[Intel]: https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/ #441
Labels
missing:tag:Auditd
missing:tag:Non-persistentStorage
missing:tag:T1005
missing:tag:T1007
missing:tag:T1021.002
missing:tag:T1037
missing:tag:T1037.004
missing:tag:T1040
missing:tag:T1046
missing:tag:T1048
missing:tag:T1053.006
missing:tag:T1053.007
missing:tag:T1057
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1491
missing:tag:T1543.002
missing:tag:T1546.004
missing:tag:T1553.004
missing:tag:T1562.001
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.006
missing:tag:T1590
missing:tag:T1609
missing:tag:T1610
Area
Malware reports
Parent threat
Persistence, Privilege Escalation, Defense Evasion, Command and Control
Finding
https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/
Industry reference
attack:T1205.002:Socket Filters
attack:T1036:Masquerading
attack:T1070:Indicator Removal on Host
attack:T1205:Traffic Signaling
Malware reference
#420
#418
BPFDoor
Tricephalic Hellkeeper
Unix.Backdoor.RedMenshen
JustForFun
Actor reference
DecisiveArchitect
Component
Linux, Solaris
Scenario
No response
The text was updated successfully, but these errors were encountered: