Updated 20241206

intel/LM135.json

@@ -1 +1 @@
-{"author":{"id":"MDQ6VXNlcjEzMzMwOTE3","is_bot":false,"login":"timb-machine","name":"Tim Brown"},"body":"### Area\r\n\r\nMalware binaries\r\n\r\n### Parent threat\r\n\r\nImpact\r\n\r\n### Finding\r\n\r\nhttps://samples.vx-underground.org/samples/Families/Fastcash/\r\n\r\n### Industry reference\r\n\r\n_No response_\r\n\r\n### Malware reference\r\n\r\nFastCash\r\n[/malware/binaries/FastCash](../tree/main/malware/binaries/FastCash)\r\n\r\n### Actor reference\r\n\r\nHiddenCobra\r\nLazarus\r\nAPT38\r\n\r\n### Component\r\n\r\nAIX, Banking\r\n\r\n### Scenario\r\n\r\nInternal specialist services\r\n\r\n### Scenario variation\r\n\r\nEnclave deployment\r\n","closed":false,"createdAt":"2022-04-19T23:18:07Z","labels":[{"id":"LA_kwDOFx8IA88AAAABIIpHQQ","name":"missing:tag:T1048","description":"","color":"FBCA04"},{"id":"LA_kwDOFx8IA88AAAABIIpINQ","name":"missing:tag:T1070.003","description":"","color":"1D76DB"},{"id":"LA_kwDOFx8IA88AAAABIIpJtA","name":"missing:tag:T1071.001","description":"","color":"FEF2C0"},{"id":"LA_kwDOFx8IA88AAAABIIpLsA","name":"missing:tag:T1546.004","description":"","color":"1D76DB"},{"id":"LA_kwDOFx8IA88AAAABIIpMOA","name":"missing:tag:T1552.003","description":"","color":"C2E0C6"},{"id":"LA_kwDOFx8IA88AAAABIIpMvQ","name":"missing:tag:T1567","description":"","color":"FEF2C0"},{"id":"LA_kwDOFx8IA88AAAABIIpNVg","name":"missing:tag:T1573","description":"","color":"006B75"},{"id":"LA_kwDOFx8IA88AAAABIIpOww","name":"missing:tag:T1021.002","description":"","color":"006B75"},{"id":"LA_kwDOFx8IA88AAAABIIsG9w","name":"missing:tag:T1021.001","description":"","color":"1D76DB"},{"id":"LA_kwDOFx8IA88AAAABQWZJhA","name":"deprecated:template","description":"","color":"F9D0C4"}],"number":135,"title":"[Intel]: https://samples.vx-underground.org/samples/Families/Fastcash/"}
+{"author":{"id":"MDQ6VXNlcjEzMzMwOTE3","is_bot":false,"login":"timb-machine","name":"Tim Brown"},"body":"### Area\r\n\r\nMalware binaries\r\n\r\n### Parent threat\r\n\r\nImpact\r\n\r\n### Finding\r\n\r\nhttps://samples.vx-underground.org/samples/Families/Fastcash/\r\n\r\n### Industry reference\r\n\r\n_No response_\r\n\r\n### Malware reference\r\n\r\nFastCash\r\n[/malware/binaries/FastCash](../tree/main/malware/binaries/FastCash)\r\nhttps://github.com/timb-machine/linux-malware/issues/312\r\nhttps://github.com/timb-machine/linux-malware/issues/815\r\nhttps://github.com/timb-machine/linux-malware/issues/407\r\n\r\n### Actor reference\r\n\r\nHiddenCobra\r\nLazarus\r\nAPT38\r\n\r\n### Component\r\n\r\nAIX, Banking\r\n\r\n### Scenario\r\n\r\nInternal specialist services\r\n\r\n### Scenario variation\r\n\r\nEnclave deployment\r\n","closed":false,"createdAt":"2022-04-19T23:18:07Z","labels":[{"id":"LA_kwDOFx8IA88AAAABIIpHQQ","name":"missing:tag:T1048","description":"","color":"FBCA04"},{"id":"LA_kwDOFx8IA88AAAABIIpINQ","name":"missing:tag:T1070.003","description":"","color":"1D76DB"},{"id":"LA_kwDOFx8IA88AAAABIIpJtA","name":"missing:tag:T1071.001","description":"","color":"FEF2C0"},{"id":"LA_kwDOFx8IA88AAAABIIpLsA","name":"missing:tag:T1546.004","description":"","color":"1D76DB"},{"id":"LA_kwDOFx8IA88AAAABIIpMOA","name":"missing:tag:T1552.003","description":"","color":"C2E0C6"},{"id":"LA_kwDOFx8IA88AAAABIIpMvQ","name":"missing:tag:T1567","description":"","color":"FEF2C0"},{"id":"LA_kwDOFx8IA88AAAABIIpNVg","name":"missing:tag:T1573","description":"","color":"006B75"},{"id":"LA_kwDOFx8IA88AAAABIIpOww","name":"missing:tag:T1021.002","description":"","color":"006B75"},{"id":"LA_kwDOFx8IA88AAAABIIsG9w","name":"missing:tag:T1021.001","description":"","color":"1D76DB"},{"id":"LA_kwDOFx8IA88AAAABQWZJhA","name":"deprecated:template","description":"","color":"F9D0C4"}],"number":135,"title":"[Intel]: https://samples.vx-underground.org/samples/Families/Fastcash/"}

intel/LM312.json

@@ -1 +1 @@
-{"author":{"id":"MDQ6VXNlcjEzMzMwOTE3","is_bot":false,"login":"timb-machine","name":"Tim Brown"},"body":"### Area\r\n\r\nMalware reports\r\n\r\n### Parent threat\r\n\r\nPersistence, Impact, Defense Evasion, Privilege Escalation\r\n\r\n### Finding\r\n\r\nhttps://github.com/fboldewin/FastCashMalwareDissected/raw/master/Operation%20Fast%20Cash%20-%20Hidden%20Cobra%E2%80%98s%20AIX%20PowerPC%20malware%20dissected.pdf\r\n\r\n### Industry reference\r\n\r\nattack:T1565.002:Transmitted Data Manipulation\r\nattack:T1055:Process Injection\r\nattack:T1055.009:Proc Memory\r\nattack:T1564.001:Hidden Files and Directories\r\nattack:T1574:Hijack Execution Flow\r\nattack:T1567:Financial Theft\r\n\r\n### Malware reference\r\n\r\nhttps://github.com/timb-machine/linux-malware/issues/135\r\nFastCash\r\n\r\n### Actor reference\r\n\r\nHidden Cobra\r\n\r\n### Component\r\n\r\nAIX\r\nBanking\r\n\r\n### Scenario\r\n\r\n_No response_\r\n\r\n","closed":false,"createdAt":"2022-04-20T09:47:58Z","labels":[{"id":"LA_kwDOFx8IA88AAAABGKCuAw","name":"ignore:submodule","description":"","color":"CA3460"},{"id":"LA_kwDOFx8IA88AAAABIIpG2w","name":"missing:tag:T1005","description":"","color":"0E8A16"},{"id":"LA_kwDOFx8IA88AAAABIIpHQQ","name":"missing:tag:T1048","description":"","color":"FBCA04"},{"id":"LA_kwDOFx8IA88AAAABIIpHxw","name":"missing:tag:T1057","description":"","color":"BFDADC"},{"id":"LA_kwDOFx8IA88AAAABIIpI1w","name":"missing:tag:T1070.004","description":"","color":"E99695"},{"id":"LA_kwDOFx8IA88AAAABIIpJtA","name":"missing:tag:T1071.001","description":"","color":"FEF2C0"},{"id":"LA_kwDOFx8IA88AAAABIIpLIQ","name":"missing:tag:T1491","description":"","color":"1D76DB"},{"id":"LA_kwDOFx8IA88AAAABIIpMvQ","name":"missing:tag:T1567","description":"","color":"FEF2C0"},{"id":"LA_kwDOFx8IA88AAAABIIpNVg","name":"missing:tag:T1573","description":"","color":"006B75"},{"id":"LA_kwDOFx8IA88AAAABIIpOww","name":"missing:tag:T1021.002","description":"","color":"006B75"},{"id":"LA_kwDOFx8IA88AAAABIIpPLA","name":"missing:tag:T1027.002","description":"","color":"0052CC"},{"id":"LA_kwDOFx8IA88AAAABIIpRDQ","name":"missing:tag:T1560","description":"","color":"BFDADC"},{"id":"LA_kwDOFx8IA88AAAABIIpTBQ","name":"missing:tag:Non-persistentStorage","description":"","color":"C2E0C6"},{"id":"LA_kwDOFx8IA88AAAABIIqG3Q","name":"missing:tag:T1574.006","description":"","color":"FBCA04"},{"id":"LA_kwDOFx8IA88AAAABIIqnNg","name":"missing:tag:T1518","description":"","color":"1D76DB"},{"id":"LA_kwDOFx8IA88AAAABIIu46w","name":"missing:tag:T1558","description":"","color":"D93F0B"},{"id":"LA_kwDOFx8IA88AAAABS-M7DQ","name":"missing:tag:wltm","description":"","color":"0052CC"}],"number":312,"title":"[Intel]: https://github.com/fboldewin/FastCashMalwareDissected/raw/master/Operation%20Fast%20Cash%20-%20Hidden%20Cobra%E2%80%98s%20AIX%20PowerPC%20malware%20dissected.pdf"}
+{"author":{"id":"MDQ6VXNlcjEzMzMwOTE3","is_bot":false,"login":"timb-machine","name":"Tim Brown"},"body":"### Area\r\n\r\nMalware reports\r\n\r\n### Parent threat\r\n\r\nPersistence, Impact, Defense Evasion, Privilege Escalation\r\n\r\n### Finding\r\n\r\nhttps://github.com/fboldewin/FastCashMalwareDissected/raw/master/Operation%20Fast%20Cash%20-%20Hidden%20Cobra%E2%80%98s%20AIX%20PowerPC%20malware%20dissected.pdf\r\n\r\n### Industry reference\r\n\r\nattack:T1565.002:Transmitted Data Manipulation\r\nattack:T1055:Process Injection\r\nattack:T1055.009:Proc Memory\r\nattack:T1564.001:Hidden Files and Directories\r\nattack:T1574:Hijack Execution Flow\r\nattack:T1567:Financial Theft\r\n\r\n### Malware reference\r\n\r\nhttps://github.com/timb-machine/linux-malware/issues/135\r\nFastCash\r\nhttps://github.com/timb-machine/linux-malware/issues/815\r\nhttps://github.com/timb-machine/linux-malware/issues/407\r\n\r\n### Actor reference\r\n\r\nHidden Cobra\r\n\r\n### Component\r\n\r\nAIX\r\nBanking\r\n\r\n### Scenario\r\n\r\n_No response_\r\n\r\n","closed":false,"createdAt":"2022-04-20T09:47:58Z","labels":[{"id":"LA_kwDOFx8IA88AAAABGKCuAw","name":"ignore:submodule","description":"","color":"CA3460"},{"id":"LA_kwDOFx8IA88AAAABIIpG2w","name":"missing:tag:T1005","description":"","color":"0E8A16"},{"id":"LA_kwDOFx8IA88AAAABIIpHQQ","name":"missing:tag:T1048","description":"","color":"FBCA04"},{"id":"LA_kwDOFx8IA88AAAABIIpHxw","name":"missing:tag:T1057","description":"","color":"BFDADC"},{"id":"LA_kwDOFx8IA88AAAABIIpI1w","name":"missing:tag:T1070.004","description":"","color":"E99695"},{"id":"LA_kwDOFx8IA88AAAABIIpJtA","name":"missing:tag:T1071.001","description":"","color":"FEF2C0"},{"id":"LA_kwDOFx8IA88AAAABIIpLIQ","name":"missing:tag:T1491","description":"","color":"1D76DB"},{"id":"LA_kwDOFx8IA88AAAABIIpMvQ","name":"missing:tag:T1567","description":"","color":"FEF2C0"},{"id":"LA_kwDOFx8IA88AAAABIIpNVg","name":"missing:tag:T1573","description":"","color":"006B75"},{"id":"LA_kwDOFx8IA88AAAABIIpOww","name":"missing:tag:T1021.002","description":"","color":"006B75"},{"id":"LA_kwDOFx8IA88AAAABIIpPLA","name":"missing:tag:T1027.002","description":"","color":"0052CC"},{"id":"LA_kwDOFx8IA88AAAABIIpRDQ","name":"missing:tag:T1560","description":"","color":"BFDADC"},{"id":"LA_kwDOFx8IA88AAAABIIpTBQ","name":"missing:tag:Non-persistentStorage","description":"","color":"C2E0C6"},{"id":"LA_kwDOFx8IA88AAAABIIqG3Q","name":"missing:tag:T1574.006","description":"","color":"FBCA04"},{"id":"LA_kwDOFx8IA88AAAABIIqnNg","name":"missing:tag:T1518","description":"","color":"1D76DB"},{"id":"LA_kwDOFx8IA88AAAABIIu46w","name":"missing:tag:T1558","description":"","color":"D93F0B"},{"id":"LA_kwDOFx8IA88AAAABS-M7DQ","name":"missing:tag:wltm","description":"","color":"0052CC"}],"number":312,"title":"[Intel]: https://github.com/fboldewin/FastCashMalwareDissected/raw/master/Operation%20Fast%20Cash%20-%20Hidden%20Cobra%E2%80%98s%20AIX%20PowerPC%20malware%20dissected.pdf"}

intel/LM544.json

@@ -1 +1 @@
-{"author":{"id":"MDQ6VXNlcjEzMzMwOTE3","is_bot":false,"login":"timb-machine","name":"Tim Brown"},"body":"### Area\n\nMalware reports\n\n### Parent threat\n\nInitial Access, Discovery, Lateral Movement, Collection, Impact\n\n### Finding\n\nhttps://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group\n\n### Industry reference\n\nattack:T1486:Data Encrypted for Impact\n\n### Malware reference\n\nCheerscrypt\n\n### Actor reference\n\nEmperor Dragonfly\n\n### Component\n\nLinux, VMware\n\n### Scenario\n\n_No response_\n\n","closed":false,"createdAt":"2022-10-08T16:29:44Z","labels":[{"id":"LA_kwDOFx8IA87xeZo8","name":"new","description":"","color":"fbca04"},{"id":"LA_kwDOFx8IA88AAAABIIpG2w","name":"missing:tag:T1005","description":"","color":"0E8A16"},{"id":"LA_kwDOFx8IA88AAAABIIpHQQ","name":"missing:tag:T1048","description":"","color":"FBCA04"},{"id":"LA_kwDOFx8IA88AAAABIIpHxw","name":"missing:tag:T1057","description":"","color":"BFDADC"},{"id":"LA_kwDOFx8IA88AAAABIIpI1w","name":"missing:tag:T1070.004","description":"","color":"E99695"},{"id":"LA_kwDOFx8IA88AAAABIIpJtA","name":"missing:tag:T1071.001","description":"","color":"FEF2C0"},{"id":"LA_kwDOFx8IA88AAAABIIpLIQ","name":"missing:tag:T1491","description":"","color":"1D76DB"},{"id":"LA_kwDOFx8IA88AAAABIIpLsA","name":"missing:tag:T1546.004","description":"","color":"1D76DB"},{"id":"LA_kwDOFx8IA88AAAABIIpMvQ","name":"missing:tag:T1567","description":"","color":"FEF2C0"},{"id":"LA_kwDOFx8IA88AAAABIIpNVg","name":"missing:tag:T1573","description":"","color":"006B75"},{"id":"LA_kwDOFx8IA88AAAABIIpOww","name":"missing:tag:T1021.002","description":"","color":"006B75"},{"id":"LA_kwDOFx8IA88AAAABIIsG9w","name":"missing:tag:T1021.001","description":"","color":"1D76DB"}],"number":544,"title":"[Intel]: https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group"}
