We recently discovered an novel undetected implant family targeting Linux servers, which we dubbed Mélofée.

We linked with high confidence this malware to chinese state sponsored APT groups, in particular the notorious Winnti group.

In this blogpost we will first analyze the capabilities offered by this malware family, which include a kernel mode rootkit, and then deep dive in an infrastructure pivot maze to discover related adversary toolsets.

Read more...

We recently found a new passive backdoor targeting Linux and Solaris servers, wich can use TCP, UDP or ICMP packets as it’s triggers.

In this article we will dive into BPF in order to assess it’s capabilities :D

Read more...