A Linux rootkit that provides backdoor access and hides from defenders.
|Enterprise||T1059||.003||Command and Scripting Interpreter: Windows Command Shell|
|Enterprise||T1095||Non-Application Layer Protocol|
Umbreon hides from defenders by hooking libc function calls, hiding artifacts that would reveal its presence, such as the user account it creates to provide access and undermining strace, a tool often used to identify malware.
|Enterprise||T1078||.003||Valid Accounts: Local Accounts|