+{"author":{"id":"MDQ6VXNlcjEzMzMwOTE3","is_bot":false,"login":"timb-machine","name":"Tim Brown"},"body":"### Area\r\n\r\nMalware reports\r\n\r\n### Parent threat\r\n\r\nInitial Access, Discovery, Lateral Movement, Collection, Impact\r\n\r\n### Finding\r\n\r\nhttps://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group\r\n\r\n### Industry reference\r\n\r\nattack:T1486:Data Encrypted for Impact\r\n\r\n### Malware reference\r\n\r\nCheerscrypt\r\nNight Sky\r\n\r\n### Actor reference\r\n\r\nEmperor Dragonfly\r\nBronze Starlight\r\n\r\n### Component\r\n\r\nLinux, VMware\r\n\r\n### Scenario\r\n\r\n_No response_\r\n\r\n","closed":false,"createdAt":"2022-10-08T16:29:44Z","labels":[{"id":"LA_kwDOFx8IA87xeZo8","name":"new","description":"","color":"fbca04"},{"id":"LA_kwDOFx8IA88AAAABIIpG2w","name":"missing:tag:T1005","description":"","color":"0E8A16"},{"id":"LA_kwDOFx8IA88AAAABIIpHQQ","name":"missing:tag:T1048","description":"","color":"FBCA04"},{"id":"LA_kwDOFx8IA88AAAABIIpHxw","name":"missing:tag:T1057","description":"","color":"BFDADC"},{"id":"LA_kwDOFx8IA88AAAABIIpI1w","name":"missing:tag:T1070.004","description":"","color":"E99695"},{"id":"LA_kwDOFx8IA88AAAABIIpJtA","name":"missing:tag:T1071.001","description":"","color":"FEF2C0"},{"id":"LA_kwDOFx8IA88AAAABIIpLIQ","name":"missing:tag:T1491","description":"","color":"1D76DB"},{"id":"LA_kwDOFx8IA88AAAABIIpLsA","name":"missing:tag:T1546.004","description":"","color":"1D76DB"},{"id":"LA_kwDOFx8IA88AAAABIIpMvQ","name":"missing:tag:T1567","description":"","color":"FEF2C0"},{"id":"LA_kwDOFx8IA88AAAABIIpNVg","name":"missing:tag:T1573","description":"","color":"006B75"},{"id":"LA_kwDOFx8IA88AAAABIIpOww","name":"missing:tag:T1021.002","description":"","color":"006B75"},{"id":"LA_kwDOFx8IA88AAAABIIsG9w","name":"missing:tag:T1021.001","description":"","color":"1D76DB"}],"number":544,"title":"[Intel]: https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group"}

intel/LM695.json

@@ -1 +1 @@
-{"author":{"id":"MDQ6VXNlcjEzMzMwOTE3","is_bot":false,"login":"timb-machine","name":"Tim Brown"},"body":"### Area\n\nMalware reports\n\n### Parent threat\n\nImpact\n\n### Finding\n\nhttps://twitter.com/Unit42_Intel/status/1653760405792014336\n\n### Industry reference\n\n_No response_\n\n### Malware reference\n\nBlackSuit\n\n### Actor reference\n\n_No response_\n\n### Component\n\nLinux\n\n### Scenario\n\n_No response_","closed":false,"createdAt":"2023-06-25T06:44:43Z","labels":[{"id":"LA_kwDOFx8IA87xeZo8","name":"new","description":"","color":"fbca04"}],"number":695,"title":"[Intel]: https://twitter.com/Unit42_Intel/status/1653760405792014336"}
