Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Intel]: https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/ #441

Open
timb-machine opened this issue May 25, 2022 · 0 comments

Comments

@timb-machine
Copy link
Owner

timb-machine commented May 25, 2022

Area

Malware reports

Parent threat

Persistence, Privilege Escalation, Defense Evasion, Command and Control

Finding

https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/

Industry reference

attack:T1205.002:Socket Filters
attack:T1036:Masquerading
attack:T1070:Indicator Removal on Host
attack:T1205:Traffic Signaling

Malware reference

#420
#418
BPFDoor
Tricephalic Hellkeeper
Unix.Backdoor.RedMenshen
JustForFun

Actor reference

DecisiveArchitect

Component

Linux, Solaris

Scenario

No response

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment