[Intel]: https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/ #468
Assignees
Labels
missing:tag:Non-persistentStorage
missing:tag:T1005
missing:tag:T1021.004
missing:tag:T1037
missing:tag:T1040
missing:tag:T1048
missing:tag:T1053.003
missing:tag:T1057
missing:tag:T1059.006
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1491
missing:tag:T1546.004
missing:tag:T1548.003
missing:tag:T1556.003
missing:tag:T1562.004
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.006
Comments
timb-machine
added
missing:tag:Non-persistentStorage
missing:tag:T1005
missing:tag:T1021.004
missing:tag:T1037
missing:tag:T1040
missing:tag:T1048
missing:tag:T1053.003
missing:tag:T1057
missing:tag:T1059.006
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1491
missing:tag:T1546.004
missing:tag:T1548.003
missing:tag:T1556.003
missing:tag:T1562.004
missing:tag:T1567
missing:tag:T1573
missing:tag:T1574.006
and removed
confirmed
labels
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Area
Malware reports
Parent threat
Persistence, Defense Evasion
Finding
https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/
Industry reference
uses:LD_PRELOAD
attack:T1574.006:Dynamic Linker Hijacking
attack:T1548.001:Setuid and Setgid
attack:T1556.003:Pluggable Authentication Modules
attack:T1027:Obfuscated Files or Information
attack:T1082:System Information Discovery
attack:T1562.001:Disable or Modify Tools
attack:T1003.007:Proc Filesystem
attack:T1563.001:SSH Hijacking
uses:PortHiding
uses:Non-persistentStorage
Malware reference
OrBit
/malware/binaries/OrBit
Actor reference
No response
Component
Linux
Scenario
No response
The text was updated successfully, but these errors were encountered: