2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5ec960a6-b798-445c-8ae2-478a950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:16:15.000Z",
|
|
|
|
"modified": "2020-05-23T18:16:15.000Z",
|
|
|
|
"name": "MalwareMustDie",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5ec960a6-b798-445c-8ae2-478a950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:16:15.000Z",
|
|
|
|
"modified": "2020-05-23T18:16:15.000Z",
|
|
|
|
"name": "Linux/KAITEN AK47(a Mod-Telnet-Scanner) & Echo-loader hexstrings spread",
|
|
|
|
"published": "2020-05-23T18:16:30Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--5ec9644b-4b8c-4ca8-b247-2e98950d210f",
|
|
|
|
"file--5ec9644b-4b8c-4ca8-b247-2e98950d210f",
|
|
|
|
"observed-data--5ec9644b-eb0c-40d1-a28f-2e98950d210f",
|
|
|
|
"file--5ec9644b-eb0c-40d1-a28f-2e98950d210f",
|
|
|
|
"observed-data--5ec9644b-a6b0-430c-ae81-2e98950d210f",
|
|
|
|
"file--5ec9644b-a6b0-430c-ae81-2e98950d210f",
|
|
|
|
"observed-data--5ec9644b-dfb4-43ea-bddd-2e98950d210f",
|
|
|
|
"file--5ec9644b-dfb4-43ea-bddd-2e98950d210f",
|
|
|
|
"observed-data--5ec9644b-7090-4190-9e35-2e98950d210f",
|
|
|
|
"file--5ec9644b-7090-4190-9e35-2e98950d210f",
|
|
|
|
"observed-data--5ec9644b-4f08-4de9-9c0b-2e98950d210f",
|
|
|
|
"file--5ec9644b-4f08-4de9-9c0b-2e98950d210f",
|
|
|
|
"observed-data--5ec9644b-4284-4f19-90a4-2e98950d210f",
|
|
|
|
"file--5ec9644b-4284-4f19-90a4-2e98950d210f",
|
|
|
|
"observed-data--5ec9644b-5b40-4328-a278-2e98950d210f",
|
|
|
|
"file--5ec9644b-5b40-4328-a278-2e98950d210f",
|
|
|
|
"observed-data--5ec9644b-716c-4e6c-83cf-2e98950d210f",
|
|
|
|
"file--5ec9644b-716c-4e6c-83cf-2e98950d210f",
|
|
|
|
"observed-data--5ec9649d-9c64-4619-abb5-4e71950d210f",
|
|
|
|
"file--5ec9649d-9c64-4619-abb5-4e71950d210f",
|
|
|
|
"observed-data--5ec9649d-4b04-4bbf-a267-4200950d210f",
|
|
|
|
"file--5ec9649d-4b04-4bbf-a267-4200950d210f",
|
|
|
|
"observed-data--5ec9649d-9e6c-4267-841f-4caf950d210f",
|
|
|
|
"file--5ec9649d-9e6c-4267-841f-4caf950d210f",
|
|
|
|
"observed-data--5ec9649d-8af4-4492-893d-4aea950d210f",
|
|
|
|
"file--5ec9649d-8af4-4492-893d-4aea950d210f",
|
|
|
|
"observed-data--5ec9649d-9a80-4287-81d9-4242950d210f",
|
|
|
|
"file--5ec9649d-9a80-4287-81d9-4242950d210f",
|
|
|
|
"observed-data--5ec9649d-2214-424a-9e73-45f2950d210f",
|
|
|
|
"file--5ec9649d-2214-424a-9e73-45f2950d210f",
|
|
|
|
"observed-data--5ec9649d-9004-4551-abf4-4221950d210f",
|
|
|
|
"file--5ec9649d-9004-4551-abf4-4221950d210f",
|
|
|
|
"observed-data--5ec9649d-7770-4936-abee-43fc950d210f",
|
|
|
|
"file--5ec9649d-7770-4936-abee-43fc950d210f",
|
|
|
|
"observed-data--5ec9649d-ddc8-434b-ab7b-4888950d210f",
|
|
|
|
"file--5ec9649d-ddc8-434b-ab7b-4888950d210f",
|
|
|
|
"observed-data--5ec9651a-74d8-4321-9801-4485950d210f",
|
|
|
|
"network-traffic--5ec9651a-74d8-4321-9801-4485950d210f",
|
|
|
|
"ipv4-addr--5ec9651a-74d8-4321-9801-4485950d210f",
|
|
|
|
"observed-data--5ec9651a-edd4-4050-90f3-413d950d210f",
|
|
|
|
"network-traffic--5ec9651a-edd4-4050-90f3-413d950d210f",
|
|
|
|
"ipv4-addr--5ec9651a-edd4-4050-90f3-413d950d210f",
|
|
|
|
"observed-data--5ec9656e-b94c-4932-8275-4bca950d210f",
|
|
|
|
"network-traffic--5ec9656e-b94c-4932-8275-4bca950d210f",
|
|
|
|
