SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.symbiote (Back to overview)

Symbiote


A malware capable of capturing credentials and enabling backdoor access, implemented as a userland rootkit. It uses three methods for hiding its network activity, by hooking and hijacking 1) fopen/fopen64, 2) eBPF, 3) a set of libpcap functions.

References
2022-07-26CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20220726:how:3f5d6fc, author = {CyberMasterV}, title = {{HOW to Analyze Linux Malware - A Case Study of Symbiote}}, date = {2022-07-26}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/how-to-analyze-linux-malware-a-case-study-of-symbiote}, language = {English}, urldate = {2022-08-31} } HOW to Analyze Linux Malware - A Case Study of Symbiote
Symbiote
2022-07-26Cyber GeeksVlad Pasca
@online{pasca:20220726:how:f891a3c, author = {Vlad Pasca}, title = {{How To Analyze Linux Malware – A Case Study Of Symbiote}}, date = {2022-07-26}, organization = {Cyber Geeks}, url = {https://cybergeeks.tech/how-to-analyze-linux-malware-a-case-study-of-symbiote/}, language = {English}, urldate = {2022-07-28} } How To Analyze Linux Malware – A Case Study Of Symbiote
Symbiote
2022-07-06IntezerNicole Fishbein
@online{fishbein:20220706:orbit:eacf07e, author = {Nicole Fishbein}, title = {{OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow}}, date = {2022-07-06}, organization = {Intezer}, url = {https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/}, language = {English}, urldate = {2022-07-12} } OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow
HiddenWasp OrBit Symbiote
2022-06-09BlackberryJoakim Kennedy, The BlackBerry Research & Intelligence Team
@online{kennedy:20220609:symbiote:fcc031b, author = {Joakim Kennedy and The BlackBerry Research & Intelligence Team}, title = {{Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat}}, date = {2022-06-09}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat}, language = {English}, urldate = {2022-06-09} } Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
Symbiote

There is no Yara-Signature yet.