|
|
|
|
|
|
by aflukasz
616 days ago
|
|
|
Article mentions couple of const paths that are used, like /root/.config/cron/perfcc. Also, it mentions that ~/.profile is modified (EDIT: and many others, actually), so IDS like AIDE, if operated correctly, should alert you on that. I don't see any mentions about attempts to circumvent locally run IDS. I wonder if/why malware author did not attempt any evasive actions here, given how much they try otherwise. Maybe cost/benefit ratio is too low? |
|
|