misp-circl-feed/feeds/circl/misp/5d9049fa-1a6c-4668-b7aa-4bf7950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2019-09-29",
    "extends_uuid": "",
    "info": "New IoT multiplatform Linux malware: Linux/AirDropBot",
    "publish_timestamp": "1569866650",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1569866386",
    "uuid": "5d9049fa-1a6c-4668-b7aa-4bf7950d210f",
    "Orgc": {
      "name": "MalwareMustDie",
      "uuid": "569e04b2-efd0-45bd-b83a-4f7b950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#32003e",
        "local": false,
        "name": "ms-caro-malware:malware-type=\"DDoS\"",
        "relationship_type": ""
      },
      {
        "colour": "#670080",
        "local": false,
        "name": "ms-caro-malware:malware-platform=\"Linux\"",
        "relationship_type": ""
      },
      {
        "colour": "#22681c",
        "local": false,
        "name": "malware_classification:malware-category=\"Botnet\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "Network activity",
        "comment": "C2 server",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737385",
        "to_ids": false,
        "type": "ip-dst",
        "uuid": "5d904a90-5a30-4809-a7ba-45b4950d210f",
        "value": "179.43.149.189"
      },
      {
        "category": "Network activity",
        "comment": "Payload spreading hosts",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737415",
        "to_ids": false,
        "type": "ip-dst",
        "uuid": "5d904a90-ef94-41ad-bccf-4e01950d210f",
        "value": "147.135.124.113"
      },
      {
        "category": "Network activity",
        "comment": "Spoofed IP used when performing infection aims Cisco Linksys CGI vulnerability",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737465",
        "to_ids": false,
        "type": "ip-dst",
        "uuid": "5d904a90-53a4-4624-aecb-491b950d210f",
        "value": "192.168.0.14"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-964c-460c-9edf-4539950d210f",
        "value": "417151777eaaccfc62f778d33fd183ff"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-fe4c-4ea6-b1aa-48b9950d210f",
        "value": "d31f047c125deb4c2f879d88b083b9d5"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-af54-4c82-abf2-4ae5950d210f",
        "value": "ff1eb225f31e5c29dde47c147f40627e"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-1394-4eb6-bc6c-4343950d210f",
        "value": "f3aed39202b51afdd1354adc8362d6bf"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-0268-4b7d-8b8b-490f950d210f",
        "value": "083a5f463cb84f7ae8868cb2eb6a22eb"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-0464-48c8-8ca9-4a5b950d210f",
        "value": "9ce4decd27c303a44ab2e187625934f3"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-d358-4491-9a7b-42d2950d210f",
        "value": "b6c6c1b2e89de81db8633144f4cb4b7d"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-a844-44f8-8e4b-4025950d210f",
        "value": "abd5008522f69cca92f8eefeb5f160e2"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-f544-4dba-a041-4852950d210f",
        "value": "a84bbf660ace4f0159f3d13e058235e9"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-72c4-4629-9273-4d0c950d210f",
        "value": "5fec65455bd8c842d672171d475460b6"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-0d90-4605-9169-43cf950d210f",
        "value": "4d3cab2d0c51081e509ad25fbd7ff596"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-0f0c-4113-8ac0-4999950d210f",
        "value": "252e2dfdf04290e7e9fc3c4d61bb3529"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-7c04-4e53-86e0-4e2f950d210f",
        "value": "5dcdace449052a596bce05328bd23a3b"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-2ecc-4765-b655-4f46950d210f",
        "value": "9c66fbe776a97a8613bfa983c7dca149"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-5f88-4ec9-98ab-49a2950d210f",
        "value": "59af44a74873ac034bd24ca1c3275af5"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-b45c-4e50-ab5f-453a950d210f",
        "value": "9642b8aff1fda24baa6abe0aa8c8b173"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-9720-4a69-acf0-4aef950d210f",
        "value": "e56cec6001f2f6efc0ad7c2fb840aceb"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-8b14-454b-91d2-4b31950d210f",
        "value": "54d93673f9539f1914008cfe8fd2bbdd"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-6b10-4016-a9d5-4f32950d210f",
        "value": "6d202084d4f25a0aa2225589dab536e7"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-b490-4091-aeec-423f950d210f",
