T1195.001Compromise Software Dependencies and Development Tools
97%
“sophisticated quasar linux rat targets software developers a recently identified linux backdoor was designed to steal developer credentials across the software supply chain, trend micro warns. dubbed quasar linux ( qlnx ), the rat has a modular architecture, uses multiple persist…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
71%
“sophisticated quasar linux rat targets software developers a recently identified linux backdoor was designed to steal developer credentials across the software supply chain, trend micro warns. dubbed quasar linux ( qlnx ), the rat has a modular architecture, uses multiple persist…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
39%
“it particularly dangerous is not any single feature, but how its capabilities chain together into a coherent attack workflow : arrive, erase from disk, persist through six redundant mechanisms, hide at both userspace and kernel level, and then harvest the credentials that matter …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
33%
“sophisticated quasar linux rat targets software developers a recently identified linux backdoor was designed to steal developer credentials across the software supply chain, trend micro warns. dubbed quasar linux ( qlnx ), the rat has a modular architecture, uses multiple persist…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1014Rootkit
33%
“into cloud environments where production infrastructure lives, ” trend micro says. the rat is executed in memory, spoofs its process name, and can delete itself to evade detection. it also performs system reconnaissance to detect containers, hides specific processes, ports, and f…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.003Pluggable Authentication Modules
32%
“into cloud environments where production infrastructure lives, ” trend micro says. the rat is executed in memory, spoofs its process name, and can delete itself to evade detection. it also performs system reconnaissance to detect containers, hides specific processes, ports, and f…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
The persistent, evasive implant provides remote access, surveillance, and credential exfiltration capabilities.