misp-circl-feed/feeds/circl/misp/233c76c8-f94a-4ff7-9664-b666618e9de4.json

{
  "Event": {
    "analysis": "2",
    "date": "2024-02-12",
    "extends_uuid": "",
    "info": "OSINT - Ivanti Connect Secure: Journey to the core of the DSLog backdoor",
    "publish_timestamp": "1707733761",
    "published": true,
    "threat_level_id": "1",
    "timestamp": "1707733756",
    "uuid": "233c76c8-f94a-4ff7-9664-b666618e9de4",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "PAP:CLEAR",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#004646",
        "local": false,
        "name": "type:OSINT",
        "relationship_type": ""
      },
      {
        "colour": "#0071c3",
        "local": false,
        "name": "osint:lifetime=\"perpetual\"",
        "relationship_type": ""
      },
      {
        "colour": "#0087e8",
        "local": false,
        "name": "osint:certainty=\"50\"",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:clear",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "Network activity",
        "comment": "Massive exploitation activity (comment: sounds like a VPN gateway)",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1707726341",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "56987adb-df31-41d6-a45d-a09395d5a45f",
        "value": "159.65.123.122"
      }
    ],
    "Object": [
      {
        "comment": "",
        "deleted": false,
        "description": "Report object to describe a report along with its metadata.",
        "meta-category": "misc",
        "name": "report",
        "template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
        "template_version": "8",
        "timestamp": "1707726305",
        "uuid": "817cf557-d986-42c5-8cdf-3a55abf9d54d",
        "Attribute": [
          {
            "category": "External analysis",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "link",
            "timestamp": "1707726305",
            "to_ids": false,
            "type": "link",
            "uuid": "6b91027e-e603-47b6-81b5-3ad1b1ed994f",
            "value": "https://www.orangecyberdefense.com/fileadmin/general/pdf/Ivanti_Connect_Secure_-_Journey_to_the_core_of_the_DSLog_backdoor.pdf"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "summary",
            "timestamp": "1707726305",
            "to_ids": false,
            "type": "text",
            "uuid": "74b6e33a-318e-48dc-8d2b-8540b20262a0",
            "value": "Ivanti Connect Secure:\r\nJourney to the core of the\r\nDSLog backdoor"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "title",
            "timestamp": "1707726305",
            "to_ids": false,
            "type": "text",
            "uuid": "ebb95e49-3784-448e-b5d2-fc5e120da03a",
