ioc[.]one - OSINT Cyber Threat Intelligence Database

AhnLab EDR을 활용한 리눅스 지속성 유지 기법 탐지 (1) - ASEC

Tags

cmtmf-attack-pattern:

Scheduled Task/Job

attack-pattern:

Create Or Modify System Process - T1543 Cron - T1053.003 Dll Side-Loading - T1574.002 Dynamic Linker Hijacking - T1574.006 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Scheduled Task/Job - T1603 Systemd Service - T1543.002 Systemd Service - T1501 Unix Shell Configuration Modification - T1546.004 Winlogon Helper Dll - T1547.004 Dll Side-Loading - T1073 Scheduled Task - T1053 Winlogon Helper Dll - T1004

Show in Graph

Common Information

Type	Value
UUID	c5dd6fd3-54e5-4285-bfdb-3633cafd341b
Fingerprint	fca78df6e96cacf7
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 30, 2024, 1:21 a.m.
Added to db	Sept. 30, 2024, 3:53 a.m.
Last updated	Nov. 14, 2024, 8:09 a.m.
Headline	AhnLab EDR을 활용한 리눅스 지속성 유지 기법 탐지 (1)
Title	AhnLab EDR을 활용한 리눅스 지속성 유지 기법 탐지 (1) - ASEC
Detected Hints/Tags/Attributes	25/2/11

Source URLs

	Redirection	Url
Details	Source	https://asec.ahnlab.com/ko/83437/

URL Provider

Details	Provider	Source level domain
Details	ahnlab.com	asec.ahnlab.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	18	✔	ASEC	https://asec.ahnlab.com/ko/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	5		gcc.sh
Details	Domain	5		libudev.so
Details	Domain	2		cached.so
Details	Domain	117		ld.so
Details	Domain	13		libsystem.so
Details	MITRE ATT&CK Techniques	480		T1053
Details	MITRE ATT&CK Techniques	122		T1543
Details	MITRE ATT&CK Techniques	16		T1574.006
Details	MITRE ATT&CK Techniques	11		T1546.004
Details	MITRE ATT&CK Techniques	44		T1053.003
Details	MITRE ATT&CK Techniques	23		T1543.002