linux-malware

linux-malware copied to clipboard

### Area Offensive techniques ### Parent threat Persistence, Privilege Escalation, Defense Evasion ### Finding https://www.sentinelone.com/blog/shadow-suid-for-privilege-persistence-part-1/ ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_...

timb-machine

### Area Offensive techniques ### Parent threat Persistence ### Finding https://pbs.twimg.com/media/FSi1m3gXsAA79yF?format=jpg&name=medium ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux ###...

timb-machine

### Area Defensive tools ### Parent threat Persistence, Privilege Escalation, Defense Evasion, Credential Access, Collection, Command and Control, Exfiltration ### Finding https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Fixing-A-Memory-Forensics-Blind-Spot-Linux-Kernel-Tracing-wp.pdf ### Industry reference _No response_ ### Malware reference...

timb-machine

### Area Other rules ### Parent threat _No response_ ### Finding https://github.com/Neo23x0/signature-base/blob/master/yara/mal_lnx_implant_may22.yar ### Industry reference attack:T1205.002:Socket Filters ### Malware reference BPFDoor Tricephalic Hellkeeper Unix.Backdoor.RedMenshen JustForFun https://github.com/timb-machine/linux-malware/issues/418 ### Actor reference DecisiveArchitect...

timb-machine

### Area Offensive techniques ### Parent threat Persistence, Defense Evasion ### Finding https://sysdig.com/blog/containers-read-only-fileless-malware/ ### Industry reference attack:T1202:Indirect Command Execution attack:T1620:Reflective Code Loading uses:/dev/shm uses:k8s ### Malware reference _No response_ ###...

timb-machine

### Area Defensive tools ### Parent threat _No response_ ### Finding https://github.com/falcosecurity/falco ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux...

timb-machine

### Area Defensive tools ### Parent threat _No response_ ### Finding https://github.com/sourque/louis ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux...

timb-machine

### Area Defensive tools ### Parent threat _No response_ ### Finding https://medium.com/confluera-engineering/detection-and-response-for-linux-reflective-code-loading-malware-this-is-how-21f9c7d8a014 ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No...

timb-machine

### Area Defensive tools ### Parent threat _No response_ ### Finding https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators/ ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No...

timb-machine

### Area Defensive tools ### Parent threat _No response_ ### Finding https://www.intezer.com/blog/malware-analysis/elf-malware-analysis-101-part-3-advanced-analysis/ ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component _No...

timb-machine