{ "type": "bundle", "id": "bundle--320eee39-b451-423e-857c-9618106ebb70", "spec_version": "2.0", "objects": [ { "type": "relationship", "id": "relationship--067932c3-0011-4ca2-9bbe-721c631e4e41", "created": "2021-04-13T12:45:26.506Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "revoked": false, "external_references": [ { "source_name": "Daavid Hentunen, Antti Tikkanen June 2014", "description": "Daavid Hentunen, Antti Tikkanen 2014, June 23 Havex Hunts For ICS/SCADA Systems Retrieved. 2019/04/01 ", "url": "https://www.f-secure.com/weblog/archives/00002718.html" }, { "source_name": "ICS-CERT August 2018", "description": "ICS-CERT 2018, August 22 Advisory (ICSA-14-178-01) Retrieved. 2019/04/01 ", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-178-01" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "modified": "2022-10-12T17:19:04.571Z", "description": "The [Backdoor.Oldrea](https://attack.mitre.org/software/S0093) payload gathers server information that includes CLSID, server name, Program ID, OPC version, vendor information, running state, group count, and server bandwidth. This information helps indicate the role the server has in the control process. (Citation: ICS-CERT August 2018) (Citation: Daavid Hentunen, Antti Tikkanen June 2014)", "relationship_type": "uses", "source_ref": "malware--083bb47b-02c8-4423-81a2-f9ef58572974", "target_ref": "attack-pattern--2fedbe69-581f-447d-8a78-32ee7db939a9", "x_mitre_deprecated": false, "x_mitre_version": "1.0", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }