popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
title: Chmod Suspicious Directory
id: 6419afd1-3742-47a5-a7e6-b50386cd15f8
status: test
description: Detects chmod targeting files in abnormal directory paths.
references:
- https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/
- https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1222.002/T1222.002.md
author: 'Christopher Peacock @SecurePeacock, SCYTHE @scythe_io'
date: 2022-06-03
- attack.defense-evasion
- attack.t1222.002
logsource:
product: linux
category: process_creation
detection:
selection:
Image|endswith: '/chmod'
CommandLine|contains:
- '/tmp/'
- '/.Library/'
- '/etc/'
- '/opt/'
condition: selection
falsepositives:
- Admin changing file permissions.
level: medium
Antivirus Signature
Bkav Clean
Lionic Clean
tehtris Clean
Cynet Clean
CTX Clean
CAT-QuickHeal Clean
Skyhigh Clean
ALYac Clean
Malwarebytes Clean
Zillya Clean
Sangfor Clean
CrowdStrike Clean
K7GW Clean
K7AntiVirus Clean
Baidu Clean
VirIT Clean
Symantec Clean
ESET-NOD32 Clean
TrendMicro-HouseCall Clean
Avast Clean
ClamAV Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
Tencent Clean
Sophos Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
CMC Clean
Emsisoft Clean
huorong Clean
FireEye Clean
Jiangmin Clean
Varist Clean
Avira Clean
Fortinet Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Google Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Zoner Clean
Rising Clean
Yandex Clean
Ikarus Clean
GData Clean
AVG Clean
Panda Clean
alibabacloud Clean
No IRMA results available.