When PAM Goes Rogue: Malware Uses Authentication Modules for Mischief
Tags
attack-pattern: Data /Etc/Passwd And /Etc/Shadow - T1003.008 Malware - T1587.001 Malware - T1588.001 Pluggable Authentication Modules - T1556.003 Software - T1592.002 Ssh - T1021.004 System Services - T1569 Rootkit - T1014 Sudo - T1169 Rootkit
Show in Graph
Common Information
Type Value
UUID 42ada8ab-cb10-4434-b695-484ce607f4be
Fingerprint bc21193b1ff0a489
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 26, 2023, 1 p.m.
Added to db Nov. 19, 2023, 12:12 a.m.
Last updated Aug. 31, 2024, 3:09 p.m.
Headline When PAM Goes Rogue: Malware Uses Authentication Modules for Mischief
Title When PAM Goes Rogue: Malware Uses Authentication Modules for Mischief
Detected Hints/Tags/Attributes 38/1/1
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/linux-pam-apis/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 120 Unit 42 https://feeds.feedburner.com/Unit42 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details sha256 1 
2ad5993cf4db52ef72e299590d79dd7414bc3b119f5d8be8274ad89bec4cbbae