ID | X0045 |
Type | Bot/Botnet, Rootkit |
Aliases | None |
Platforms | Windows |
Year | 2020 |
Associated ATT&CK Software | Drovorub |
Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server. [1]
See ATT&CK: Drovorub - Techniques Used.
Name | Use |
---|---|
Persistence::Kernel Modules and Extensions (F0010) | Drovorub uses a kernel module rootkit for loading and persistence. [1] |
SHA256 Hashes
- 92610f217e86134c695dfd11d4a81feb4f4760ef05d57407d33a7c09dfe071da
- 53dede6856e46a2fbda8cb415ac96de18e751c3bf5749e596a6d844c2c9cb707
- 1c0d14b530632307329de7bfb3546a91f6ebfd0256664c33a92f2b6e8ad88626
- 17bf00b67487164d1822ea48f36d62bf6f4ff9b2388cab2c0757644fdf30e5bd
[1] https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF