SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.symbiote (Back to overview)

Symbiote


A malware capable of capturing credentials and enabling backdoor access, implemented as a userland rootkit. It uses three methods for hiding its network activity, by hooking and hijacking 1) fopen/fopen64, 2) eBPF, 3) a set of libpcap functions.

References
2023-07-13Trend MicroFernando Mercês
Detecting BPFDoor Backdoor Variants Abusing BPF Filters
BPFDoor Symbiote
2022-07-26Cyber GeeksVlad Pasca
How To Analyze Linux Malware – A Case Study Of Symbiote
Symbiote
2022-07-26CYBER GEEKS All Things InfosecCyberMasterV
HOW to Analyze Linux Malware - A Case Study of Symbiote
Symbiote
2022-07-06IntezerNicole Fishbein
OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow
HiddenWasp OrBit Symbiote
2022-06-09BlackberryJoakim Kennedy, The BlackBerry Research & Intelligence Team
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
Symbiote

There is no Yara-Signature yet.