[Intel]: https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896

[timb-machine]

Area

Press/academia

Parent threat

Persistence, Defense Evasion, Command and Control

Finding

https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896

Industry reference

attack:T1205.002:Socket Filters
attack:T1036:Masquerading
attack:T1070:Indicator Removal on Host
attack:T1205:Traffic Signaling

Malware reference

#420
#418
BPFDoor
Tricephalic Hellkeeper
Unix.Backdoor.RedMenshen
JustForFun

Actor reference

DecisiveArchitect

Component

Linux, Solaris

Scenario

No response