1 line
387 KiB
JSON
1 line
387 KiB
JSON
|
{"Event": {"info": "OSINT - Very nasty Linux backdoor with multiple components", "Tag": [{"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#00b3b3", "exportable": true, "name": "ecsirt:intrusions=\"backdoor\""}, {"colour": "#00a9ce", "exportable": true, "name": "veris:action:malware:variety=\"Backdoor\""}, {"colour": "#2c0037", "exportable": true, "name": "ms-caro-malware:malware-type=\"Backdoor\""}, {"colour": "#001534", "exportable": true, "name": "ms-caro-malware-full:malware-type=\"Backdoor\""}, {"colour": "#001a42", "exportable": true, "name": "ms-caro-malware-full:malware-platform=\"Linux\""}, {"colour": "#670080", "exportable": true, "name": "ms-caro-malware:malware-platform=\"Linux\""}], "publish_timestamp": "0", "timestamp": "1563436094", "Object": [{"comment": "", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "uuid": "5d1619e6-1cb0-4052-ad83-9e52950d210f", "sharing_group_id": "0", "timestamp": "1563277291", "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "template_version": "6", "ObjectReference": [{"comment": "", "object_uuid": "5d1619e6-1cb0-4052-ad83-9e52950d210f", "uuid": "5d162496-f380-4ca2-9791-4acc950d210f", "timestamp": "1561732246", "referenced_uuid": "5d162440-dd38-482b-9b3f-4526950d210f", "relationship_type": "contains"}, {"comment": "", "object_uuid": "5d1619e6-1cb0-4052-ad83-9e52950d210f", "uuid": "5d1624bb-d394-4b4a-9864-44a6950d210f", "timestamp": "1561732283", "referenced_uuid": "5d162462-55a0-4486-9309-4dd1950d210f", "relationship_type": "contains"}, {"comment": "", "object_uuid": "5d1619e6-1cb0-4052-ad83-9e52950d210f", "uuid": "5d1624e0-7ad8-4133-9867-4ced950d210f", "timestamp": "1561732320", "referenced_uuid": "5d16244a-c204-489c-af1b-9e7b950d210f", "relationship_type": "contains"}, {"comment": "", "object_uuid": "5d1619e6-1cb0-4052-ad83-9e52950d210f", "uuid": "5d1624f7-6f00-4591-ac65-4453950d210f", "timestamp": "1561732343", "referenced_uuid": "5d162456-1928-4d99-bdbd-4d1f950d210f", "relationship_type": "contains"}], "Attribute": [{"comment": "", "category": "Other", "uuid": "5d1619e6-11e4-4450-a888-9e52950d210f", "timestamp": "1561731055", "to_ids": false, "value": "Very nasty Linux backdoor with multiple components (link: https://www.virustotal.com/gui/file/c69ee0f12a900adc654d93aef9ad23ea56bdfae8513e534e1a11dca6666d10aa/detection) virustotal.com/gui/file/c69ee\u2026\r\n\r\n- Kills & uninstalls AV: clamav, avast, avg, drweb, esets\r\n- Very persistent\r\n- Uses Gates malware\r\n- Uses Brootkit\r\n- Uses CVE-2016-5195 to get root\r\n- Infects other systems from known_hosts, .bash_history", "disable_correlation": false, "object_relation": "post", "type": "text"}, {"comment": "", "category": "Network activity", "uuid": "5d1619ea-afb0-498f-88ce-9e52950d210f", "timestamp": "1561731055", "to_ids": true, "value": "https://mobile.twitter.com/michalmalik/status/1143879771878830080", "disable_correlation": false, "object_relation": "url", "type": "url"}, {"comment": "", "category": "Other", "uuid": "5d1619ec-4c38-40ac-8690-9e52950d210f", "timestamp": "1561731055", "to_ids": false, "value": "michalmalik", "disable_correlation": false, "object_relation": "username", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5d1619ee-2ac8-46e6-bb0f-9e52950d210f", "timestamp": "1561731055", "to_ids": false, "value": "Jun 26, 2019 3:52 PM", "disable_correlation": false, "object_relation": "creation-date", "type": "datetime"}, {"comment": "", "category": "Network activity", "uuid": "5d161ff9-fdb8-40fe-a9ec-49f1950d210f", "timestamp": "1561731065", "to_ids": true, "value": "https://www.virustotal.com/gui/file/c69ee0f12a900adc654d93aef9ad23ea56bdfae8513e534e1a11dca6666d10aa/detection", "disable_correlation": false, "object_relation": "link", "type": "url"}, {"comment": "", "category": "Network activity", "uuid
|