            "value": "Ivanti Connect Secure: Journey to the core of the DSLog backdoor"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "type",
            "timestamp": "1707726305",
            "to_ids": false,
            "type": "text",
            "uuid": "b2ee8936-f137-41d5-93c1-4e6920da6648",
            "value": "Report"
          },
          {
            "category": "External analysis",
            "comment": "",
            "data": "JVBERi0xLjYNJeLjz9MNCjQ5NSAwIG9iag08PC9MaW5lYXJpemVkIDEvTCA0OTczNjYvTyA0OTcvRSA0NTU2OS9OIDEyL1QgNDk2ODY1L0ggWyA1MjUgNDgwXT4+DWVuZG9iag0gICAgICAgICAgICAgDQo1MjEgMCBvYmoNPDwvRGVjb2RlUGFybXM8PC9Db2x1bW5zIDQvUHJlZGljdG9yIDEyPj4vRmlsdGVyL0ZsYXRlRGVjb2RlL0lEWzw4MTg3NEI2MDcxOUI3MDQ5QUYxOTg4NDIxNUVBNDMwNz48REY2Q0U1M0FBREI5OTI0MjlDNjQ4QzFDQjE0NDRCRTk+XS9JbmRleFs0OTUgMzhdL0luZm8gNDk0IDAgUi9MZW5ndGggMTE1L1ByZXYgNDk2ODY2L1Jvb3QgNDk2IDAgUi9TaXplIDUzMy9UeXBlL1hSZWYvV1sxIDIgMV0+PnN0cmVhbQ0KaN5iYmQQYGBiYL4LJBinAgmmzSBuGYirCWLtAYldARIsN4AE618Q8QpE/AKJvQCx/oFY20HEbxBXC6R3BpAQWQEkjEOBhGIfkOCeDSQYTEHm6YOUMIGIaUAi4DYDEyNjHUgWJEok8Z9R+jtAgAEAr1UUXQ0KZW5kc3RyZWFtDWVuZG9iag1zdGFydHhyZWYNCjANCiUlRU9GDQogICAgICAgIA0KNTMyIDAgb2JqDTw8L0MgNDQ1L0ZpbHRlci9GbGF0ZURlY29kZS9JIDQ2Ny9MZW5ndGggMzg1L08gNDI5L1MgMzI2Pj5zdHJlYW0NCmjeYmBgYAKiRQysDAycCxmEGBBACCjGxsDCwLHBiYFBgcOFQeN7AwODq4/QQ2bFg+xN+zbw/mVldzA42/2AbVXwU7Z1fnOuXIDpdeLxlEg53O8oMjvLwYnHLa7giHQd88VS5caJD5oFJ/PVMV9w3dLIYagCUiN2iUXhCYgBFLGUEHzm0yh+IefbJAuB5onPfCx/8APF+dxcOF+csd0h7ymR5PDAmcNTLs1YyUkkoXbzJaAyAZBFINMKgAzxIAaGio4OBkZB9Y6ODqCDGdw7oIwKMM2WDqQYmM1BbCUTqGRoOEQNM0gSpNvFrQIiEw4iGMWBbDzeBxoux8A6exKQlgBiVXAYmDIIMNYxOzJ8YWpnnM+8mOUEy1aWo8ybWU6yNDEfY/nKkCxcbKygEMmdBlT7i+EsYyKjMaMD49WI2T1MTIIVEQzfGeR5bjNoecUxOrLYwQJWm4E9LgxIMwIjrRRI6zCwJ5wG0iwMDLJ+8KgzYmCf9BqiivEbQIABANRahU8NCmVuZHN0cmVhbQ1lbmRvYmoNNDk2IDAgb2JqDTw8L01hcmtJbmZvPDwvTWFya2VkIHRydWU+Pi9NZXRhZGF0YSA0OCAwIFIvT3V0bGluZXMgNzIgMCBSL1BhZ2VMYXlvdXQvT25lQ29sdW1uL1BhZ2VzIDQ5MSAwIFIvU3RydWN0VHJlZVJvb3QgOTUgMCBSL1R5cGUvQ2F0YWxvZz4+DWVuZG9iag00OTcgMCBvYmoNPDwvQ29udGVudHNbNTAyIDAgUiA1MDMgMCBSIDUwNCAwIFIgNTA1IDAgUiA1MDYgMCBSIDUwNyAwIFIgNTA4IDAgUiA1MTAgMCBSXS9Dcm9wQm94WzAuMCAwLjAgNTk1LjAyIDg0MS45OF0vR3JvdXAgNTMxIDAgUi9NZWRpYUJveFswLjAgMC4wIDU5NS4wMiA4NDEuOThdL1BhcmVudCA0OTIgMCBSL1Jlc291cmNlczw8L0NvbG9yU3BhY2U8PC9DUzAgNTIyIDAgUi9DUzEgNTIzIDAgUj4+L0V4dEdTdGF0ZTw8L0dTMCA1MjQgMCBSPj4vRm9udDw8L1RUMCA1MjYgMCBSL1RUMSA1MjggMCBSL1RUMiA1MzAgMCBSPj4vUHJvY1NldFsvUERGL1RleHQvSW1hZ2VDL0ltYWdlSV0vWE9iamVjdDw8L0ltMCA1MDkgMCBSL0ltMSA1MTggMCBSL0ltMiA1MjAgMCBSPj4+Pi9Sb3RhdGUgMC9TdHJ1Y3RQYXJlbnRzIDAvVGFicy9TL1R5cGUvUGFnZT4+DWVuZG9iag00OTggMCBvYmoNPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0ZpcnN0IDc5L0xlbmd0aCA3ODkvTiAxMC9UeXBlL09ialN0bT4+c3RyZWFtDQpo3qxWbU8TQRD+K/NRY3B3b98TQ9JWECKg4UBUwoezXeHi9a7pHQb+vTNzbUmJpUJMM5m5nfeZfTa1WQYSbKZBK2QGHDELynrkDoyib5QD8QBBW+QR9QoFLUF5F1BQkKkQ4FIc1pN0lybiffpdjtPphyFoAxajSDi9+psasyvH2nfvxOAwh59F1SYxPBYnzXxaVGI0APVWik+fF5pPn49BiXwA3fw2ify4aH+haZ3E2f0sib277kPeFV0S44L9mlnvt7tL8dtxqjuIzotRMTtI5fVNB14ZrKfX7GQmiP2quG5BZ2K/qbvhsLm73FHOsQ6UtJL8r1i5X0zL6v7VQap+p67EjMbCEQV93avLKmXYH834lE9OimkS5wdHo72Pb1ZeJ+k27bAb2+TdPHXjm2X/dHTRV6qlFIddUZXjQX1dJZAi79L0CzjTN0+m1Mm8nHXNXHxdNIgD5u6HRZvI5KkC9upxMynra3FR1oO6LVff++W87UY3xXw5mIdEfGOow6PiwSS//dFRTWe4JS7urDmvSwyWwMTI5quaMdmku2kvMx+u1vbk9cv35B35b9iTtXDaTIt6fU96fU8n59+PP357NCZ227Ins2FPIWzZk1/f0xMFvHBPfn1PKvinFmWl3LgoyGwEg0+EtT0pidYOn4SlkkjbDJzsz3SIPdd65bSNOBYSxVgSnQeScc0uWPD4hnlJTxe+Ud6Ax7x0RvmtiuCc73286m1d78sc/UlmP9RRjIhNEef4yLkPrJm4XMzEaowZ9RrPouM4XDflzzLOTzzYRc+kJ3skngNG0/SUkg5lb7EWFVg2QfZ50Z+448zbf8uZ0XKIljX/2884vd3i/6EU578Zpd7CsKkm6yA16yA9+v7ty+HoEUbIawtG/QaMKiOfB9LNBbwQo/ERRjP1NEbVZozKZ/8eezHAEFzeKKaVXewvreSr/GDPIDKRgUPf0Zi/ZCEYLOG65HzFSY4EtbCwIilKx6cMygXRY0KgoweGAZVJCHg3GJAq9hd0lD/80RA5Tq+o21kxT/X4fnf3jwADAHsBcOANCmVuZHN0cmVhbQ1lbmRvYmoNNDk5IDAgb2JqDTw8L0ZpbHRlci9GbGF0ZURlY29kZS9MZW5ndGggMjI2Pj5zdHJlYW0NCkiJXJDPasQgEMbvPsUcdw+L2ZwlULYUcugfmvYBjE5SoRllYg55+442bKEDKuP3/eRz9K1/7Clk0G8c3YAZpkCecY0bO4QR50Dq2oIPLh9d3d1ik9ICD/uacelpisoY0O8irpl3OD34OOJZ6Vf2yIFmOH3ehjPoYUvpGxekDA10HXic5KFnm17sgqArdum96CHvF2H+HB97Qmhrf/0N46LHNVmHbGlGZRqpDsyTVKeQ/D/9oMbJfVlWpi3eppGjeI/bQsnn4B7JbcySpk6gxigBAuF9SCkmEKos9SPAANnGbzANCmVuZHN0cmVhbQ1lbmRvYmoNNTAwIDAgb2JqDTw8L0ZpbHRlci9GbGF0ZURlY29kZS9MZW5ndGggNjI5Pj5zdHJlYW0NCkiJXNTNauJQGMbxfa7iLNtFieb9akAEa1twMR+MMxegybETGGOIduHdTx6f0oERNP+QnOTnWbzlevO86btLKr+Pp2abL+nQ9e2Yz6f3sclpn9+6vphXqe2ay8fZ7bc57oainBZvr+dLPm76w6lYLFL5Y7p4vozXdLdqT/t8X5TfxjaPXf+W7n6tt/ep3L4Pw598zP0lzdJymdp8mB70ZTd83R1zKm/LHjbtdL27XB+mNf/u+Hkdcqpu53NimlObz8OuyeOuf8vFYjZ9lmnxOn2WRe7b/67PZzOu2x+a37uxWFS4ezabDl
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "report-file",
            "timestamp": "1707726305",
            "to_ids": false,
            "type": "attachment",
            "uuid": "e16e7849-f6a6-4b4c-aac8-4a22f9469495",
            "value": "Ivanti_Connect_Secure_-_Journey_to_the_core_of_the_DSLog_backdoor.pdf"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1707726571",
        "uuid": "949f5d0e-5d7d-4c46-afac-447c7bdbbc7e",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "state",
            "timestamp": "1707726460",
            "to_ids": false,
            "type": "text",
            "uuid": "c108ced6-225c-40b5-acb2-47efd28f482b",
            "value": "Malicious"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "fullpath",
            "timestamp": "1707726530",
            "to_ids": true,
            "type": "text",
            "uuid": "bf371cdf-fc6d-4cad-b8f9-e9eb9126c62a",
