Skidmap

Skidmap is a kernel-mode Linux rootkit used for cryptocurrency mining.[1]

Skidmap maintains persistence by adding its key to the SSH Authorized Keys list.

Techniques Used

Domain ID Name Use
Enterprise VT0011 .002 Account Manipulation: SSH Authorized Keys

Skidmap has the ability to add the public key of its handlers to the authorized_keys file to maintain persistence on an infected host.[1]

Enterprise VT0012 .001 Command and Scripting Interpreter: Unix Shell

Skidmap has used pm.sh to download and install its main payload.[1]

Enterprise VT0031 Resource Hijacking

Skidmap is a kernel-mode rootkit used for cryptocurrency mining.[1]

References

Attachments

ID
VS0009
Type
MALWARE
Platforms
Linux
Version
1.0

Created: 06 May 2021

Last Modified: 06 May 2021