        "value": "cfbf1bd882ae7b87d4b04122d2ab42cb"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737663",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bbf-64f8-42fd-a0cd-4447950d210f",
        "value": "b02af5bd329e19d7e4e2006c9c172713"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737664",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bc0-90b4-46aa-b797-401e950d210f",
        "value": "85a8aad8d938c44c3f3f51089a60ec16"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737664",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bc0-3a20-408b-a86b-486c950d210f",
        "value": "2c0afe7b13cdd642336ccc7b3e952d8d"
      },
      {
        "category": "Payload delivery",
        "comment": "Payload hash, AirDropBot binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737664",
        "to_ids": true,
        "type": "md5",
        "uuid": "5d904bc0-0c00-4a1c-b1e1-4307950d210f",
        "value": "94b8337a2d217286775bcc36d9c862d2"
      },
      {
        "category": "Internal reference",
        "comment": "Linux/AirDropBot analysis report",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569737734",
        "to_ids": false,
        "type": "link",
        "uuid": "5d904c06-4058-40c9-ae01-4c1a950d210f",
        "value": "https://blog.malwaremustdie.org/2019/09/mmd-0064-2019-linuxairdropbot.html"
      },
      {
        "category": "Network activity",
        "comment": "other C2",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569866386",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5d924292-b9cc-49dd-ab90-6bc1950d210f",
        "value": "185.244.25.200"
      },
      {
        "category": "Network activity",
        "comment": "other C2",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569866386",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5d924292-5444-44a0-96b1-6bc1950d210f",
        "value": "185.244.25.201"
      },
      {
        "category": "Network activity",
        "comment": "other C2",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1569866386",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5d924292-f1dc-4fcd-9395-6bc1950d210f",
        "value": "185.244.25.202"
      }
    ]
  }
}
chg: [feed] added 2023-04-21 13:25:09 +00:00			`{`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"Event": {`
			`"analysis": "2",`
			`"date": "2019-09-29",`
			`"extends_uuid": "",`
			`"info": "New IoT multiplatform Linux malware: Linux/AirDropBot",`
			`"publish_timestamp": "1569866650",`
			`"published": true,`
			`"threat_level_id": "3",`
			`"timestamp": "1569866386",`
			`"uuid": "5d9049fa-1a6c-4668-b7aa-4bf7950d210f",`
			`"Orgc": {`
			`"name": "MalwareMustDie",`
			`"uuid": "569e04b2-efd0-45bd-b83a-4f7b950d210f"`
			`},`
			`"Tag": [`
			`{`
			`"colour": "#ffffff",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "tlp:white",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#32003e",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "ms-caro-malware:malware-type=\"DDoS\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#670080",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "ms-caro-malware:malware-platform=\"Linux\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#22681c",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "malware_classification:malware-category=\"Botnet\"",`
			`"relationship_type": ""`
			`}`
			`],`
			`"Attribute": [`
			`{`
			`"category": "Network activity",`
			`"comment": "C2 server",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737385",`
			`"to_ids": false,`
			`"type": "ip-dst",`
			`"uuid": "5d904a90-5a30-4809-a7ba-45b4950d210f",`
			`"value": "179.43.149.189"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Payload spreading hosts",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737415",`
			`"to_ids": false,`
			`"type": "ip-dst",`
			`"uuid": "5d904a90-ef94-41ad-bccf-4e01950d210f",`
			`"value": "147.135.124.113"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Spoofed IP used when performing infection aims Cisco Linksys CGI vulnerability",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737465",`
			`"to_ids": false,`
			`"type": "ip-dst",`
			`"uuid": "5d904a90-53a4-4624-aecb-491b950d210f",`
			`"value": "192.168.0.14"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-964c-460c-9edf-4539950d210f",`
			`"value": "417151777eaaccfc62f778d33fd183ff"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-fe4c-4ea6-b1aa-48b9950d210f",`
