Skip to content

Latest commit

 

History

History
52 lines (42 loc) · 1.4 KB

drovorub.md

File metadata and controls

52 lines (42 loc) · 1.4 KB
Raw
ID X0045
Type Bot/Botnet, Rootkit
Aliases None
Platforms Windows
Year 2020
Associated ATT&CK Software Drovorub

Drovorub

Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server. [1]

ATT&CK Techniques

See ATT&CK: Drovorub - Techniques Used.

Enhanced ATT&CK Techniques

Name Use
Persistence::Kernel Modules and Extensions (F0010) Drovorub uses a kernel module rootkit for loading and persistence. [1]

Indicators of Compromise

SHA256 Hashes

  • 92610f217e86134c695dfd11d4a81feb4f4760ef05d57407d33a7c09dfe071da
  • 53dede6856e46a2fbda8cb415ac96de18e751c3bf5749e596a6d844c2c9cb707
  • 1c0d14b530632307329de7bfb3546a91f6ebfd0256664c33a92f2b6e8ad88626
  • 17bf00b67487164d1822ea48f36d62bf6f4ff9b2388cab2c0757644fdf30e5bd

References

[1] https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF