Simple Script to Detect the Stealthy Nation-State BPFDoor

경로 및 정보

Simple Script to Detect the Stealthy Nation-State BPFDoor

wtdsoul 2024. 6. 7. 09:29

https://blog.qualys.com/vulnerabilities-threat-research/2022/08/01/heres-a-simple-script-to-detect-the-stealthy-nation-state-bpfdoor

Here’s a Simple Script to Detect the Stealthy Nation-State BPFDoor | Qualys Security Blog

In this blog, the Qualys Research Team explains the mechanics of a Linux malware variant named BPFdoor. We then demonstrate the efficacy of Qualys Custom Assessment and Remediation to detect it…

blog.qualys.com

Filenames

/dev/shm/kdmtmpflush
/dev/shm/kdumpflush
/dev/shm/kdumpdb
/var/run/xinetd.lock
/var/run/kdevrund.pid
/var/run/haldrund.pid
/var/run/syslogd.reboot

Process names

/sbin/udevd -d
/sbin/mingetty /dev/tty7
/usr/sbin/console-kit-daemon –no-daemon
hald-addon-acpi: listening on acpi kernel interface /proc/acpi/event
dbus-daemon –system
hald-runner
pickup -l -t fifo -u
avahi-daemon: chroot helper
/sbin/auditd -n
/usr/lib/systemd/systemd-journald
/usr/libexec/postfix/master
qmgr -l -t fifo -u