M1: Sensitive information theft

refers to obtaining sensitive information and sending it to attackers without the user's knowledge or permission. Various types of information may be collected or stolen. Sensitive information includes system information such as the operating system platform and system file information such as ssh information and sensitive directories.

M2: Sensitive file operation

refers to the deletion, modification (encryption), and creation of sensitive files without the user's knowledge or permission, which affects the normal use of the system.

M3: Malicious software import

refers to running a malicious executable software in a package without the user's knowledge or permission, or remotely downloading and executing a malicious executable software through a network connection, including ransomware, mining software etc.

M4: Reverse shell

refers to listening to a certain TCP/UDP port without the user's knowledge or permission, the controlled end initiates a request to the port, and forwards the input and output of its command line to the control end.