            "value": "/root/home/webserver/htdocs/dana-na/imgs/index.txt"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "fullpath",
            "timestamp": "1707726493",
            "to_ids": true,
            "type": "text",
            "uuid": "a2162750-43b7-4799-aab9-aca04086a6e7",
            "value": "/root/home/webserver/htdocs/dana-na/imgs/index1.txt"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "fullpath",
            "timestamp": "1707726503",
            "to_ids": true,
            "type": "text",
            "uuid": "082d5277-5d15-4c73-9585-b66161163bfe",
            "value": "/root/home/webserver/htdocs/dana-na/imgs/logo.png"
          },
          {
            "category": "Other",
            "comment": "Embedding the result of \u2018uname -a\u2019",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "fullpath",
            "timestamp": "1707726533",
            "to_ids": true,
            "type": "text",
            "uuid": "1e98d320-29a1-4f94-bc8c-9a25fd668c4c",
            "value": "/root/home/webserver/htdocs/dana-na/imgs/index2.txt"
          },
          {
            "category": "Other",
            "comment": "Legitimate DSLog Log module embedding the\r\nbackdoor (IDS flag disabled + review of the local file is required)",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "fullpath",
            "timestamp": "1707726571",
            "to_ids": false,
            "type": "text",
            "uuid": "1674d828-7c3c-4b83-968c-d473d930eca1",
            "value": "/root/home/perl/DSLog.pm"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "Report object to describe a report along with its metadata.",
        "meta-category": "misc",
        "name": "report",
        "template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
        "template_version": "8",
        "timestamp": "1707733521",
        "uuid": "6d6dd94f-1bf8-4d9d-b1d3-60300f6a10c1",
        "Attribute": [
          {
            "category": "External analysis",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "link",
            "timestamp": "1707733521",
            "to_ids": false,
            "type": "link",
            "uuid": "a192481b-64f6-45f4-bb73-1b67f057c5a5",
            "value": "https://www.orangecyberdefense.com/global/blog/cybersecurity/ivanti-0-day"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "title",
            "timestamp": "1707733521",
            "to_ids": false,
            "type": "text",
            "uuid": "dc9f2478-c01d-4358-9969-a1b708a01334",
            "value": "CERT alert: Zero-day in Ivanti software (Update 09. Feb)"
          }
        ]
      }
    ]
  }
}
chg: [feeds] updated 2024-08-07 08:13:15 +00:00			`{`
			`"Event": {`
			`"analysis": "2",`
			`"date": "2024-02-12",`
			`"extends_uuid": "",`
