Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Intel]: https://www.countercraftsec.com/blog/a-step-by-step-bpfdoor-compromise/ #643

Open
timb-machine opened this issue Apr 20, 2023 · 0 comments

Comments

@timb-machine
Copy link
Owner

timb-machine commented Apr 20, 2023

Area

Malware reports

Parent threat

Persistence, Defense Evasion, Command and Control

Finding

https://www.countercraftsec.com/blog/a-step-by-step-bpfdoor-compromise/

Industry reference

attack:T1205.002:Socket Filters
attack:T1036:Masquerading
attack:T1070:Indicator Removal on Host
attack:T1205:Traffic Signaling
attack:T1573:Encrypted Channel
attack:T1106:Native API
attack:T1059.004: Unix Shell
attack:T1070.004:File Deletion
attack:T1036.004:Masquerade Task or Service
attack:T1070.006:Timestomp
uses:RedirectionToNull
uses:Non-persistentStorage
attack:T1036.005:Match Legitimate Name or Location
uses:ProcessTreeSpoofing
attack:T1562.004:Disable or Modify System Firewall

Malware reference

BPFDoor
/malware/binaries/BPFDoor
Unix.Backdoor.RedMenshen

Actor reference

No response

Component

Linux
Solaris

Scenario

No response

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment