linux-malware issues

[Intel]: https://www.forensicxlab.com/posts/inodes/

### Area Defensive techniques ### Parent threat Defense Evasion ### Finding https://www.forensicxlab.com/posts/inodes/ ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux...

timb-machine

new

[Intel]: https://github.com/akawashiro/sloader

### Area Offensive techniques ### Parent threat Defense Evasion ### Finding https://github.com/akawashiro/sloader ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux...

timb-machine

confirmed

[Intel]: https://github.com/fireeye/SSSDKCMExtractor

### Area Offensive tools ### Parent threat _No response_ ### Finding https://github.com/fireeye/SSSDKCMExtractor ### Industry reference attack:T1558:Steal or Forge Kerberos Tickets ### Malware reference _No response_ ### Actor reference _No response_...

timb-machine

confirmed

[Intel]: https://github.com/blacklanternsecurity/KCMTicketFormatter

### Area Offensive tools ### Parent threat Credential Access ### Finding https://github.com/blacklanternsecurity/KCMTicketFormatter ### Industry reference attack:T1558:Steal or Forge Kerberos Tickets ### Malware reference _No response_ ### Actor reference _No response_...

timb-machine

confirmed

[Intel]: https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf

### Area Malware reports ### Parent threat _No response_ ### Finding https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf ### Industry reference _No response_ ### Malware reference DarkNexus ### Actor reference _No response_ ### Component Linux ###...

timb-machine

new

missing:tactics

missing:tag:T1005

missing:tag:T1048

missing:tag:T1057

missing:tag:T1070.004

missing:tag:T1071.001

missing:tag:T1083

missing:tag:T1491

missing:tag:T1567

missing:tag:T1573

missing:tag:T1590

missing:tag:T1027.002

missing:tag:T1053.003

missing:tag:T1560

missing:tag:Non-persistentStorage

missing:tag:T1222

missing:tag:T1548.001

missing:tag:T1562.004

missing:tag:T1037.004

[Intel]: https://github.com/chriskaliX/Hades

### Area Defensive tools ### Parent threat _No response_ ### Finding https://github.com/chriskaliX/Hades ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux...

timb-machine

new

missing:tactics

missing:tag:T1005

missing:tag:T1048

missing:tag:T1057

missing:tag:T1071.001

missing:tag:T1567

missing:tag:T1573

missing:tag:T1021.002

missing:tag:T1053.003

missing:tag:Non-persistentStorage

missing:tag:T1007

missing:tag:T1053.006

missing:tag:T1543.002

missing:tag:T1518

missing:tag:T1021.004

missing:tag:T1620

missing:tag:eBPF

[Intel]: https://cybersecurity.att.com/blogs/labs-research/internet-of-termites

### Area Malware reports ### Parent threat Command and Control, Exfiltration ### Finding https://cybersecurity.att.com/blogs/labs-research/internet-of-termites ### Industry reference _No response_ ### Malware reference Termite EarthWorm Earthwrom ### Actor reference _No response_...

timb-machine

confirmed

[Intel]: https://sansec.io/research/ecommerce-malware-linux-avp

### Area Malware reports ### Parent threat _No response_ ### Finding https://sansec.io/research/ecommerce-malware-linux-avp ### Industry reference _No response_ ### Malware reference linux_avp Comma ### Actor reference _No response_ ### Component _No...

timb-machine

new

[Intel]: https://www.welivesecurity.com/2022/09/14/you-never-walk-alone-sidewalk-backdoor-linux-variant/

### Area Malware reports ### Parent threat Resource Development, Discovery, Command and Control ### Finding https://www.welivesecurity.com/2022/09/14/you-never-walk-alone-sidewalk-backdoor-linux-variant/ ### Industry reference attack:T1587.001:Malware attack:T1016:System Network Configuration Discovery attack:T1071.001:Web Protocols attack:T1573.001:Symmetric Cryptography ### Malware...

timb-machine

confirmed

[Intel]: https://blog.netlab.360.com/ghost-in-action-the-specter-botnet/

### Area Malware reports ### Parent threat _No response_ ### Finding https://blog.netlab.360.com/ghost-in-action-the-specter-botnet/ ### Industry reference _No response_ ### Malware reference Specter SideWalk StageClient ### Actor reference _No response_ ### Component...

timb-machine

new

linux-malware
linux-malware copied to clipboard

Metadata

[Intel]: https://www.forensicxlab.com/posts/inodes/

[Intel]: https://github.com/akawashiro/sloader

[Intel]: https://github.com/fireeye/SSSDKCMExtractor

[Intel]: https://github.com/blacklanternsecurity/KCMTicketFormatter

[Intel]: https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf

[Intel]: https://github.com/chriskaliX/Hades

[Intel]: https://cybersecurity.att.com/blogs/labs-research/internet-of-termites

[Intel]: https://sansec.io/research/ecommerce-malware-linux-avp

[Intel]: https://www.welivesecurity.com/2022/09/14/you-never-walk-alone-sidewalk-backdoor-linux-variant/

[Intel]: https://blog.netlab.360.com/ghost-in-action-the-specter-botnet/

← Metadata

Owner

Metadata

linux-malware linux-malware copied to clipboard

Metadata

← Metadata

Owner

Metadata

linux-malware
linux-malware copied to clipboard