			`"info": "OSINT - Ivanti Connect Secure: Journey to the core of the DSLog backdoor",`
			`"publish_timestamp": "1707733761",`
			`"published": true,`
			`"threat_level_id": "1",`
			`"timestamp": "1707733756",`
			`"uuid": "233c76c8-f94a-4ff7-9664-b666618e9de4",`
			`"Orgc": {`
			`"name": "CIRCL",`
			`"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"`
			`},`
			`"Tag": [`
			`{`
			`"colour": "#ffffff",`
			`"local": false,`
			`"name": "PAP:CLEAR",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#0088cc",`
			`"local": false,`
			`"name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#ffffff",`
			`"local": false,`
			`"name": "tlp:white",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#004646",`
			`"local": false,`
			`"name": "type:OSINT",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#0071c3",`
			`"local": false,`
			`"name": "osint:lifetime=\"perpetual\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#0087e8",`
			`"local": false,`
			`"name": "osint:certainty=\"50\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#ffffff",`
			`"local": false,`
			`"name": "tlp:clear",`
			`"relationship_type": ""`
			`}`
			`],`
			`"Attribute": [`
			`{`
			`"category": "Network activity",`
			`"comment": "Massive exploitation activity (comment: sounds like a VPN gateway)",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1707726341",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "56987adb-df31-41d6-a45d-a09395d5a45f",`
			`"value": "159.65.123.122"`
			`}`
			`],`
			`"Object": [`
			`{`
			`"comment": "",`
			`"deleted": false,`
			`"description": "Report object to describe a report along with its metadata.",`
			`"meta-category": "misc",`
			`"name": "report",`
			`"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",`
			`"template_version": "8",`
			`"timestamp": "1707726305",`
			`"uuid": "817cf557-d986-42c5-8cdf-3a55abf9d54d",`
			`"Attribute": [`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "link",`
			`"timestamp": "1707726305",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "6b91027e-e603-47b6-81b5-3ad1b1ed994f",`
			`"value": "https://www.orangecyberdefense.com/fileadmin/general/pdf/Ivanti_Connect_Secure_-_Journey_to_the_core_of_the_DSLog_backdoor.pdf"`
			`},`
			`{`
			`"category": "Other",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "summary",`
			`"timestamp": "1707726305",`
			`"to_ids": false,`
			`"type": "text",`
			`"uuid": "74b6e33a-318e-48dc-8d2b-8540b20262a0",`
			`"value": "Ivanti Connect Secure:\r\nJourney to the core of the\r\nDSLog backdoor"`
			`},`
			`{`
			`"category": "Other",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "title",`
			`"timestamp": "1707726305",`
			`"to_ids": false,`
			`"type": "text",`
