Sign in Create account

#t1496 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #t1496, aggregated by home.social.

Félix Brezo @[email protected] · 2023-01-05 · 23:37 UTC

From a #ThreatIntelligence perspective, the #TTPs would be:
- #T1059.003: Command and Scripting Interpreter: Unix Shell. SHC payloads to be run still need a shell to be identified in the system and that the code inside the payload is, in fact, a shell script.
- #T1027.002: Obfuscated Files or Information: Software Packed with #SHC.
- #T1622: Debugger Evasion by using SHC with '-r'.
- #T1105: Ingress Tool Transfer by downloading payloads from Github.
- #T1496: Resource Hijacking with #XMRig.

#threatintelligence #ttps #t1059 #t1027 #shc #t1622
Félix Brezo @[email protected] · 2023-01-05 · 23:27 UTC

I've come across this interesting article by AhnLab about how SHC is being used to deploy malicious payloads on GNU/Linux systems: "Shc Linux Malware Installing CoinMiner".
https://asec.ahnlab.com/en/45182/
A nice reason to spend some time on this as follows in this thread.
#ThreatIntelligence #Mitre #T1496 #GNU #Linux #Coinminer

#threatintelligence #mitre #t1496 #gnu #linux #coinminer