Discover and read the best of Twitter Threads about #C2Matrix

Most recents (1)

Reading the NSA and FBI report of Russian GRU 85th GTsSS using the Linux based Drovorub Malware. What stands out to me the most (so far) is the kernel level rootkit (stealth capabilities). All the other features seem pretty simple to emulate for Linux.

media.defense.gov/2020/Aug/13/20…
There are 4 modules: server, client, kernel-module, and agent. I like how they differentiate between client and agent where the agent does not include the kernel-module and is more for relaying and data staging. The server uses MySQL back-end, similar to other C2 frameworks.
"The name Drovorub comes from a variety of artifacts discovered in Drovorub files and from operations
conducted by the GTsSS using this malware; it is the name used by the GTsSS actors themselves. Taken together,
they translate to “woodcutter” or “to split wood.”
Read 6 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!