			`"uuid": "ebb95e49-3784-448e-b5d2-fc5e120da03a",`
			`"value": "Ivanti Connect Secure: Journey to the core of the DSLog backdoor"`
			`},`
			`{`
			`"category": "Other",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": true,`
			`"object_relation": "type",`
			`"timestamp": "1707726305",`
			`"to_ids": false,`
			`"type": "text",`
			`"uuid": "b2ee8936-f137-41d5-93c1-4e6920da6648",`
			`"value": "Report"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			"data": "JVBERi0xLjYNJeLjz9MNCjQ5NSAwIG9iag08PC9MaW5lYXJpemVkIDEvTCA0OTczNjYvTyA0OTcvRSA0NTU2OS9OIDEyL1QgNDk2ODY1L0ggWyA1MjUgNDgwXT4+DWVuZG9iag0gICAgICAgICAgICAgDQo1MjEgMCBvYmoNPDwvRGVjb2RlUGFybXM8PC9Db2x1bW5zIDQvUHJlZGljdG9yIDEyPj4vRmlsdGVyL0ZsYXRlRGVjb2RlL0lEWzw4MTg3NEI2MDcxOUI3MDQ5QUYxOTg4NDIxNUVBNDMwNz48REY2Q0U1M0FBREI5OTI0MjlDNjQ4QzFDQjE0NDRCRTk+XS9JbmRleFs0OTUgMzhdL0luZm8gNDk0IDAgUi9MZW5ndGggMTE1L1ByZXYgNDk2ODY2L1Jvb3QgNDk2IDAgUi9TaXplIDUzMy9UeXBlL1hSZWYvV1sxIDIgMV0+PnN0cmVhbQ0KaN5iYmQQYGBiYL4LJBinAgmmzSBuGYirCWLtAYldARIsN4AE618Q8QpE/AKJvQCx/oFY20HEbxBXC6R3BpAQWQEkjEOBhGIfkOCeDSQYTEHm6YOUMIGIaUAi4DYDEyNjHUgWJEok8Z9R+jtAgAEAr1UUXQ0KZW5kc3RyZWFtDWVuZG9iag1zdGFydHhyZWYNCjANCiUlRU9GDQogICAgICAgIA0KNTMyIDAgb2JqDTw8L0MgNDQ1L0ZpbHRlci9GbGF0ZURlY29kZS9JIDQ2Ny9MZW5ndGggMzg1L08gNDI5L1MgMzI2Pj5zdHJlYW0NCmjeYmBgYAKiRQysDAycCxmEGBBACCjGxsDCwLHBiYFBgcOFQeN7AwODq4/QQ2bFg+xN+zbw/mVldzA42/2AbVXwU7Z1fnOuXIDpdeLxlEg53O8oMjvLwYnHLa7giHQd88VS5caJD5oFJ/PVMV9w3dLIYagCUiN2iUXhCYgBFLGUEHzm0yh+IefbJAuB5onPfCx/8APF+dxcOF+csd0h7ymR5PDAmcNTLs1YyUkkoXbzJaAyAZBFINMKgAzxIAaGio4OBkZB9Y6ODqCDGdw7oIwKMM2WDqQYmM1BbCUTqGRoOEQNM0gSpNvFrQIiEw4iGMWBbDzeBxoux8A6exKQlgBiVXAYmDIIMNYxOzJ8YWpnnM+8mOUEy1aWo8ybWU6yNDEfY/nKkCxcbKygEMmdBlT7i+EsYyKjMaMD49WI2T1MTIIVEQzfGeR5bjNoecUxOrLYwQJWm4E9LgxIMwIjrRRI6zCwJ5wG0iwMDLJ+8KgzYmCf9BqiivEbQIABANRahU8NCmVuZHN0cmVhbQ1lbmRvYmoNNDk2IDAgb2JqDTw8L01hcmtJbmZvPDwvTWFya2VkIHRydWU+Pi9NZXRhZGF0YSA0OCAwIFIvT3V0bGluZXMgNzIgMCBSL1BhZ2VMYXlvdXQvT25lQ29sdW1uL1BhZ2VzIDQ5MSAwIFIvU3RydWN0VHJlZVJvb3QgOTUgMCBSL1R5cGUvQ2F0YWxvZz4+DWVuZG9iag00OTcgMCBvYmoNPDwvQ29udGVudHNbNTAyIDAgUiA1MDMgMCBSIDUwNCAwIFIgNTA1IDAgUiA1MDYgMCBSIDUwNyAwIFIgNTA4IDAgUiA1MTAgMCBSXS9Dcm9wQm94WzAuMCAwLjAgNTk1LjAyIDg0MS45OF0vR3JvdXAgNTMxIDAgUi9NZWRpYUJveFswLjAgMC4wIDU5NS4wMiA4NDEuOThdL1BhcmVudCA0OTIgMCBSL1Jlc291cmNlczw8L0NvbG9yU3BhY2U8PC9DUzAgNTIyIDAgUi9DUzEgNTIzIDAgUj4+L0V4dEdTdGF0ZTw8L0dTMCA1MjQgMCBSPj4vRm9udDw8L1RUMCA1MjYgMCBSL1RUMSA1MjggMCBSL1RUMiA1MzAgMCBSPj4vUHJvY1NldFsvUERGL1RleHQvSW1hZ2VDL0ltYWdlSV0vWE9iamVjdDw8L0ltMCA1MDkgMCBSL0ltMSA1MTggMCBSL0ltMiA1MjAgMCBSPj4+Pi9Sb3RhdGUgMC9TdHJ1Y3RQYXJlbnRzIDAvVGFicy9TL1R5cGUvUGFnZT4+DWVuZG9iag00OTggMCBvYmoNPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0ZpcnN0IDc5L0xlbmd0aCA3ODkvTiAxMC9UeXBlL09ialN0bT4+c3RyZWFtDQpo3qxWbU8TQRD+K/NRY3B3b98TQ9JWECKg4UBUwoezXeHi9a7pHQb+vTNzbUmJpUJMM5m5nfeZfTa1WQYSbKZBK2QGHDELynrkDoyib5QD8QBBW+QR9QoFLUF5F1BQkKkQ4FIc1pN0lybiffpdjtPphyFoAxajSDi9+psasyvH2nfvxOAwh59F1SYxPBYnzXxaVGI0APVWik+fF5pPn49BiXwA3fw2ify4aH+haZ3E2f0sib277kPeFV0S44L9mlnvt7tL8dtxqjuIzotRMTtI5fVNB14ZrKfX7GQmiP2quG5BZ2K/qbvhsLm73FHOsQ6UtJL8r1i5X0zL6v7VQap+p67EjMbCEQV93avLKmXYH834lE9OimkS5wdHo72Pb1ZeJ+k27bAb2+TdPHXjm2X/dHTRV6qlFIddUZXjQX1dJZAi79L0CzjTN0+m1Mm8nHXNXHxdNIgD5u6HRZvI5KkC9upxMynra3FR1oO6LVff++W87UY3xXw5mIdEfGOow6PiwSS//dFRTWe4JS7urDmvSwyWwMTI5quaMdmku2kvMx+u1vbk9cv35B35b9iTtXDaTIt6fU96fU8n59+PP357NCZ227Ins2FPIWzZk1/f0xMFvHBPfn1PKvinFmWl3LgoyGwEg0+EtT0pidYOn4SlkkjbDJzsz3SIPdd65bSNOBYSxVgSnQeScc0uWPD4hnlJTxe+Ud6Ax7x0RvmtiuCc73286m1d78sc/UlmP9RRjIhNEef4yLkPrJm4XMzEaowZ9RrPouM4XDflzzLOTzzYRc+kJ3skngNG0/SUkg5lb7EWFVg2QfZ50Z+448zbf8uZ0XKIljX/2884vd3i/6EU578Zpd7CsKkm6yA16yA9+v7ty+HoEUbIawtG/QaMKiOfB9LNBbwQo/ERRjP1NEbVZozKZ/8eezHAEFzeKKaVXewvreSr/GDPIDKRgUPf0Zi/ZCEYLOG65HzFSY4EtbCwIilKx6cMygXRY0KgoweGAZVJCHg3GJAq9hd0lD/80RA5Tq+o21kxT/X4fnf3jwADAHsBcOANCmVuZHN0cmVhbQ1lbmRvYmoNNDk5IDAgb2JqDTw8L0ZpbHRlci9GbGF0ZURlY29kZS9MZW5ndGggMjI2Pj5zdHJlYW0NCkiJXJDPasQgEMbvPsUcdw+L2ZwlULYUcugfmvYBjE5SoRllYg55+442bKEDKuP3/eRz9K1/7Clk0G8c3YAZpkCecY0bO4QR50Dq2oIPLh9d3d1ik9ICD/uacelpisoY0O8irpl3OD34OOJZ6Vf2yIFmOH3ehjPoYUvpGxekDA10HXic5KFnm17sgqArdum96CHvF2H+HB97Qmhrf/0N46LHNVmHbGlGZRqpDsyTVKeQ/D/9oMbJfVlWpi3eppGjeI/bQsnn4B7JbcySpk6gxigBAuF9SCkmEKos9SPAANnGbzANCmVuZHN0cmVhbQ1lbmRvYmoNNTAwIDAgb2JqDTw8L0ZpbHRlci9GbGF0ZURlY29kZS9MZW5ndGggNjI5Pj5zdHJlYW0NCkiJXNTNauJQGMbxfa7iLNtFieb9akAEa1twMR+MMxegybETGGOIduHdTx6f0oERNP+QnOTnWbzlevO86btLKr+Pp2abL+nQ9e2Yz6f3sclpn9+6vphXqe2ay8fZ7bc57oainBZvr+dLPm76w6lYLFL5Y7p4vozXdLdqT/t8X5TfxjaPXf+W7n6tt/ep3L4Pw598zP0lzdJymdp8mB70ZTd83R1zKm/LHjbtdL27XB+mNf/u+Hkdcqpu53NimlObz8OuyeOuf8vFYjZ9lmnxOn2WRe7b/67PZzOu2x+a37uxWFS4ezabDl
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "report-file",`
			`"timestamp": "1707726305",`
			`"to_ids": false,`
			`"type": "attachment",`
			`"uuid": "e16e7849-f6a6-4b4c-aac8-4a22f9469495",`
			`"value": "Ivanti_Connect_Secure_-_Journey_to_the_core_of_the_DSLog_backdoor.pdf"`
			`}`
			`]`
			`},`
			`{`
			`"comment": "",`
			`"deleted": false,`
			`"description": "File object describing a file with meta-information",`
			`"meta-category": "file",`
			`"name": "file",`
			`"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",`
			`"template_version": "24",`
			`"timestamp": "1707726571",`
			`"uuid": "949f5d0e-5d7d-4c46-afac-447c7bdbbc7e",`
			`"Attribute": [`
			`{`
			`"category": "Other",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": true,`
			`"object_relation": "state",`
			`"timestamp": "1707726460",`
			`"to_ids": false,`
			`"type": "text",`
			`"uuid": "c108ced6-225c-40b5-acb2-47efd28f482b",`
