search

timb-machine / linux-malware

Tracking interesting Linux (and UNIX) malware. Send PRs
The Unlicense
1.11k stars 90 forks source link

[Intel]: https://www.trendmicro.com/en_us/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.html #725

Open timb-machine opened 1 year ago

timb-machine commented 1 year ago

Area

Malware reports

Parent threat

Defense Evasion

Finding

https://www.trendmicro.com/en_us/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.html

Industry reference

attack:T1205.002:Socket Filters attack:T1205:Traffic Signaling uses:BPF

Malware reference

BPFDoor /malware/binaries/BPFDoor Unix.Backdoor.RedMenshen

Actor reference

DecisiveArchitect

Component

Linux Solaris

Scenario

No response