Skip to main content
MalwareThreat Intelligence

Detectie voor BPFDoor malware

By 05/08/2022No Comments

BPFDoor is backdoor malware associated with the Chinese APTRed Menshen. It is a highly evasive malware that targets Linux and Solaris-based systems. It is said to have been unnoticed for up to 5 years before its discovery.

This malware uses a Berkeley Packet Filter (BPF) sniffer which makes it capable of sniffing all network traffic and bypassing existing firewall rules. It can be used for remote code execution without opening any new network ports.

BPFDoor does not have any form of inbuilt persistence because it does not survive a system reboot. It is therefore assumed that the attacker immediately performs post-exploitation activities after infecting an endpoint. Cronjobs and startup scripts might be used by the attacker for persistence.

  • Using Security Configuration Assessment (SCA)
  • Using Auditd







Automatische Detectie voor deze malware is actief op ons KMO CDC Center!


Author christophe

More posts by christophe

Leave a Reply