New malware targeting Linux systems are being discovered on a regular basis. Backdoors attributed to advanced threat actors are disclosed less frequently. In this talk, we will share a technical analysis of a recently uncovered backdoor we named RedXOR and explain why it is likely attributed to the Winnti umbrella. We will also touch upon the Linux threat landscape and how Linux malware find their way to compromised servers.
As well as understanding RedXOR malware, which is among the most sophisticated Linux malware discovered in the past year, attendees of this talk will gain knowledge about Winnti Linux TTPs and ELF malware analysis.