I didn’t follow the one mention of ‘the fragmented file’. Does anyone get what it meant?
Poor editing? I assume they just mean the backdoor file, possibly autocorrected from “Fokirtor”. It’s a shared library that they’re injecting into sshd, possibly via LD_PRELOAD. Then they delete the file to avoid leaving traces behind.
I imagine that the file is fragmented into pieces to fit the available sshd traffic.
I didn’t follow the one mention of ‘the fragmented file’. Does anyone get what it meant?
Poor editing? I assume they just mean the backdoor file, possibly autocorrected from “Fokirtor”. It’s a shared library that they’re injecting into sshd, possibly via LD_PRELOAD. Then they delete the file to avoid leaving traces behind.
I imagine that the file is fragmented into pieces to fit the available sshd traffic.