			`"value": "d31f047c125deb4c2f879d88b083b9d5"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-af54-4c82-abf2-4ae5950d210f",`
			`"value": "ff1eb225f31e5c29dde47c147f40627e"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-1394-4eb6-bc6c-4343950d210f",`
			`"value": "f3aed39202b51afdd1354adc8362d6bf"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-0268-4b7d-8b8b-490f950d210f",`
			`"value": "083a5f463cb84f7ae8868cb2eb6a22eb"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-0464-48c8-8ca9-4a5b950d210f",`
			`"value": "9ce4decd27c303a44ab2e187625934f3"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-d358-4491-9a7b-42d2950d210f",`
			`"value": "b6c6c1b2e89de81db8633144f4cb4b7d"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-a844-44f8-8e4b-4025950d210f",`
			`"value": "abd5008522f69cca92f8eefeb5f160e2"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-f544-4dba-a041-4852950d210f",`
			`"value": "a84bbf660ace4f0159f3d13e058235e9"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-72c4-4629-9273-4d0c950d210f",`
			`"value": "5fec65455bd8c842d672171d475460b6"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-0d90-4605-9169-43cf950d210f",`
			`"value": "4d3cab2d0c51081e509ad25fbd7ff596"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-0f0c-4113-8ac0-4999950d210f",`
			`"value": "252e2dfdf04290e7e9fc3c4d61bb3529"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-7c04-4e53-86e0-4e2f950d210f",`
			`"value": "5dcdace449052a596bce05328bd23a3b"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-2ecc-4765-b655-4f46950d210f",`
			`"value": "9c66fbe776a97a8613bfa983c7dca149"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-5f88-4ec9-98ab-49a2950d210f",`
			`"value": "59af44a74873ac034bd24ca1c3275af5"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-b45c-4e50-ab5f-453a950d210f",`
			`"value": "9642b8aff1fda24baa6abe0aa8c8b173"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-9720-4a69-acf0-4aef950d210f",`
			`"value": "e56cec6001f2f6efc0ad7c2fb840aceb"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-8b14-454b-91d2-4b31950d210f",`
			`"value": "54d93673f9539f1914008cfe8fd2bbdd"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-6b10-4016-a9d5-4f32950d210f",`
			`"value": "6d202084d4f25a0aa2225589dab536e7"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-b490-4091-aeec-423f950d210f",`
			`"value": "cfbf1bd882ae7b87d4b04122d2ab42cb"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737663",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bbf-64f8-42fd-a0cd-4447950d210f",`
			`"value": "b02af5bd329e19d7e4e2006c9c172713"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737664",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bc0-90b4-46aa-b797-401e950d210f",`
			`"value": "85a8aad8d938c44c3f3f51089a60ec16"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737664",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bc0-3a20-408b-a86b-486c950d210f",`
			`"value": "2c0afe7b13cdd642336ccc7b3e952d8d"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Payload hash, AirDropBot binary",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737664",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5d904bc0-0c00-4a1c-b1e1-4307950d210f",`
			`"value": "94b8337a2d217286775bcc36d9c862d2"`
			`},`
			`{`
			`"category": "Internal reference",`
			`"comment": "Linux/AirDropBot analysis report",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569737734",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "5d904c06-4058-40c9-ae01-4c1a950d210f",`
			`"value": "https://blog.malwaremustdie.org/2019/09/mmd-0064-2019-linuxairdropbot.html"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "other C2",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569866386",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5d924292-b9cc-49dd-ab90-6bc1950d210f",`
			`"value": "185.244.25.200"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "other C2",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569866386",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5d924292-5444-44a0-96b1-6bc1950d210f",`
			`"value": "185.244.25.201"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "other C2",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1569866386",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5d924292-f1dc-4fcd-9395-6bc1950d210f",`
			`"value": "185.244.25.202"`
			`}`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`]`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`}`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`}`