• Home
  • Attack
  • Detect
  • Predict
  • Dataset
  • Contact Us
        • T1-24–01–S–N–CL
        • T2-24–01–S–N–CL
        • T3-24–01–S–N–CL
        • T4-24–01–S–E–M
        • T5-24–01–S–E–LM
        • T6-24–01–S–E–FH
        • T7-24–01–M–NE–CLM
        • T8-24–01–M–NE–CFHL
        • T9-24–01–M–NE–CLM
        • T1-24–02–S–N–CIKM
        • T2-24–02–S–N–CL
        • T3-24–02–S–N–CL
        • T4-24-02-S-E-M
        • T5-24-02-S-E-DL
        • T6-24-02-S-E-DEGN
        • T7-24-02-M-NE-CDEGLN
        • T8-24-02-M-NE-CDL
        • T9-24-02-M-NE-CLH
        • T1-25–01–S–N–CD
        • T2-25–01–S–N–CL
        • T3-25–01–S–N–CD
        • T4-25-01-S-E-FH
        • T5-25-01-S-E-CL
        • T6-25-01-S-E-CL
        • T7-25-01-M-NE-CDN
        • T8-25-01-M-NE-CLFH
        • T9-25-01-M-NE-CDFH
      • Model Description
      • Explainable AI
  • T5-24-02-S-E-DL

  • Backdoor (with ARCANUS Tool)

    Backdoor malware is malicious software designed to provide unauthorized access to a system. Attackers can use it to remotely control the system or steal data without the user’s knowledge. It is typically installed by exploiting software vulnerabilities or through infected files. Backdoors are difficult to detect and can be mitigated through regular security updates and proper firewall configurations. They pose a significant threat to system integrity, leading to severe data breaches and security compromises.

    ARCANUS has the following two characteristics:

    1. It is open-source and available on GitHub.

    2. It is written in the Go programming language.

    •  


  • OS IP Software Log collection
    time    		 Program
    runtime
    Attacker - - - 35 sec 50 sec
    Victim Ubuntu 22.04 192.168.56.119 -

  • Installation
  • python3 -m pip install -r requirements.txt

  • Usage
  • python3 run.py

  • MITRE ATT&CK Framework
  • Attack Tactic
    Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion
    Credential Discovery Lateral Movement Collection Command and Control Exfiltration Impact

  • Logs
  • ./log/2024_02_T5_{time}.xml # YYmmdd_HHMMSS


  • References
  • [1] Naver BLOG [칼리 리눅스 아르카누스로 악성코드 만들기]
    [2] Boannews [해커가 사랑하는 마법의 문 ‘백도어’]
    [3] Github - EgeBalci [ARCANUS]

  • ※ Click on the attack name to see a description and scenario for the attack
    • 2024 02
    • T1-24–02–S–N–CIKM
    • T2-24–02–S–N–CL
    • T3-24–02–S–N–CL
    • T4-24-02-S-E-M
    • T5-24-02-S-E-DL
    • T6-24-02-S-E-DEGN
    • T7-24-02-M-NE-CDEGLN
    • T8-24-02-M-NE-CDL
    • T9-24-02-M-NE-CLH
  • Copyright(C) 2024, KAIST Cyber Security Reserch Center. All Rights Reserved.