-
Notifications
You must be signed in to change notification settings - Fork 92
Issues: timb-machine/linux-malware
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
[Intel]: https://github.com/grisuno/LazyOwn
missing:submodule
missing:tag:JavaScript
missing:tag:Non-persistentStorage
missing:tag:RedirectionToNull
missing:tag:T1001
missing:tag:T1003.008
missing:tag:T1005
missing:tag:T1007
missing:tag:T1021.002
missing:tag:T1021.004
missing:tag:T1027.002
missing:tag:T1037
missing:tag:T1048
missing:tag:T1053.003
missing:tag:T1053.006
missing:tag:T1057
missing:tag:T1059.006
missing:tag:T1070.003
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1071.002
missing:tag:T1078.003
missing:tag:T1083
missing:tag:T1098.004
missing:tag:T1222
missing:tag:T1491
missing:tag:T1518
missing:tag:T1543.002
missing:tag:T1546.004
missing:tag:T1548.001
missing:tag:T1548.003
missing:tag:T1552.003
missing:tag:T1552.004
missing:tag:T1560
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.007
missing:tag:T1590
missing:tag:T1602.001
missing:tag:wltm
new
#812
opened Dec 6, 2024 by
timb-machine
[Intel]: https://github.com/sad0p/d0zer
missing:tag:Go
missing:tag:Non-persistentStorage
missing:tag:T1021.002
missing:tag:T1027.004
missing:tag:T1048
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1546.004
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.006
missing:tag:T1574.007
missing:tag:T1590
new
#782
opened Jan 29, 2024 by
timb-machine
[Intel]: https://github.com/codewhitesec/daphne
missing:tag:Auditd
missing:tag:T1003.008
missing:tag:T1005
missing:tag:T1007
missing:tag:T1027.004
missing:tag:T1048
missing:tag:T1053.006
missing:tag:T1071.001
missing:tag:T1491
missing:tag:T1543.002
missing:tag:T1562.001
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.007
new
#740
opened Aug 12, 2023 by
timb-machine
[Intel]: https://github.com/codewhitesec/apollon
missing:tag:Auditd
missing:tag:T1003.008
missing:tag:T1005
missing:tag:T1007
missing:tag:T1027.004
missing:tag:T1048
missing:tag:T1053.006
missing:tag:T1057
missing:tag:T1071.001
missing:tag:T1491
missing:tag:T1543.002
missing:tag:T1546.004
missing:tag:T1562.001
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.007
new
#734
opened Aug 10, 2023 by
timb-machine
[Intel]: https://github.com/89luca89/pakkero
missing:tag:IRC
missing:tag:Non-persistentStorage
missing:tag:ProcessTreeSpoofing
missing:tag:T1005
missing:tag:T1027.002
missing:tag:T1048
missing:tag:T1053.007
missing:tag:T1057
missing:tag:T1059.006
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1083
missing:tag:T1491
missing:tag:T1546.004
missing:tag:T1548.003
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.006
missing:tag:T1574.007
missing:tag:T1590
missing:tag:T1609
missing:tag:T1610
new
#718
opened Jul 14, 2023 by
timb-machine
[Intel]: https://github.com/airbus-seclab/nbutools
missing:tag:T1005
missing:tag:T1021.004
missing:tag:T1048
missing:tag:T1057
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1491
missing:tag:T1518
missing:tag:T1548.003
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.007
missing:tag:T1590
#689
opened Jun 24, 2023 by
timb-machine
[Intel]: https://www.sentinelone.com/labs/cl0p-ransomware-targets-linux-systems-with-flawed-encryption-decryptor-available/
missing:tag:T1005
missing:tag:T1021.002
missing:tag:T1027.002
missing:tag:T1048
missing:tag:T1057
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1205
missing:tag:T1491
missing:tag:T1560
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.007
#656
opened May 10, 2023 by
timb-machine
[Intel]: https://www.countercraftsec.com/blog/a-step-by-step-bpfdoor-compromise/
confirmed
ignore:tag:Auditd
ignore:tag:T1005
ignore:tag:T1007
ignore:tag:T1021.002
ignore:tag:T1053.006
ignore:tag:T1057
ignore:tag:T1071.001
ignore:tag:T1083
ignore:tag:T1491
