@network_packet You need to know what to look for when hunting and the references you supplied are well good enough to start. I would also recommend checking out and researching detecting said malware in logs, blowing up your own Linux malware samples then understanding what to look for. When it comes to nix based malware, prevention is 10x better than cure, well so is windows haha.
I created an account on your website, after I received the confirmation email I was redirected to a login form where is specified that I need different credential from the one I used for my account. But I don’t receive any email with the new credentials.
I just want to add one thing to the discussion if it’s okay.
You can use API Monitoring tools and intercept NtCreateUserProcess (NTDLL) and NtResumeThread (NTDLL). When NtCreateUserProcess break-point/hook is triggered then you can check the image file path/command line information to see the PE on disk being executed for a process spawn, and the NtResumeThread interception prevents the new process from executing any of it’s own code until you’re ready to analyse it.
Microsoft Office exploits tend to abuse the privilege to download additional malware and then execute it/execute built-in utilities like PowerShell so I thought it could be helpful for me to mention this. It can help you easily intercept process creation if it happens with a malicious MS document.