timb-machine / linux-malware Public

Notifications You must be signed in to change notification settings
Fork 92
Star 1.1k

Code
Issues 780
Pull requests 1
Actions
Projects 1
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

Issues: timb-machine/linux-malware

[Intel]: Example Intel

#16 opened Apr 19, 2022 by timb-machine

Open

Labels 175 Milestones 0

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts

41 Open 0 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Assignee

Filter by who’s assigned

Assigned to nobody

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Issues list

[Intel]: https://github.com/nikhilh-20/ELFEN missing:tag:T1005 missing:tag:T1048 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1059.006 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1567 missing:tag:T1573 missing:tag:T1590 missing:tag:T1609 missing:tag:T1610 missing:tag:wltm new

#764 opened Jan 9, 2024 by timb-machine

[Intel]: https://github.com/89luca89/pakkero missing:tag:IRC missing:tag:Non-persistentStorage missing:tag:ProcessTreeSpoofing missing:tag:T1005 missing:tag:T1027.002 missing:tag:T1048 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1059.006 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1083 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1548.003 missing:tag:T1567 missing:tag:T1573 missing:tag:T1574.006 missing:tag:T1574.007 missing:tag:T1590 missing:tag:T1609 missing:tag:T1610 new

#718 opened Jul 14, 2023 by timb-machine

[Intel]: https://www.elastic.co/guide/en/security/master/binary-executed-from-shared-memory-directory.html missing:tag:Non-persistentStorage missing:tag:T1005 missing:tag:T1048 missing:tag:T1053.007 missing:tag:T1070.003 missing:tag:T1071.001 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1552.003 missing:tag:T1567 missing:tag:T1573 missing:tag:T1609 missing:tag:T1610

#611 opened Feb 20, 2023 by timb-machine

[Intel]: https://research.nccgroup.com/2022/01/08/tool-release-insject-a-linux-namespace-injector/ missing:tag:Non-persistentStorage missing:tag:ProcessTreeSpoofing missing:tag:ProcessTreeSpoofingForking missing:tag:T1005 missing:tag:T1021.002 missing:tag:T1027.002 missing:tag:T1048 missing:tag:T1053.007 missing:tag:T1055.008 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1083 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1548.003 missing:tag:T1560 missing:tag:T1567 missing:tag:T1573 missing:tag:T1574.006 missing:tag:T1590 missing:tag:T1609 missing:tag:T1610 missing:tag:T1620 missing:tag:T1622 new

#585 opened Nov 11, 2022 by timb-machine

[Intel]: https://www.form3.tech/engineering/content/bypassing-ebpf-tools missing:tag:ProcessTreeSpoofing missing:tag:T1005 missing:tag:T1048 missing:tag:T1053.007 missing:tag:T1055.012 missing:tag:T1057 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1567 missing:tag:T1573 missing:tag:T1590 missing:tag:T1609 missing:tag:T1610 new

#584 opened Nov 10, 2022 by timb-machine

[Intel]: https://github.com/shadow1ng/fscan missing:tag:Go missing:tag:Non-persistentStorage missing:tag:T1003.008 missing:tag:T1005 missing:tag:T1021.001 missing:tag:T1021.002 missing:tag:T1021.004 missing:tag:T1027.002 missing:tag:T1048 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1071.001 missing:tag:T1552.004 missing:tag:T1560 missing:tag:T1567 missing:tag:T1573 missing:tag:T1590 missing:tag:T1609 missing:tag:T1610

#564 opened Oct 14, 2022 by timb-machine

[Intel]: https://github.com/anelshaer/Remote-Linux-Triage-Collection-using-OSquery missing:tactics missing:tag:T1005 missing:tag:T1048 missing:tag:T1053.007 missing:tag:T1071.001 missing:tag:T1491 missing:tag:T1548.003 missing:tag:T1567 missing:tag:T1573 missing:tag:T1609 missing:tag:T1610 new

#529 opened Sep 30, 2022 by timb-machine

[Intel]: https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/ missing:tag:T1005 missing:tag:T1021.004 missing:tag:T1027.002 missing:tag:T1037 missing:tag:T1048 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1070.003 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1098.004 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1552.003 missing:tag:T1552.004 missing:tag:T1560 missing:tag:T1567 missing:tag:T1573 missing:tag:T1609 missing:tag:T1610

#524 opened Sep 28, 2022 by timb-machine

[Intel]: https://blog.reversinglabs.com/blog/gwisinlocker-ransomware-targets-south-korean-industrial-and-pharmaceutical-companies missing:tag:Non-persistentStorage missing:tag:NPM missing:tag:RedirectionToNull missing:tag:T1021.002 missing:tag:T1027.002 missing:tag:T1048 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1070.002 missing:tag:T1070.003 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1552.003 missing:tag:T1567 missing:tag:T1573 missing:tag:T1609 missing:tag:T1610 new

#496 opened Aug 12, 2022 by timb-machine

[Intel]: https://redcanary.com/blog/process-streams/ deprecated:template missing:tag:eBPF missing:tag:RedirectionToNull missing:tag:T1003.008 missing:tag:T1005 missing:tag:T1021.002 missing:tag:T1037 missing:tag:T1046 missing:tag:T1048 missing:tag:T1053.003 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1059.006 missing:tag:T1070.002 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1083 missing:tag:T1205 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1567 missing:tag:T1573 missing:tag:T1590 missing:tag:T1609 missing:tag:T1610

#494 opened Aug 8, 2022 by timb-machine

[Intel]: https://github.com/aojea/netkat missing:tag:eBPF missing:tag:T1048 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1071.001 missing:tag:T1548.003 missing:tag:T1562.004 missing:tag:T1567 missing:tag:T1573 missing:tag:T1609 missing:tag:T1610

#464 opened Jul 2, 2022 by timb-machine

[Intel]: https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/ missing:tag:Auditd missing:tag:Non-persistentStorage missing:tag:T1005 missing:tag:T1007 missing:tag:T1021.002 missing:tag:T1037 missing:tag:T1037.004 missing:tag:T1040 missing:tag:T1046 missing:tag:T1048 missing:tag:T1053.006 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1491 missing:tag:T1543.002 missing:tag:T1546.004 missing:tag:T1553.004 missing:tag:T1562.001 missing:tag:T1567 missing:tag:T1573 missing:tag:T1574.006 missing:tag:T1590 missing:tag:T1609 missing:tag:T1610

#441 opened May 25, 2022 by timb-machine

[Intel]: https://www.sentinelone.com/blog/shadow-suid-for-privilege-persistence-part-1/ deprecated:template missing:tag:T1003.008 missing:tag:T1021.002 missing:tag:T1048 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1083 missing:tag:T1491 missing:tag:T1518 missing:tag:T1546.004 missing:tag:T1567 missing:tag:T1573 missing:tag:T1574.007 missing:tag:T1609 missing:tag:T1610 new

#430 opened May 16, 2022 by timb-machine

[Intel]: https://sysdig.com/blog/containers-read-only-fileless-malware/ deprecated:template missing:tag:JavaScript missing:tag:Non-persistentStorage missing:tag:T1005 missing:tag:T1021.002 missing:tag:T1048 missing:tag:T1053.003 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1070.004 missing:tag:T1070.006 missing:tag:T1071.001 missing:tag:T1083 missing:tag:T1205 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1567 missing:tag:T1573 missing:tag:T1609 missing:tag:T1610

#415 opened May 3, 2022 by timb-machine

[Intel]: https://www.crowdstrike.com/blog/lemonduck-botnet-targets-docker-for-cryptomining-operations/ deprecated:template missing:tag:T1005 missing:tag:T1021.002 missing:tag:T1048 missing:tag:T1053.003 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1083 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1567 missing:tag:T1573 missing:tag:T1609 missing:tag:T1610

#410 opened Apr 21, 2022 by timb-machine

[Intel]: https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/ missing:tactics missing:tag:T1005 missing:tag:T1021.002 missing:tag:T1048 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1070.003 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1083 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1552.003 missing:tag:T1567 missing:tag:T1573 missing:tag:T1574.006 missing:tag:T1609 missing:tag:T1610 new

#404 opened Apr 20, 2022 by timb-machine

[Intel]: https://s.tencent.com/research/report/1177.html missing:tactics missing:tag:Non-persistentStorage missing:tag:T1005 missing:tag:T1021.002 missing:tag:T1021.004 missing:tag:T1037 missing:tag:T1037.004 missing:tag:T1048 missing:tag:T1053.003 missing:tag:T1053.007 missing:tag:T1070.003 missing:tag:T1071.001 missing:tag:T1098.004 missing:tag:T1552.003 missing:tag:T1552.004 missing:tag:T1567 missing:tag:T1573 missing:tag:T1609 missing:tag:T1610 new

#384 opened Apr 20, 2022 by timb-machine

[Intel]: https://www.trendmicro.com/en_ca/research/20/k/analysis-of-kinsing-malwares-use-of-rootkit.html missing:tag:T1005 missing:tag:T1048 missing:tag:T1053.003 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1070.003 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1552.003 missing:tag:T1567 missing:tag:T1573 missing:tag:T1574.006 missing:tag:T1609 missing:tag:T1610 missing:tag:wltm new

#380 opened Apr 20, 2022 by timb-machine

[Intel]: https://www.intezer.com/blog/research/stantinkos-proxy-after-your-apache-server/ missing:tactics missing:tag:T1005 missing:tag:T1027.002 missing:tag:T1048 missing:tag:T1053.003 missing:tag:T1053.007 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1567 missing:tag:T1573 missing:tag:T1609 missing:tag:T1610 new

#350 opened Apr 20, 2022 by timb-machine

[Intel]: https://blog.trendmicro.com/trendlabs-security-intelligence/exposed-docker-control-api-and-community-image-abused-to-deliver-cryptocurrency-mining-malware/ missing:tactics missing:tag:T1005 missing:tag:T1048 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1070.003 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1083 missing:tag:T1491 missing:tag:T1552.003 missing:tag:T1567 missing:tag:T1573 missing:tag:T1609 missing:tag:T1610 new

#344 opened Apr 20, 2022 by timb-machine

[Intel]: https://blog.netlab.360.com/a-new-mining-botnet-blends-its-c2s-into-ngrok-service/ missing:tactics missing:tag:JavaScript missing:tag:Non-persistentStorage missing:tag:RedirectionToNull missing:tag:T1005 missing:tag:T1048 missing:tag:T1053.003 missing:tag:T1053.007 missing:tag:T1071.001 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1567 missing:tag:T1573 missing:tag:T1590 missing:tag:T1609 missing:tag:T1610 new

#343 opened Apr 20, 2022 by timb-machine

[Intel]: https://www.intezer.com/blog/cloud-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/ missing:tactics missing:tag:Non-persistentStorage missing:tag:T1005 missing:tag:T1021.002 missing:tag:T1027.002 missing:tag:T1048 missing:tag:T1053.003 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1083 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1567 missing:tag:T1573 missing:tag:T1609 missing:tag:T1610 new

#342 opened Apr 20, 2022 by timb-machine

[Intel]: https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability missing:tag:Auditd missing:tag:eBPF missing:tag:Non-persistentStorage missing:tag:RedirectionToNull missing:tag:T1005 missing:tag:T1021.004 missing:tag:T1048 missing:tag:T1053.003 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1070.003 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1098.004 missing:tag:T1205 missing:tag:T1491 missing:tag:T1518 missing:tag:T1546.004 missing:tag:T1548.003 missing:tag:T1552.003 missing:tag:T1552.004 missing:tag:T1562.001 missing:tag:T1567 missing:tag:T1573 missing:tag:T1590 missing:tag:T1609 missing:tag:T1610 new

#337 opened Apr 20, 2022 by timb-machine

[Intel]: https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/ missing:tactics missing:tag:Auditd missing:tag:Non-persistentStorage missing:tag:T1005 missing:tag:T1027.002 missing:tag:T1037 missing:tag:T1048 missing:tag:T1053.003 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1070.003 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1098.004 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1552.003 missing:tag:T1552.004 missing:tag:T1560 missing:tag:T1562.001 missing:tag:T1562.004 missing:tag:T1567 missing:tag:T1573 missing:tag:T1574.007 missing:tag:T1590 missing:tag:T1609 missing:tag:T1610 new

#327 opened Apr 20, 2022 by timb-machine

[Intel]: https://unit42.paloaltonetworks.com/watchdog-cryptojacking/ missing:tactics missing:tag:T1005 missing:tag:T1027.002 missing:tag:T1048 missing:tag:T1053.003 missing:tag:T1053.007 missing:tag:T1057 missing:tag:T1070.004 missing:tag:T1071.001 missing:tag:T1083 missing:tag:T1491 missing:tag:T1546.004 missing:tag:T1560 missing:tag:T1567 missing:tag:T1573 missing:tag:T1609 missing:tag:T1610 new

#324 opened Apr 20, 2022 by timb-machine

Previous 1 2 Next

Previous Next

ProTip! Type g p on any issue or pull request to go back to the pull request listing page.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly