Linfo

Linfo is a rootkit trojan used by Elderwood to open a backdoor on compromised hosts. [1] [2]

ID: S0211
Aliases: Linfo
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
Linfo[2]

Techniques Used

DomainIDNameUse
EnterpriseT1059Command-Line InterfaceLinfo creates a backdoor through which remote attackers can start a remote shell.[2]
EnterpriseT1005Data from Local SystemLinfo creates a backdoor through which remote attackers can obtain data from local systems.[2]
EnterpriseT1008Fallback ChannelsLinfo creates a backdoor through which remote attackers can change C2 servers.[2]
EnterpriseT1083File and Directory DiscoveryLinfo creates a backdoor through which remote attackers can list contents of drives and search for files.[2]
EnterpriseT1107File DeletionLinfo creates a backdoor through which remote attackers can delete files.[2]
EnterpriseT1057Process DiscoveryLinfo creates a backdoor through which remote attackers can retrieve a list of running processes.[2]
EnterpriseT1105Remote File CopyLinfo creates a backdoor through which remote attackers can download files onto compromised hosts.[2]
EnterpriseT1029Scheduled TransferLinfo creates a backdoor through which remote attackers can change the frequency at which compromised hosts contact remote C2 infrastructure.[2]
EnterpriseT1082System Information DiscoveryLinfo creates a backdoor through which remote attackers can retrieve system information.[2]

Groups

Groups that use this software:

Elderwood

References