{"description": "Enterprise techniques used by Linux Rabbit, ATT&CK software S0362 (v1.2)", "name": "Linux Rabbit (S0362)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "19", "navigator": "5.3.2"}, "techniques": [{"techniqueID": "T1110", "showSubtechniques": true}, {"techniqueID": "T1110.003", "comment": "[Linux Rabbit](https://attack.mitre.org/software/S0362) brute forces SSH passwords in order to attempt to gain access and install its malware onto the server. (Citation: Anomali Linux Rabbit 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1132", "comment": "[Linux Rabbit](https://attack.mitre.org/software/S0362) sends the payload from the C2 server as an encoded URL parameter. (Citation: Anomali Linux Rabbit 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1546", "showSubtechniques": true}, {"techniqueID": "T1546.004", "comment": "[Linux Rabbit](https://attack.mitre.org/software/S0362) maintains persistence on an infected machine through rc.local and .bashrc files. (Citation: Anomali Linux Rabbit 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1133", "comment": "[Linux Rabbit](https://attack.mitre.org/software/S0362) attempts to gain access to the server via SSH.(Citation: Anomali Linux Rabbit 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1033", "comment": "[Linux Rabbit](https://attack.mitre.org/software/S0362) opens a socket on port 22 and if it receives a response it attempts to obtain the machine's hostname and Top-Level Domain. (Citation: Anomali Linux Rabbit 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1078", "comment": "[Linux Rabbit](https://attack.mitre.org/software/S0362) acquires valid SSH accounts through brute force. (Citation: Anomali Linux Rabbit 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Linux Rabbit", "color": "#66b1ff"}]}