SYNful Knock is a stealthy modification of the operating system of network devices that can be used to maintain persistence within a victim's network and provide new capabilities to the adversary.
|Enterprise||T1556||.004||Modify Authentication Process: Network Device Authentication||
SYNful Knock has the capability to add its own custom backdoor password when it modifies the operating system of the affected network device.
|Enterprise||T1601||.001||Modify System Image: Patch System Image||
SYNful Knock is malware that is inserted into a network device by patching the operating system image.
SYNful Knock can be sent instructions via special packets to change its functionality. Code for new functionality can be included in these messages.