			`"value": "Malicious"`
			`},`
			`{`
			`"category": "Other",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "fullpath",`
			`"timestamp": "1707726530",`
			`"to_ids": true,`
			`"type": "text",`
			`"uuid": "bf371cdf-fc6d-4cad-b8f9-e9eb9126c62a",`
			`"value": "/root/home/webserver/htdocs/dana-na/imgs/index.txt"`
			`},`
			`{`
			`"category": "Other",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "fullpath",`
			`"timestamp": "1707726493",`
			`"to_ids": true,`
			`"type": "text",`
			`"uuid": "a2162750-43b7-4799-aab9-aca04086a6e7",`
			`"value": "/root/home/webserver/htdocs/dana-na/imgs/index1.txt"`
			`},`
			`{`
			`"category": "Other",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "fullpath",`
			`"timestamp": "1707726503",`
			`"to_ids": true,`
			`"type": "text",`
			`"uuid": "082d5277-5d15-4c73-9585-b66161163bfe",`
			`"value": "/root/home/webserver/htdocs/dana-na/imgs/logo.png"`
			`},`
			`{`
			`"category": "Other",`
			`"comment": "Embedding the result of \u2018uname -a\u2019",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "fullpath",`
			`"timestamp": "1707726533",`
			`"to_ids": true,`
			`"type": "text",`
			`"uuid": "1e98d320-29a1-4f94-bc8c-9a25fd668c4c",`
			`"value": "/root/home/webserver/htdocs/dana-na/imgs/index2.txt"`
			`},`
			`{`
			`"category": "Other",`
			`"comment": "Legitimate DSLog Log module embedding the\r\nbackdoor (IDS flag disabled + review of the local file is required)",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "fullpath",`
			`"timestamp": "1707726571",`
			`"to_ids": false,`
			`"type": "text",`
			`"uuid": "1674d828-7c3c-4b83-968c-d473d930eca1",`
			`"value": "/root/home/perl/DSLog.pm"`
			`}`
			`]`
			`},`
			`{`
			`"comment": "",`
			`"deleted": false,`
			`"description": "Report object to describe a report along with its metadata.",`
			`"meta-category": "misc",`
			`"name": "report",`
			`"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",`
			`"template_version": "8",`
			`"timestamp": "1707733521",`
			`"uuid": "6d6dd94f-1bf8-4d9d-b1d3-60300f6a10c1",`
			`"Attribute": [`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "link",`
			`"timestamp": "1707733521",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "a192481b-64f6-45f4-bb73-1b67f057c5a5",`
			`"value": "https://www.orangecyberdefense.com/global/blog/cybersecurity/ivanti-0-day"`
			`},`
			`{`
			`"category": "Other",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "title",`
			`"timestamp": "1707733521",`
			`"to_ids": false,`
			`"type": "text",`
			`"uuid": "dc9f2478-c01d-4358-9969-a1b708a01334",`
			`"value": "CERT alert: Zero-day in Ivanti software (Update 09. Feb)"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`}`