misp-circl-feed/feeds/circl/misp/5ccf3134-ea64-43c1-a356-f9f3950d210f.json

{"Event": {"info": "SystemTen (ELF trojan installer, miner, bot and rootkit) / ex-Rocke", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#670080", "exportable": true, "name": "ms-caro-malware:malware-platform=\"Linux\""}, {"colour": "#7900c3", "exportable": true, "name": "adversary:infrastructure-state=\"active\""}, {"colour": "#366c00", "exportable": true, "name": "circl:incident-classification=\"malware\""}, {"colour": "#345d00", "exportable": true, "name": "malware_classification:malware-category=\"Downloader\""}, {"colour": "#305600", "exportable": true, "name": "malware_classification:malware-category=\"Rootkit\""}, {"colour": "#22681c", "exportable": true, "name": "malware_classification:malware-category=\"Botnet\""}, {"colour": "#ffffff", "exportable": true, "name": "OSINT"}], "publish_timestamp": "1557738100", "timestamp": "1557739209", "analysis": "1", "Attribute": [{"comment": "MalwareMustDie incident analysis and reports of infection campaign from early March 2019 to end of April 2019", "category": "External analysis", "uuid": "5ccf331e-da90-4718-94c8-49d3950d210f", "timestamp": "1557082910", "to_ids": false, "value": "https://imgur.com/a/H7YuWuj", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "MalwareMustDie incident analysis and reports of infection campaign from early March 2019 to end of April 2019", "category": "External analysis", "uuid": "5ccf331e-1534-4301-9d4c-4d32950d210f", "timestamp": "1557082910", "to_ids": false, "value": "https://old.reddit.com/r/LinuxMalware/comments/bfaea2/fun_in_dissecting_lsd_packer_elf_golang_miner/", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "5ccf338a-a70c-4aef-ae6c-4b95950d210f", "timestamp": "1557083018", "to_ids": false, "value": "/tmp/kerberods (elf trojan installer)", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ccf338a-41ec-4332-86d4-4ee9950d210f", "timestamp": "1557083018", "to_ids": false, "value": "/tmp/khugepageds (elf monero miner xmrig)", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ccf338a-3788-4d10-8dfb-45b6950d210f", "timestamp": "1557083018", "to_ids": false, "value": "/tmp/kthrotlds (elf trojan bot)", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ccf338b-8d84-4997-9c96-454a950d210f", "timestamp": "1557083018", "to_ids": false, "value": "/tmp/kintegrityds (elf trojan bot)", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ccf338b-2d54-4f22-afff-4296950d210f", "timestamp": "1557083019", "to_ids": false, "value": "/tmp/kpsmouseds (elf trojan installer)", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ccf338b-9b24-43ce-ba79-400f950d210f", "timestamp": "1557083019", "to_ids": false, "value": "/tmp/kerb  (elf trojan bot)", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ccf338b-7164-4214-b2af-489a950d210f", "timestamp": "1557083019", "to_ids": false, "value": "/etc/cron.d/tomcat (persistence)", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ccf338b-29f4-4d56-91a8-4ec9950d210f", "timestamp": "1557083019", "to_ids": false, "value": "/etc/cron.d/root (persistence)", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ccf338b-8848-4992-830d-4f87950d210f", "timestamp": "1557083019", "to_ids": false, "value": "/var/spool/cron/root (persistence)", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"commen