linux-malware icon indicating copy to clipboard operation
linux-malware copied to clipboard
verified publisher icon timb-machine

[Intel]: https://github.com/CiscoCXSecurity/presentations/blob/master/Auditd%20for%20the%20newly%20threatened.pdf

Open timb-machine opened this issue 3 years ago • 0 comments

Area

Defensive tools

Parent threat

Persistence, Defense Evasion, Credential Access, Command and Control

Finding

https://github.com/CiscoCXSecurity/presentations/blob/master/Auditd%20for%20the%20newly%20threatened.pdf

Industry reference

https://github.com/timb-machine/linux-malware/issues/156 https://github.com/timb-machine/linux-malware/issues/418 https://github.com/timb-machine/linux-malware/issues/420 uses:BPF attack:T1036:Masquerading attack:T1070:Indicator Removal on Host attack:T1205:Traffic Signaling attack:T1005:Data from Local System attack:T1083:File and Directory Discovery attack:T1003:OS Credential Dumping attack:T1558:Steal or Forge Kerberos Tickets

Malware reference

BPFDoor Linikatz

Actor reference

No response

Component

Linux

Scenario

No response

Scenario variation

No response

timb-machine avatar Jun 06 '22 19:06 timb-machine