RedXOR

Description

(Intezer) The backdoor masquerades itself as polkit daemon. We named it RedXOR for its network data encoding scheme based on XOR. The malware was compiled on Red Hat Enterprise Linux.

Names

Name
RedXOR

Category

Malware

Type

• Backdoor

Information

• https://www.intezer.com/blog/malware-analysis/new-linux-backdoor-redxor-likely-operated-by-chinese-nation-state-actor/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/elf.redxor

Other Information

Uuid

10d35a97-d879-42e5-90ba-d6c881d5165b

Last Card Change

2021-04-24