linux-malware

linux-malware copied to clipboard

### Area Malware reports ### Parent threat Impact ### Finding https://sysdig.com/blog/muhstik-malware-botnet-analysis/ ### Industry reference uses:k8s uses:/dev/shm attack:T1190:Exploit Public-Facing Application attack:T1505.003:Web Shell attack:T1105:Ingress Tool Transfer attack:T1053.003:Cron attack:T1037.004:RC Scripts ### Malware reference...

timb-machine

### Area Malware reports ### Parent threat _No response_ ### Finding https://vms.drweb.com/virus/?i=15389228 ### Industry reference ? ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No response_...

timb-machine

### Area Malware reports ### Parent threat Persistence, Defense Evasion ### Finding https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/ ### Industry reference uses:LD_PRELOAD attack:T1574.006:Dynamic Linker Hijacking attack:T1548.001:Setuid and Setgid attack:T1556.003:Pluggable Authentication Modules attack:T1027:Obfuscated Files or Information...

timb-machine

[Intel]: https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/

3

### Area Malware reports ### Parent threat Initial Access, Credential Access, Impact ### Finding https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/ ### Industry reference attack:T1078:Valid Accounts attack:T1100:Brute Force attack:T1498:Network Denial of Service attack:T1053.003:Cron attack:T1105:Ingress Tool Transfer...

timb-machine

### Area Malware reports ### Parent threat Initial Access, Persistence, Defense Evasion, Impact ### Finding https://cujo.com/threat-alert-krane-malware/ ### Industry reference attack:T1110.003:Password Spraying attack:T098:Account Manipulation attack:T1105:Ingress Tool Transfer attack:T1562.003:Impair Command History Logging...

timb-machine

### Area Malware source ### Parent threat Defense Evasion, Command and Control ### Finding https://pastebin.com/kmmJuuQP ### Industry reference attack:T1205.002:Socket Filters attack:T1205:Traffic Signaling uses:BPF uses:Non-persistentStorage uses:ProcessTreeSpoofing ### Malware reference BPFDoor [/malware/binaries/BPFDoor](../tree/main/malware/binaries/BPFDoor)...

timb-machine

### Area Malware reports ### Parent threat Defense Evasion ### Finding https://unfinished.bike/fun-with-the-new-bpfdoor-2023 ### Industry reference attack:T1205.002:Socket Filters attack:T1205:Traffic Signaling uses:BPF uses:Non-persistentStorage attack:T1070.006:Timestomp attack:T1070.004:File Deletion ### Malware reference BPFDoor [/malware/binaries/BPFDoor](../tree/main/malware/binaries/BPFDoor) wltm...

timb-machine

### Area Supply chain attacks ### Parent threat Initial Access, Discovery, Command and Control ### Finding https://blog.phylum.io/dozens-of-npm-packages-caught-attempting-to-deploy-reverse-shell/ ### Industry reference delivery:NPM attack:T1195.001:Compromise Software Dependencies and Development Tools attack:T1082:System Information Discovery...

timb-machine

### Area Malware PoCs ### Parent threat Persistence, Privilege Escalation, Defense Evasion, Command and Control ### Finding https://github.com/R3tr074/brokepkg ### Industry reference uses:ProcessTreeSpoofing uses:AbnormalSignal uses:TamperCredStruct uses:PortHiding attack:T1547.006:Kernel Modules and Extensions attack:T1564.001:Hidden...

timb-machine

### Area Malware reports ### Parent threat Impact ### Finding https://twitter.com/Unit42_Intel/status/1653760405792014336 ### Industry reference attack:T1486:Data Encrypted for Impact ### Malware reference wltm BlackSuite ### Actor reference _No response_ ### Component...

timb-machine