205.002:Socket Filters attack:T1205:Traffic Signaling uses:BPF uses:Non-persistentStorage attack:T1070.006:Timestomp attack:T1070.004:File Deletion ### Malware reference BPFDoor [/malware/binaries/BPFDoor](../tree/main/malware/binaries/BPFDoor) wltm...
### Area Supply chain attacks ### Parent threat Initial Access, Discovery, Command and Control ### Finding https://blog.phylum.io/dozens-of-npm-packages-caught-attempting-to-deploy-reverse-shell/ ### Industry reference delivery:NPM attack:T1195.001:Compromise Software Dependencies and Development Tools attack:T1082:System Information Discovery...
### Area Malware PoCs ### Parent threat Persistence, Privilege Escalation, Defense Evasion, Command and Control ### Finding https://github.com/R3tr074/brokepkg ### Industry reference uses:ProcessTreeSpoofing uses:AbnormalSignal uses:TamperCredStruct uses:PortHiding attack:T1547.006:Kernel Modules and Extensions attack:T1564.001:Hidden...
### Area Malware reports ### Parent threat Impact ### Finding https://twitter.com/Unit42_Intel/status/1653760405792014336 ### Industry reference attack:T1486:Data Encrypted for Impact ### Malware reference wltm BlackSuite ### Actor reference _No response_ ### Component...
### Area Malware reports ### Parent threat Initial Access, Discovery, Lateral Movement, Collection, Impact ### Finding https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group ### Industry reference attack:T1486:Data Encrypted for Impact ### Malware reference Cheerscrypt Night Sky...
### Area Malware reports ### Parent threat _No response_ ### Finding https://cybersecurity.att.com/blogs/labs-research/botenago-strike-again-malware-source-code-uploaded-to-github ### Industry reference Botenago ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No response_...
### Area Malware reports ### Parent threat _No response_ ### Finding http://it.rising.com.cn/fanglesuo/19851.html ### Industry reference SFile ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No response_...
### Area Malware reports ### Parent threat _No response_ ### Finding https://tolisec.com/ssh-backdoor-botnet-with-research-infection-technique/ ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No...
### Area Malware reports ### Parent threat _No response_ ### Finding https://blog.netlab.360.com/threat-alert-log4j-vulnerability-has-been-adopted-by-two-linux-botnets/ ### Industry reference Muhstik ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No response_...
### Area Malware reports ### Parent threat _No response_ ### Finding https://pastebin.com/Z3sXqDCA ### Industry reference Mozi (by malwaremustdie.org) ### Malware reference _No response_ ### Actor reference _No response_ ### Component...