Skip to content

[Intel]: https://pastebin.com/raw/kmmJuuQP #426

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
[Intel]: https://pastebin.com/raw/kmmJuuQP#426
Assignees
timb-machine
Labels
missing:tag:Auditdmissing:tag:Non-persistentStoragemissing:tag:ProcessTreeSpoofingmissing:tag:ProcessTreeSpoofingForkingmissing:tag:RedirectionToNullmissing:tag:T1007missing:tag:T1037missing:tag:T1048missing:tag:T1053.006missing:tag:T1057missing:tag:T1070.004missing:tag:T1205missing:tag:T1222missing:tag:T1543.002missing:tag:T1546.004missing:tag:T1548.001missing:tag:T1562.001missing:tag:T1562.004missing:tag:T1574.007
@timb-machine

Description

@timb-machine
timb-machine
opened on May 8, 2022

Area

Malware source

Parent threat

Persistence, Defense Evasion, Command and Control

Finding

https://pastebin.com/raw/kmmJuuQP

Industry reference

attack:T1205.002:Socket Filters
attack:T1036:Masquerading
attack:T1070:Indicator Removal on Host
attack:T1205:Traffic Signaling

Malware reference

BPFDoor
Tricephalic Hellkeeper
Unix.Backdoor.RedMenshen
JustForFun
#418

Actor reference

DecisiveArchitect

Component

Linux

Scenario

No response

Metadata

Assignees

Labels

missing:tag:Auditdmissing:tag:Non-persistentStoragemissing:tag:ProcessTreeSpoofingmissing:tag:ProcessTreeSpoofingForkingmissing:tag:RedirectionToNullmissing:tag:T1007missing:tag:T1037missing:tag:T1048missing:tag:T1053.006missing:tag:T1057missing:tag:T1070.004missing:tag:T1205missing:tag:T1222missing:tag:T1543.002missing:tag:T1546.004missing:tag:T1548.001missing:tag:T1562.001missing:tag:T1562.004missing:tag:T1574.007

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions