linux-malware icon indicating copy to clipboard operation
linux-malware copied to clipboard
verified publisher icon timb-machine

[Intel]: https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/

Open timb-machine opened this issue 3 years ago • 0 comments

Area

Malware reports

Parent threat

Persistence, Defense Evasion

Finding

https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/

Industry reference

uses:LD_PRELOAD attack:T1574.006:Dynamic Linker Hijacking attack:T1548.001:Setuid and Setgid attack:T1556.003:Pluggable Authentication Modules attack:T1027:Obfuscated Files or Information attack:T1082:System Information Discovery attack:T1562.001:Disable or Modify Tools attack:T1003.007:Proc Filesystem attack:T1563.001:SSH Hijacking uses:Port Hiding uses:/dev/shm

Malware reference

OrBit /malware/binaries/OrBit

Actor reference

No response

Component

Linux

Scenario

No response

Scenario variation

No response

timb-machine avatar Jul 08 '22 00:07 timb-machine