[Intel]: https://twitter.com/CraigHRowland/status/1523266585133457408

[timb-machine]

Area

Malware reports

Parent threat

Persistence, Defense Evasion, Command and Control

Finding

https://twitter.com/CraigHRowland/status/1523266585133457408

Industry reference

uses:BPF attack:T1036:Masquerading attack:T1070:Indicator Removal on Host attack:T1205:Traffic Signaling

Malware reference

BPFDoor Tricephalic Hellkeeper Unix.Backdoor.RedMenshen JustForFun https://github.com/timb-machine/linux-malware/issues/418

Actor reference

DecisiveArchitect

Component

Linux

Scenario

No response

Scenario variation

No response