A Linux rootkit that provides backdoor access and hides from defenders.
|Enterprise||T1059||Command-Line Interface||Umbreon provides access using both standard facilities like SSH and additional access using its backdoor Espeon, providing a reverse shell upon receipt of a special packet|
|Enterprise||T1205||Port Knocking||Umbreon provides additional access using its backdoor Espeon, providing a reverse shell upon receipt of a special packet|
|Enterprise||T1014||Rootkit||Umbreon hides from defenders by hooking libc function calls, hiding artifacts that would reveal its presence, such as the user account it creates to provide access and undermining strace, a tool often used to identify malware.|
|Enterprise||T1071||Standard Application Layer Protocol||Umbreon provides access to the system via SSH or any other protocol that uses PAM to authenticate.|
|Enterprise||T1078||Valid Accounts||Umbreon creates valid users to provide access to the system.|