ignore:tag:T1543.002
ignore:tag:T1546.004
ignore:tag:T1562.001
ignore:tag:T1567
missing:tag:T1048
missing:tag:T1574.007
#643
opened Apr 20, 2023 by
timb-machine
[Intel]: https://www.welivesecurity.com/wp-content/uploads/2021/10/eset_fontonlake.pdf
missing:tactics
missing:tag:Non-persistentStorage
missing:tag:ProcessTreeSpoofing
missing:tag:ProcessTreeSpoofingForking
missing:tag:T1001
missing:tag:T1005
missing:tag:T1021.002
missing:tag:T1021.004
missing:tag:T1027.002
missing:tag:T1048
missing:tag:T1057
missing:tag:T1070.003
missing:tag:T1070.004
missing:tag:T1071.002
missing:tag:T1083
missing:tag:T1098.004
missing:tag:T1205
missing:tag:T1518
missing:tag:T1546.004
missing:tag:T1552.003
missing:tag:T1552.004
missing:tag:T1574.006
missing:tag:T1574.007
missing:tag:T1590
new
#641
opened Apr 20, 2023 by
timb-machine
[Intel]: https://github.com/namazso/linux_injector
missing:tag:T1057
missing:tag:T1574.006
missing:tag:T1574.007
new
#599
opened Dec 18, 2022 by
timb-machine
[Intel]: https://github.com/threathunters-io/laurel
missing:tag:Auditd
missing:tag:T1005
missing:tag:T1048
missing:tag:T1071.001
missing:tag:T1205
missing:tag:T1518
missing:tag:T1546.004
missing:tag:T1548.003
missing:tag:T1562.001
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.007
missing:tag:wltm
new
#581
opened Nov 6, 2022 by
timb-machine
[Intel]: https://blog.doyensec.com/2022/10/11/ebpf-bypass-security-monitoring.html
missing:tag:Auditd
missing:tag:JavaScript
missing:tag:Non-persistentStorage
missing:tag:ProcessTreeSpoofing
missing:tag:T1005
missing:tag:T1007
missing:tag:T1037
missing:tag:T1048
missing:tag:T1053.003
missing:tag:T1053.006
missing:tag:T1057
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1083
missing:tag:T1205
missing:tag:T1491
missing:tag:T1543.002
missing:tag:T1562.001
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.006
missing:tag:T1574.007
missing:tag:T1590
new
#567
opened Oct 15, 2022 by
timb-machine
[Intel]: https://securityboulevard.com/2021/04/detect-c2-redxor-with-state-based-functionality/
missing:tag:T1005
missing:tag:T1021.002
missing:tag:T1027.002
missing:tag:T1048
missing:tag:T1057
missing:tag:T1069
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1083
missing:tag:T1491
missing:tag:T1546.004
missing:tag:T1560
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.007
missing:tag:T1590
new
#548
opened Oct 8, 2022 by
timb-machine
[Intel]: https://blogs.juniper.net/en-us/threat-research/linux-servers-hijacked-to-implant-ssh-backdoor
missing:tag:T1005
missing:tag:T1021.002
missing:tag:T1048
missing:tag:T1057
missing:tag:T1070.003
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1205
missing:tag:T1491
missing:tag:T1546.004
missing:tag:T1552.003
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.006
missing:tag:T1574.007
new
#547
opened Oct 8, 2022 by
timb-machine
[Intel]: https://twitter.com/HuskyHacksMK/status/1578413641669308416
missing:tag:RedirectionToNull
missing:tag:T1021.002
missing:tag:T1021.004
missing:tag:T1027.002
missing:tag:T1048
missing:tag:T1057
missing:tag:T1070.002
missing:tag:T1071.001
missing:tag:T1560
missing:tag:T1562.001
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.007
#541
opened Oct 7, 2022 by
timb-machine
[Intel]: https://www.sentinelone.com/labs/the-mystery-of-metador-an-unattributed-threat-hiding-in-telcos-isps-and-universities/
missing:tactics
missing:tag:PyPI
missing:tag:T1021.002
missing:tag:T1027.002
missing:tag:T1048
missing:tag:T1057
missing:tag:T1070.003
missing:tag:T1070.004
missing:tag:T1070.006
missing:tag:T1071.001
missing:tag:T1083
missing:tag:T1491
missing:tag:T1518
missing:tag:T1546.004
missing:tag:T1552.003
missing:tag:T1560
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.007
new
#526
opened Sep 28, 2022 by
timb-machine
[Intel]: https://github.com/akawashiro/sloader
missing:tag:T1574.007
#521
opened Sep 20, 2022 by
timb-machine
[Intel]: https://github.com/sevagas/swap_digger
missing:tag:Non-persistentStorage
missing:tag:T1003.008
missing:tag:T1005
missing:tag:T1048
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1083
missing:tag:T1222
missing:tag:T1548.001
missing:tag:T1548.003
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.007
new
#515
opened Sep 13, 2022 by
timb-machine
[Intel]: https://xorl.wordpress.com/2022/06/22/the-forgotten-suaveeyeful-freebsd-software-implant-of-the-equation-group/
missing:tactics
missing:tag:Non-persistentStorage
missing:tag:RedirectionToNull
missing:tag:T1001
missing:tag:T1005
missing:tag:T1021.002
missing:tag:T1027.002
missing:tag:T1048
missing:tag:T1057
missing:tag:T1070.003
missing:tag:T1070.004
missing:tag:T1070.006
missing:tag:T1071.001
missing:tag:T1083
missing:tag:T1222
missing:tag:T1491
missing:tag:T1546.004
missing:tag:T1548.001
missing:tag:T1552.003
missing:tag:T1560
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.007
new
#474
opened Jul 23, 2022 by
timb-machine
[Intel]: https://blog.blockmagnates.com/hunt-linux-malware-with-cgroups-497733095a94
missing:tactics
missing:tag:ProcessTreeSpoofing
missing:tag:ProcessTreeSpoofingForking
missing:tag:T1007
missing:tag:T1021.002
missing:tag:T1021.004
missing:tag:T1027.002
missing:tag:T1037
missing:tag:T1048
missing:tag:T1053.003
missing:tag:T1053.006
missing:tag:T1057
missing:tag:T1070.003
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1491
missing:tag:T1543.002
missing:tag:T1546.004
missing:tag:T1552.003
missing:tag:T1560
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.006
missing:tag:T1574.007
missing:tag:T1590
new
#472
opened Jul 23, 2022 by
timb-machine
[Intel]: https://github.com/citronneur/pamspy
missing:tag:eBPF
missing:tag:Non-persistentStorage
missing:tag:T1005
missing:tag:T1027.004
missing:tag:T1048
missing:tag:T1070.002
missing:tag:T1071.001
missing:tag:T1083
missing:tag:T1518
missing:tag:T1548.003
missing:tag:T1556.003
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.007
#466
opened Jul 5, 2022 by
timb-machine
[Intel]: https://github.com/h3xduck/TripleCross
missing:tag:eBPF
missing:tag:ProcessTreeSpoofing
missing:tag:ProcessTreeSpoofingForking
missing:tag:T1005
missing:tag:T1007
missing:tag:T1048
missing:tag:T1053.003
missing:tag:T1053.006
missing:tag:T1057
missing:tag:T1071.001
missing:tag:T1491
missing:tag:T1543.002
missing:tag:T1548.003
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.007
missing:tag:T1590
#465
opened Jul 4, 2022 by
timb-machine
[Intel]: https://grsecurity.net/tetragone_a_lesson_in_security_fundamentals
missing:tag:T1005
missing:tag:T1048
missing:tag:T1057
missing:tag:T1070.004
missing:tag:T1070.006
missing:tag:T1071.001
missing:tag:T1083
missing:tag:T1491
missing:tag:T1546.004
missing:tag:T1548.003
missing:tag:T1558
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.006
missing:tag:T1574.007
missing:tag:T1590
#450
opened Jun 6, 2022 by
timb-machine
[Intel]: https://www.sandflysecurity.com/blog/bpfdoor-an-evasive-linux-backdoor-technical-analysis/
missing:tag:Auditd
missing:tag:Non-persistentStorage
missing:tag:ProcessTreeSpoofing
missing:tag:RedirectionToNull
missing:tag:T1007
missing:tag:T1021.002
missing:tag:T1027.002
missing:tag:T1037
missing:tag:T1048
missing:tag:T1053.003
missing:tag:T1053.006
missing:tag:T1057
missing:tag:T1070.003
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1083
missing:tag:T1491
missing:tag:T1543.002
missing:tag:T1546.004
missing:tag:T1552.003
missing:tag:T1562.001
missing:tag:T1562.004
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.007
missing:tag:T1590
new
#434
opened May 18, 2022 by
timb-machine
Previous Next
ProTip!
Mix and match filters to narrow down what you’re looking for.