{"Event":{"info":"OSINT - Very nasty Linux backdoor with multiple components","Tag":[{"colour":"#004646","exportable":true,"name":"type:OSINT"},{"colour":"#0071c3","exportable":true,"name":"osint:lifetime=\"perpetual\""},{"colour":"#0087e8","exportable":true,"name":"osint:certainty=\"50\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#00b3b3","exportable":true,"name":"ecsirt:intrusions=\"backdoor\""},{"colour":"#00a9ce","exportable":true,"name":"veris:action:malware:variety=\"Backdoor\""},{"colour":"#2c0037","exportable":true,"name":"ms-caro-malware:malware-type=\"Backdoor\""},{"colour":"#001534","exportable":true,"name":"ms-caro-malware-full:malware-type=\"Backdoor\""},{"colour":"#001a42","exportable":true,"name":"ms-caro-malware-full:malware-platform=\"Linux\""},{"colour":"#670080","exportable":true,"name":"ms-caro-malware:malware-platform=\"Linux\""}],"publish_timestamp":"0","timestamp":"1563436094","Object":[{"comment":"","template_uuid":"8ec8c911-ddbe-4f5b-895b-fbff70c42a60","uuid":"5d1619e6-1cb0-4052-ad83-9e52950d210f","sharing_group_id":"0","timestamp":"1563277291","description":"Microblog post like a Twitter tweet or a post on a Facebook wall.","template_version":"6","ObjectReference":[{"comment":"","object_uuid":"5d1619e6-1cb0-4052-ad83-9e52950d210f","uuid":"5d162496-f380-4ca2-9791-4acc950d210f","timestamp":"1561732246","referenced_uuid":"5d162440-dd38-482b-9b3f-4526950d210f","relationship_type":"contains"},{"comment":"","object_uuid":"5d1619e6-1cb0-4052-ad83-9e52950d210f","uuid":"5d1624bb-d394-4b4a-9864-44a6950d210f","timestamp":"1561732283","referenced_uuid":"5d162462-55a0-4486-9309-4dd1950d210f","relationship_type":"contains"},{"comment":"","object_uuid":"5d1619e6-1cb0-4052-ad83-9e52950d210f","uuid":"5d1624e0-7ad8-4133-9867-4ced950d210f","timestamp":"1561732320","referenced_uuid":"5d16244a-c204-489c-af1b-9e7b950d210f","relationship_type":"contains"},{"comment":"","object_uuid":"5d1619e6-1cb0-4052-ad83-9e52950d210f","uuid":"5d1624f7-6f00-4591-ac65-4453950d210f","timestamp":"1561732343","referenced_uuid":"5d162456-1928-4d99-bdbd-4d1f950d210f","relationship_type":"contains"}],"Attribute":[{"comment":"","category":"Other","uuid":"5d1619e6-11e4-4450-a888-9e52950d210f","timestamp":"1561731055","to_ids":false,"value":"Very nasty Linux backdoor with multiple components (link: https://www.virustotal.com/gui/file/c69ee0f12a900adc654d93aef9ad23ea56bdfae8513e534e1a11dca6666d10aa/detection) virustotal.com/gui/file/c69ee\u2026\r\n\r\n- Kills & uninstalls AV: clamav, avast, avg, drweb, esets\r\n- Very persistent\r\n- Uses Gates malware\r\n- Uses Brootkit\r\n- Uses CVE-2016-5195 to get root\r\n- Infects other systems from known_hosts, .bash_history","disable_correlation":false,"object_relation":"post","type":"text"},{"comment":"","category":"Network activity","uuid":"5d1619ea-afb0-498f-88ce-9e52950d210f","timestamp":"1561731055","to_ids":true,"value":"https://mobile.twitter.com/michalmalik/status/1143879771878830080","disable_correlation":false,"object_relation":"url","type":"url"},{"comment":"","category":"Other","uuid":"5d1619ec-4c38-40ac-8690-9e52950d210f","timestamp":"1561731055","to_ids":false,"value":"michalmalik","disable_correlation":false,"object_relation":"username","type":"text"},{"comment":"","category":"Other","uuid":"5d1619ee-2ac8-46e6-bb0f-9e52950d210f","timestamp":"1561731055","to_ids":false,"value":"Jun 26, 2019 3:52 PM","disable_correlation":false,"object_relation":"creation-date","type":"datetime"},{"comment":"","category":"Network activity","uuid":"5d161ff9-fdb8-40fe-a9ec-49f1950d210f","timestamp":"1561731065","to_ids":true,"value":"https://www.virustotal.com/gui/file/c69ee0f12a900adc654d93aef9ad23ea56bdfae8513e534e1a11dca6666d10aa/detection","disable_correlation":false,"object_relation":"link","type":"url"},{"comment":"","category":"Network activity","uuid
