November 1, 2021

919 words 5 mins read

timb-machine/linux-malware

timb-machine/linux-malware

Tracking interesting Linux (and UNIX) malware. Send PRs

repo name timb-machine/linux-malware
repo link https://github.com/timb-machine/linux-malware
homepage
language Shell
size (curr.) 23816 kB
stars (curr.) 768
created 2021-07-20
license The Unlicense

linux-malware

Press/academia

Breach reports

Supply chain attacks

Malware reports

Malware samples

Malware binaries

Malware source

Research, PoCs, capabilities etc

Not necessarily malicious code (see Linikatz and unix-privesc-check =)) but interesting capabilities…

Tools

Techniques

Sandboxes

Yara rules

Personal rules

  • ciscotools.yara - Hunts for references to our tools
  • aix.yara - Hunts for AIX binaries
  • adonunix2.yara - Hunts for binaries that attack AD on UNIX
  • enterpriseunix2.yara - Hunts for enterprise UNIX binaries
  • enterpriseapps2.yara - Hunts for enterprise app binaries
  • canvasspectre.yara - Hunts for CANVAS Spectre
  • unixredflags3.yara - Hunts for UNIX red flags

Other rules

comments powered by Disqus