[Intel]: https://www.countercraftsec.com/blog/a-step-by-step-bpfdoor-compromise/

[timb-machine]

Area

Malware reports

Parent threat

Persistence, Defense Evasion, Command and Control

Finding

https://www.countercraftsec.com/blog/a-step-by-step-bpfdoor-compromise/

Industry reference

attack:T1205.002:Socket Filters attack:T1036:Masquerading attack:T1070:Indicator Removal on Host attack:T1205:Traffic Signaling attack:T1573:Encrypted Channel attack:T1106:Native API attack:T1059.004: Unix Shell attack:T1070.004:File Deletion attack:T1036.004:Masquerade Task or Service attack:T1070.006:Timestomp uses:RedirectionToNull uses:Non-persistentStorage attack:T1036.005:Match Legitimate Name or Location uses:ProcessTreeSpoofing attack:T1562.004:Disable or Modify System Firewall

Malware reference

BPFDoor /malware/binaries/BPFDoor Unix.Backdoor.RedMenshen

Actor reference

No response

Component

Linux Solaris

Scenario

No response