Linux Commands and Utilities Commonly Used by Attackers
1 min read
Jun 14, 2021
Uptycs' threat research team has observed several instances of Linux malware where attackers leverage the inbuilt commands and utilities for a wide range of malicious activities. This article explores Linux commands and utilities commonly used by attackers and how you can use Uptycs EDR detection capabilitiesto find if these have been used in your environment.
In Linux, several utilities and commands are configured by default. Once an adversary gains access to the system, they can leverage these commands and utilities to get their malware up and loaded quickly with full system privileges. And since these commands and utilities are used by users on a daily basis, it can be extremely difficult to detect malicious activities if they have been used for malicious purposes.
Using the data sources from customer telemetry, MITRE mapping of the detection alerts, threat intelligence systems and our in-house osquery-based sandbox, we identified around 25 commands and utilities that are most commonly used by attackers.
The link for this article located at Uptycs Blog is no longer available.
Related Articles
1 - 0 min read
7 things even new Linux users can do to better secure the OS
1 - 0 min read
Supershell – Open-Source Botnet That Obtain SSH Shell Access
