==================================================

CREATED: LINUX-INSMOD-KERNEL-MOD (#2059)

Description

The kernel module files typically end with .ko. In the case of malicious use, the source of the ko files may be a compiler or copy command. The names of the kernel modules may not be found easily in searches and may attempt to masquerade names.

ATT&CK Technique T1215

==================================================

CREATED: LINUX-SED-PRELOAD-PATCH (#2060)

Description

This detector identifies use of the Linux sed command may be used to patch the dynamic linker, changing the location of a configuration file defining global preload libraries. Adversaries have used this functionality to install rootkit malware.

ATT&CK Technique T1055

Did this answer your question?