Symbiote (Malware Family)

Symbiote

A malware capable of capturing credentials and enabling backdoor access, implemented as a userland rootkit. It uses three methods for hiding its network activity, by hooking and hijacking 1) fopen/fopen64, 2) eBPF, 3) a set of libpcap functions.

References

2023-07-13 ⋅ Trend Micro ⋅ Fernando Mercês
Detecting BPFDoor Backdoor Variants Abusing BPF Filters
BPFDoor Symbiote

2022-07-26 ⋅ Cyber Geeks ⋅ Vlad Pasca
How To Analyze Linux Malware – A Case Study Of Symbiote
Symbiote

2022-07-26 ⋅ CYBER GEEKS All Things Infosec ⋅ CyberMasterV
HOW to Analyze Linux Malware - A Case Study of Symbiote
Symbiote

2022-07-06 ⋅ Intezer ⋅ Nicole Fishbein
OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow
HiddenWasp OrBit Symbiote

2022-06-09 ⋅ Blackberry ⋅ Joakim Kennedy, The BlackBerry Research & Intelligence Team
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
Symbiote

There is no Yara-Signature yet.

Symbiote Propose Change

References

Symbiote