attack:T1205.002:Socket Filters
attack:T1036:Masquerading
attack:T1070:Indicator Removal on Host
attack:T1205:Traffic Signaling
attack:T1573:Encrypted Channel
attack:T1106:Native API
attack:T1059.004: Unix Shell
attack:T1070.004:File Deletion
attack:T1036.004:Masquerade Task or Service
attack:T1070.006:Timestomp
uses:RedirectionToNull
uses:Non-persistentStorage
attack:T1036.005:Match Legitimate Name or Location
uses:ProcessTreeSpoofing
attack:T1562.004:Disable or Modify System Firewall
Area
Malware reports
Parent threat
Persistence, Defense Evasion, Command and Control
Finding
https://www.countercraftsec.com/blog/a-step-by-step-bpfdoor-compromise/
Industry reference
attack:T1205.002:Socket Filters attack:T1036:Masquerading attack:T1070:Indicator Removal on Host attack:T1205:Traffic Signaling attack:T1573:Encrypted Channel attack:T1106:Native API attack:T1059.004: Unix Shell attack:T1070.004:File Deletion attack:T1036.004:Masquerade Task or Service attack:T1070.006:Timestomp uses:RedirectionToNull uses:Non-persistentStorage attack:T1036.005:Match Legitimate Name or Location uses:ProcessTreeSpoofing attack:T1562.004:Disable or Modify System Firewall
Malware reference
BPFDoor /malware/binaries/BPFDoor Unix.Backdoor.RedMenshen
Actor reference
No response
Component
Linux Solaris
Scenario
No response