Tim Brown
Tim Brown
### Area Malware reports ### Parent threat _No response_ ### Finding https://imgur.com/a/4YxuSfV ### Industry reference Cayosin (by malwaremustdie.org) ### Malware reference _No response_ ### Actor reference _No response_ ### Component...
### Area Malware reports ### Parent threat Defense Evasion, Discovery, Command and Control ### Finding https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html ### Industry reference attack:T1090:Proxy uses:ProcessTreeSpoofing attack:T1027:Obfuscated Files or Information attack:T1082:System Information Discovery ### Malware...
### Area Malware PoCs ### Parent threat Defense Evasion ### Finding https://github.com/SilentVoid13/Silent_Packer ### Industry reference attack:T1027.002:Software Packing ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux...
### Area Malware PoCs ### Parent threat Execution, Persistence ### Finding https://github.com/sad0p/d0zer ### Industry reference uses:Go attack:T1625:Hijack Execution Flow attack:T1204:Malicious File ### Malware reference _No response_ ### Actor reference _No...
### Area Offensive tools ### Parent threat Credential Access, Collection ### Finding https://github.com/SkyperTHC/bpf-keylogger ### Industry reference uses:eBPF attack:T1417.001:Keylogging ### Malware reference _No response_ ### Actor reference _No response_ ### Component...
### Area Malware reports ### Parent threat _No response_ ### Finding https://imgur.com/a/lAQ1tMQ ### Industry reference HelloBot (by malwaremustdie.org) ### Malware reference _No response_ ### Actor reference _No response_ ### Component...
### Area Defensive tools ### Parent threat Defense Evasion ### Finding https://github.com/Achiefs/fim ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux...
### Area Malware source ### Parent threat Defense Evasion ### Finding https://github.com/gianlucaborello/libprocesshider ### Industry reference uses:ProcessTreeSpoofing attack:T1574.006:Dynamic Linker Hijacking ### Malware reference libprocesshider ### Actor reference _No response_ ### Component...
### Area Malware source ### Parent threat Defense Evasion ### Finding https://github.com/chenkaie/junkcode/blob/master/xhide.c ### Industry reference uses:ProcessTreeSpoofing ### Malware reference XHide ### Actor reference _No response_ ### Component Linux ### Scenario...
### Area Defensive techniques ### Parent threat Defense Evasion ### Finding https://blog.virustotal.com/2023/12/sigma-rules-for-linux-and-macos_20.html ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux...