Chaos

Chaos is Linux malware that compromises systems by brute force attacks against SSH services. Once installed, it provides a reverse shell to its controllers, triggered by unsolicited packets. [1]

ID: S0220
Type: MALWARE
Platforms: Linux

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1110Brute ForceChaos conducts brute force attacks against SSH services to gain initial access.[1]
EnterpriseT1059Command-Line InterfaceChaos provides a reverse shell connection on 8338/TCP, encrypted via AES.[1]
EnterpriseT1094Custom Command and Control ProtocolChaos provides a reverse shell connection on 8338/TCP, encrypted via AES.[1]
EnterpriseT1104Multi-Stage ChannelsAfter initial compromise, Chaos will download a second stage to establish a more permanent presence on the affected system.[1]
EnterpriseT1205Port KnockingChaos provides a reverse shell is triggered upon receipt of a packet with a special string, sent to any port.[1]
EnterpriseT1032Standard Cryptographic ProtocolChaos provides a reverse shell connection on 8338/TCP, encrypted via AES.[1]

References