T1572 – D E C E I V E R . I O

Deceive, Detect, Engage

Pygmy goat Backdoor

Pygmy Goat uses the LD_PRELOAD environment variable to inject itself into the sshd process, ensuring it’s loaded and executed whenever the SSH daemon starts.

The threat actor will use brute force and password spraying to target multiple accounts until one is successfully compromised. Once in, the threat actor will attempt to gather credentials and other information about the network to sell.

Tag: T1572

Pygmy goat Backdoor

Brute Forcing Hunt 4 Hunt

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense