Tsunami malware
0001-01-01
Tsunami malware affects Linux systems and spreads by brute forcing SSH or exploiting vulnerable software. It has functionality to act as a DDoS botnet, wipe logs, perform privilege escalation, and mine cryptocurrency with xmrig.
Tsunami commonly uses the IRC protocol for command and control.
https://malpedia.caad.fkie.fraunhofer.de/details/elf.tsunami
Linux Persistence: Modular Software
2025-04-17 DFIR CTF persistence linux persistence apache asterisk
Linux Persistence: Web Shells
2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP
Linux Persistence: Rootkits
2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking
Defanging Linux LKM Rootkits With cleanup_module()
2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit