linux-malware

linux-malware copied to clipboard

### Area Defensive tools ### Parent threat Command and Control ### Finding https://twitter.com/timb_machine/status/1523253031382687744 ### Industry reference uses:BPF attack:T1205:Traffic Signaling ### Malware reference BPFDoor Tricephalic Hellkeeper Unix.Backdoor.RedMenshen JustForFun https://github.com/timb-machine/linux-malware/issues/420 ### Actor...

timb-machine

### Area Supply chain attacks ### Parent threat Impact ### Finding https://blog.sonatype.com/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero ### Industry reference delivery:PyPI uses:Python attack:T1620:Reflective Code Loading attack:T1070.004:File Deletion attack:T1195.001:Compromise Software Dependencies and Development Tools ### Malware...

timb-machine

### Area Supply chain attacks ### Parent threat Impact ### Finding https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices ### Industry reference delivery:NPM uses:JavaScript attack:T1195.001:Compromise Software Dependencies and Development Tools ### Malware reference wltm ### Actor reference...

timb-machine

### Area Malware reports ### Parent threat Impact ### Finding https://blog.reversinglabs.com/blog/gwisinlocker-ransomware-targets-south-korean-industrial-and-pharmaceutical-companies ### Industry reference attack:T1486:Data Encrypted for Impact region:South Korea vertical:Pharmaceutical ### Malware reference Gwisin wltm ### Actor reference _No...

timb-machine

### Area Defensive techniques ### Parent threat Lateral Movement, Command and Control, Exfiltration ### Finding https://redcanary.com/blog/process-streams/ ### Industry reference uses:bash uses:ksh93 attack:T1059:Command and Scripting Interpreter attack:T1095:Non-Application Layer Protocol ### Malware...

timb-machine

### Area Malware reports ### Parent threat _No response_ ### Finding https://www.intezer.com/blog/research/a-storm-is-brewing-ipstorm-now-has-linux-malware/ ### Industry reference _No response_ ### Malware reference IPStorm [/malware/binaries/Unix.Trojan.Ipstorm](../tree/main/malware/binaries/Unix.Trojan.Ipstorm) ### Actor reference _No response_ ### Component _No...

timb-machine

### Area Malware reports ### Parent threat Persistence, Command and Control ### Finding https://www.bitdefender.com/files/News/CaseStudies/study/376/Bitdefender-Whitepaper-IPStorm.pdf ### Industry reference uses:Go ### Malware reference IPStorm [/malware/binaries/Unix.Trojan.Ipstorm](../tree/main/malware/binaries/Unix.Trojan.Ipstorm) ### Actor reference _No response_ ### Component...

timb-machine

### Area Malware reports ### Parent threat _No response_ ### Finding https://twitter.com/avastthreatlabs/status/1430527767855058949 ### Industry reference _No response_ ### Malware reference HCRootkit https://github.com/timb-machine/linux-malware/issues/491 ### Actor reference _No response_ ### Component Linux...

timb-machine

### Area Malware PoCs ### Parent threat Persistence, Defense Evasion ### Finding https://github.com/mncoppola/suterusu ### Industry reference _No response_ ### Malware reference wltm ### Actor reference _No response_ ### Component Linux...

timb-machine

### Area Malware reports ### Parent threat _No response_ ### Finding https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html ### Industry reference uses:Go ### Malware reference Manjusaka ### Actor reference _No response_ ### Component Linux ### Scenario...

timb-machine