Tim Brown
Tim Brown
### Area Defensive tools ### Parent threat _No response_ ### Finding https://www.intezer.com/blog/malware-analysis/elf-malware-analysis-101-part-3-advanced-analysis/ ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No...
### Area Defensive tools ### Parent threat _No response_ ### Finding https://www.intezer.com/blog/malware-analysis/elf-malware-analysis-101-initial-analysis/ ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No...
### Area Defensive tools ### Parent threat _No response_ ### Finding https://www.intezer.com/blog/malware-analysis/elf-malware-analysis-101-linux-threats-no-longer-an-afterthought/ ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No...
### Area Defensive tools ### Parent threat _No response_ ### Finding https://github.com/elfmaster/avu32 ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No...
### Area Defensive tools ### Parent threat _No response_ ### Finding https://tbhaxor.com/hunting-malicious-binaries-in-containers/ ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No...
### Area Defensive tools ### Parent threat _No response_ ### Finding https://github.com/vmware/kernel-event-collector-module ### Industry reference Carbon Black ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No...
### Area Defensive tools ### Parent threat Persistence, Defense Evasion ### Finding https://redcanary.com/blog/ebpf-for-security/ ### Industry reference uses:eBPF attack:T1620:Reflective Code Loading ### Malware reference _No response_ ### Actor reference _No response_...
### Area Defensive tools ### Parent threat _No response_ ### Finding https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/mitre-att-amp-ck-technique-coverage-with-sysmon-for-linux/ba-p/2858219 ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No...
### Area Defensive tools ### Parent threat _No response_ ### Finding https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/ ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No...
### Area Defensive tools ### Parent threat _No response_ ### Finding https://github.com/op7ic/unix_collector ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Solaris,...