[Intel]: https://twitter.com/inversecos/status/1527188391347068928

[timb-machine]

Area

Defensive tools

Parent threat

Persistence, Defense Evasion

Finding

https://twitter.com/inversecos/status/1527188391347068928

Industry reference

uses:BPF attack:T1036:Masquerading attack:T1070:Indicator Removal on Host

Malware reference

BPFDoor Tricephalic Hellkeeper Unix.Backdoor.RedMenshen JustForFun

Actor reference

DecisiveArchitect

Component

Linux, Solaris

Scenario

No response

Scenario variation

Device application sandboxing