eBPF (Extended Berkeley Packet Filter) is a very interesting kernel technology that lets users load tiny, sandboxed programs into the Linux kernel to inspect or modify network packets, system calls, and more. The technology was introduced in 2015 to replace the “old” BPF technology of 1992, which was no longer compatible with modern computer architectures (e.g., 64-bit). As usual, the technology was quickly noticed by malware authors, leading to the Bvp47 malware in 2015 and a collection of ro
c2 (3)
French cybersecurity firms and law enforcement agents, together with partners from the United States, have successfully removed Chinese-built malware from thousands of infected PCs. In a press release shared on the US Justice Department (DOJ) website, it was said a Chinese state-sponsored threat actor called Twill Typhoon (AKA Mustang Panda) built a custom version of the PlugX malware which can “infect, control, and steal information from victim computers. Since at least 2014, Mustang Panda ha
Chinese developers have created a new command-and-control (C2) framework with features and functionality similar to Cobalt Strike and Sliver. The new framework is called Manjusaka.
Cisco Talos researchers have discovered the C2 framework in the wild running in parallel with Cobalt strike. The initial investigation began with a Cisco Talos response to a Cobalt Strike beacon detection that was installed from a malicious Microsoft Word Document. The document was sent in an email as an attachment
