Code Injection on Linux and MacOS with LD_PRELOAD
Tags
| cmtmf-attack-pattern: | Code Injection |
| attack-pattern: | Data Code Injection - T1540 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Connection Proxy - T1090 |
Common Information
| Type | Value |
|---|---|
| UUID | 22d7b175-6ce2-4f3a-82ab-654123a52e49 |
| Fingerprint | afbc493f2e849a8a |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | April 18, 2017, midnight |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 18, 2024, 2:36 a.m. |
| Headline | “This will only hurt for a moment”: code injection on Linux and macOS with LD_PRELOAD |
| Title | Code Injection on Linux and MacOS with LD_PRELOAD |
| Detected Hints/Tags/Attributes | 32/2/13 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.datawire.io/code-injection-on-linux-and-macos/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 11 | ipify.org |
|
| Details | Domain | 129 | api.ipify.org |
|
| Details | Domain | 1 | 119.161.217.144.in-addr.arpa |
|
| Details | Domain | 1 | tor-exit.clutterbuck.uk |
|
| Details | Domain | 5 | linux-vdso.so |
|
| Details | Domain | 146 | libc.so |
|
| Details | Domain | 46 | ld-linux-x86-64.so |
|
| Details | Domain | 1 | binary.in |
|
| Details | Domain | 1 | doubleputs.so |
|
| Details | IPv4 | 1 | 98.216.104.162 |
|
| Details | IPv4 | 2 | 144.217.161.119 |
|
| Details | IPv4 | 1 | 119.161.217.144 |
|
| Details | Url | 2 | http://api.ipify.org?format=json |