3snake (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

elf.3snake (Back to overview)

3snake

3snake can be used to read and extract memory from sshd and sudo system calls which utilize password based authentication. 3snake does not write to the memory of the traced process but instead spawns a new process for the command to extract strings related to password based authentication.

References

2020-01-05 ⋅ Verint ⋅ VerintCyberSec
Linux Threat Hunting Primer — Part II
3snake

2018-02-07 ⋅ Github (blendin) ⋅ Brendon Tiszka
3snake - dump sshd and sudo credential related strings
3snake

There is no Yara-Signature yet.

3snake Propose Change

References

3snake