+{"author":{"id":"MDQ6VXNlcjEzMzMwOTE3","is_bot":false,"login":"timb-machine","name":"Tim Brown"},"body":"### Area\r\n\r\nMalware reports\r\n\r\n### Parent threat\r\n\r\nImpact\r\n\r\n### Finding\r\n\r\nhttps://twitter.com/Unit42_Intel/status/1653760405792014336\r\n\r\n### Industry reference\r\n\r\nattack:T1486:Data Encrypted for Impact\r\n\r\n### Malware reference\r\n\r\nwltm\r\nBlackSuite\r\n\r\n### Actor reference\r\n\r\n_No response_\r\n\r\n### Component\r\n\r\nLinux\r\n\r\n### Scenario\r\n\r\n_No response_","closed":false,"createdAt":"2023-06-25T06:44:43Z","labels":[{"id":"LA_kwDOFx8IA87xeTYe","name":"confirmed","description":"","color":"61DD50"}],"number":695,"title":"[Intel]: https://twitter.com/Unit42_Intel/status/1653760405792014336"}

intel/LM710.json

@@ -1 +1 @@
-{"author":{"id":"MDQ6VXNlcjEzMzMwOTE3","is_bot":false,"login":"timb-machine","name":"Tim Brown"},"body":"### Area\r\n\r\nMalware reports\r\n\r\n### Parent threat\r\n\r\nResource Development, Initial Access, Execution, Persistence, Defense Evasion\r\n\r\n### Finding\r\n\r\nhttps://twitter.com/xnand_/status/1676336329985077249\r\n\r\n### Industry reference\r\n\r\nuses:FakeExploit\r\nattack:T1588:Obtain Capabilities\r\nattack:T1608:Stage Capabilities\r\nattack:T1585:Establish Accounts\r\nattack:T1583.008:Malvertising\r\nattack:T1036:Masquerading\r\nexploit:CVE-2023-35829\r\n\r\n### Malware reference\r\n\r\nhttps://github.com/timb-machine/linux-malware/issues/711\r\nhttps://github.com/timb-machine/linux-malware/issues/724\r\n\r\n### Actor reference\r\n\r\n_No response_\r\n\r\n### Component\r\n\r\nLinux\r\n\r\n### Scenario\r\n\r\n_No response_","closed":false,"createdAt":"2023-07-09T09:40:51Z","labels":[{"id":"LA_kwDOFx8IA87xeTYe","name":"confirmed","description":"","color":"61DD50"}],"number":710,"title":"[Intel]: https://twitter.com/xnand_/status/1676336329985077249"}
+{"author":{"id":"MDQ6VXNlcjEzMzMwOTE3","is_bot":false,"login":"timb-machine","name":"Tim Brown"},"body":"### Area\r\n\r\nMalware reports\r\n\r\n### Parent threat\r\n\r\nResource Development, Initial Access, Execution, Persistence, Defense Evasion\r\n\r\n### Finding\r\n\r\nhttps://twitter.com/xnand_/status/1676336329985077249\r\n\r\n### Industry reference\r\n\r\nuses:FakeExploit\r\nattack:T1588:Obtain Capabilities\r\nattack:T1608:Stage Capabilities\r\nattack:T1585:Establish Accounts\r\nattack:T1583.008:Malvertising\r\nattack:T1036:Masquerading\r\nexploit:CVE-2023-35829\r\n\r\n### Malware reference\r\n\r\nhttps://github.com/timb-machine/linux-malware/issues/711\r\nhttps://github.com/timb-machine/linux-malware/issues/724\r\nhttps://github.com/timb-machine/linux-malware/issues/814\r\n\r\n### Actor reference\r\n\r\n_No response_\r\n\r\n### Component\r\n\r\nLinux\r\n\r\n### Scenario\r\n\r\n_No response_","closed":false,"createdAt":"2023-07-09T09:40:51Z","labels":[{"id":"LA_kwDOFx8IA87xeTYe","name":"confirmed","description":"","color":"61DD50"}],"number":710,"title":"[Intel]: https://twitter.com/xnand_/status/1676336329985077249"}

intel/LM711.json

@@ -1 +1 @@
-{"author":{"id":"MDQ6VXNlcjEzMzMwOTE3","is_bot":false,"login":"timb-machine","name":"Tim Brown"},"body":"### Area\r\n\r\nMalware source\r\n\r\n### Parent threat\r\n\r\nResource Development, Initial Access, Execution, Persistence, Defense Evasion\r\n\r\n### Finding\r\n\r\nhttps://github.com/timb-machine-mirrors/ChriSanders22-CVE-2023-35829-poc\r\n\r\n### Industry reference\r\n\r\nuses:FakeExploit\r\nattack:T1588:Obtain Capabilities\r\nattack:T1608:Stage Capabilities\r\nattack:T1585:Establish Accounts\r\nattack:T1583.008:Malvertising\r\nattack:T1036:Masquerading\r\nexploit:CVE-2023-35829\r\n\r\n### Malware reference\r\n\r\nhttps://github.com/timb-machine/linux-malware/issues/710\r\nhttps://github.com/timb-machine/linux-malware/issues/724\r\n\r\n### Actor reference\r\n\r\n_No response_\r\n\r\n### Component\r\n\r\nLinux\r\n\r\n### Scenario\r\n\r\n_No response_","closed":false,"createdAt":"2023-07-09T09:46:38Z","labels":[{"id":"LA_kwDOFx8IA88AAAABIIpJBQ","name":"ignore:tag:T1070.004","description":"","color":"0E8A16"},{"id":"LA_kwDOFx8IA88AAAABIIwnUA","name":"ignore:tag:T1215","description":"","color":"E99695"}],"number":711,"title":"[Intel]: https://github.com/timb-machine-mirrors/ChriSanders22-CVE-2023-35829-poc"}
+{"author":{"id":"MDQ6VXNlcjEzMzMwOTE3","is_bot":false,"login":"timb-machine","name":"Tim Brown"},"body":"### Area\r\n\r\nMalware source\r\n\r\n### Parent threat\r\n\r\nResource Development, Initial Access, Execution, Persistence, Defense Evasion\r\n\r\n### Finding\r\n\r\nhttps://github.com/timb-machine-mirrors/ChriSanders22-CVE-2023-35829-poc\r\n\r\n### Industry reference\r\n\r\nuses:FakeExploit\r\nattack:T1588:Obtain Capabilities\r\nattack:T1608:Stage Capabilities\r\nattack:T1585:Establish Accounts\r\nattack:T1583.008:Malvertising\r\nattack:T1036:Masquerading\r\nexploit:CVE-2023-35829\r\n\r\n### Malware reference\r\n\r\nhttps://github.com/timb-machine/linux-malware/issues/710\r\nhttps://github.com/timb-machine/linux-malware/issues/724\r\nhttps://github.com/timb-machine/linux-malware/issues/814\r\n\r\n### Actor reference\r\n\r\n_No response_\r\n\r\n### Component\r\n\r\nLinux\r\n\r\n### Scenario\r\n\r\n_No response_","closed":false,"createdAt":"2023-07-09T09:46:38Z","labels":[{"id":"LA_kwDOFx8IA88AAAABIIpJBQ","name":"ignore:tag:T1070.004","description":"","color":"0E8A16"},{"id":"LA_kwDOFx8IA88AAAABIIwnUA","name":"ignore:tag:T1215","description":"","color":"E99695"}],"number":711,"title":"[Intel]: https://github.com/timb-machine-mirrors/ChriSanders22-CVE-2023-35829-poc"}