Skip to content

[Intel]: https://www.sandflysecurity.com/blog/bpfdoor-an-evasive-linux-backdoor-technical-analysis/ #434

New issue
New issue
Open
Open
[Intel]: https://www.sandflysecurity.com/blog/bpfdoor-an-evasive-linux-backdoor-technical-analysis/#434
Assignees
timb-machine
Labels
missing:tag:Auditdmissing:tag:Non-persistentStoragemissing:tag:ProcessTreeSpoofingmissing:tag:RedirectionToNullmissing:tag:T1007missing:tag:T1021.002missing:tag:T1027.002missing:tag:T1037missing:tag:T1048missing:tag:T1053.003missing:tag:T1053.006missing:tag:T1057missing:tag:T1070.003missing:tag:T1070.004missing:tag:T1071.001missing:tag:T1083missing:tag:T1491missing:tag:T1543.002missing:tag:T1546.004missing:tag:T1552.003missing:tag:T1562.001missing:tag:T1562.004missing:tag:T1567missing:tag:T1573missing:tag:T1574.007missing:tag:T1590new
@timb-machine

Description

@timb-machine
timb-machine
opened on May 18, 2022

Area

Malware reports

Parent threat

Persistence, Defense Evasion, Command and Control

Finding

https://www.sandflysecurity.com/blog/bpfdoor-an-evasive-linux-backdoor-technical-analysis/

Industry reference

attack:T1205.002:Socket Filters
attack:T1036:Masquerading
attack:T1070:Indicator Removal on Host
attack:T1205:Traffic Signaling

Malware reference

#420
#418
BPFDoor
Tricephalic Hellkeeper
Unix.Backdoor.RedMenshen
JustForFun

Actor reference

DecisiveArchitect

Component

Linux

Scenario

No response

Metadata

Metadata