Skip to content

[Intel]: https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896 #422

New issue
New issue
Open
Open
[Intel]: https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896#422
Assignees
timb-machine
Labels
missing:tag:Non-persistentStoragemissing:tag:T1005missing:tag:T1021.002missing:tag:T1027.002missing:tag:T1048missing:tag:T1057missing:tag:T1070.003missing:tag:T1070.004missing:tag:T1071.001missing:tag:T1491missing:tag:T1546.004missing:tag:T1552.003missing:tag:T1567missing:tag:T1573missing:tag:T1574.006
@timb-machine

Description

@timb-machine
timb-machine
opened on May 8, 2022

Area

Press/academia

Parent threat

Persistence, Defense Evasion, Command and Control

Finding

https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896

Industry reference

attack:T1205.002:Socket Filters
attack:T1036:Masquerading
attack:T1070:Indicator Removal on Host
attack:T1205:Traffic Signaling

Malware reference

#420
#418
BPFDoor
Tricephalic Hellkeeper
Unix.Backdoor.RedMenshen
JustForFun

Actor reference

DecisiveArchitect

Component

Linux, Solaris

Scenario

No response

Metadata

Metadata