Chaos
ID: S0220
ⓘ
Type: MALWARE
ⓘ
Platforms: Linux
Version: 1.1
Created: 18 April 2018
Last Modified: 01 July 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1573 | .001 | 加密通道: Symmetric Cryptography |
Chaos provides a reverse shell connection on 8338/TCP, encrypted via AES.[1] |
| Enterprise | T1059 | .004 | 命令与脚本解释器: Unix Shell |
Chaos provides a reverse shell connection on 8338/TCP, encrypted via AES.[1] |
| Enterprise | T1104 | 多阶段信道 |
After initial compromise, Chaos will download a second stage to establish a more permanent presence on the affected system.[1] |
|
| Enterprise | T1110 | 暴力破解 |
Chaos conducts brute force attacks against SSH services to gain initial access.[1] |
|
| Enterprise | T1205 | 流量激活 |
Chaos provides a reverse shell is triggered upon receipt of a packet with a special string, sent to any port.[1] |
|