Creation of Kernel Module¶
Identify activity related to loading kernel modules on Linux via creation of new ko files in the LKM directory
| id: | 9e711823-72f1-4c5c-843d-9afc90c4e6a1 |
|---|---|
| categories: | enrich |
| confidence: | low |
| os: | linux |
| created: | 7/26/2019 |
| updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
| tactics: | Persistence |
|---|---|
| techniques: | T1215 Kernel Modules and Extensions |
Query¶
file where subtype.create and
file_path == "/lib/modules/*" and file_name == "*.ko"