"ipv4-addr--5ec9656e-b94c-4932-8275-4bca950d210f",
|
|
|
|
"observed-data--5ec965b3-987c-4a25-84af-4999950d210f",
|
|
|
|
"file--5ec965b3-987c-4a25-84af-4999950d210f",
|
|
|
|
"x-misp-attribute--5ec9662e-9320-4e61-9e17-4aca950d210f",
|
|
|
|
"x-misp-attribute--5ec9663a-e5b4-4d84-b5db-4a63950d210f",
|
|
|
|
"x-misp-attribute--5ec9668a-2078-4769-b5fe-4e19950d210f",
|
|
|
|
"x-misp-attribute--5ec966ae-d430-4211-9e70-4f2b950d210f",
|
|
|
|
"x-misp-attribute--5ec966ae-d9c0-4c28-b877-48a3950d210f",
|
|
|
|
"x-misp-attribute--5ec966ae-092c-48a3-bd2f-4710950d210f",
|
|
|
|
"x-misp-attribute--5ec966ae-15a4-4e17-bc6e-419f950d210f",
|
|
|
|
"x-misp-attribute--5ec966ae-2ab0-4a9b-ab4c-44b5950d210f",
|
|
|
|
"x-misp-attribute--5ec966ae-78a0-41d3-b302-4c55950d210f",
|
|
|
|
"x-misp-attribute--5ec966ae-7980-4f11-bc2e-4a5b950d210f",
|
|
|
|
"x-misp-attribute--5ec966ae-cf14-4dd7-9faf-4861950d210f",
|
|
|
|
"x-misp-attribute--5ec966ae-c324-4229-92d5-4243950d210f",
|
|
|
|
"x-misp-attribute--5ec966ae-1180-43d3-a4a1-4e30950d210f",
|
|
|
|
"x-misp-attribute--5ec966ae-1a2c-499d-916c-4f2e950d210f",
|
|
|
|
"observed-data--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
|
|
|
|
"network-traffic--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
|
|
|
|
"ipv4-addr--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
|
|
|
|
"observed-data--5ec966f5-7690-4f72-9037-483b950d210f",
|
|
|
|
"network-traffic--5ec966f5-7690-4f72-9037-483b950d210f",
|
|
|
|
"ipv4-addr--5ec966f5-7690-4f72-9037-483b950d210f",
|
|
|
|
"observed-data--5ec96731-05fc-4acf-9b81-4840950d210f",
|
|
|
|
"url--5ec96731-05fc-4acf-9b81-4840950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"malware_classification:malware-category=\"Botnet\"",
|
|
|
|
"ddos:type=\"flooding-attack\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9644b-4b8c-4ca8-b247-2e98950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:58:35.000Z",
|
|
|
|
"modified": "2020-05-23T17:58:35.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9644b-4b8c-4ca8-b247-2e98950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9644b-4b8c-4ca8-b247-2e98950d210f",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "d7062a6b3380c1c5c79fd0aec06051c5"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9644b-eb0c-40d1-a28f-2e98950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:58:35.000Z",
|
|
|
|
"modified": "2020-05-23T17:58:35.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9644b-eb0c-40d1-a28f-2e98950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9644b-eb0c-40d1-a28f-2e98950d210f",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "bb4d558ef723daa5e014aeaa5337df7c"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9644b-a6b0-430c-ae81-2e98950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:58:35.000Z",
|
|
|
|
"modified": "2020-05-23T17:58:35.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9644b-a6b0-430c-ae81-2e98950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9644b-a6b0-430c-ae81-2e98950d210f",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "f469f4130e1d267f63ede66cb4341e0d"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9644b-dfb4-43ea-bddd-2e98950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:58:35.000Z",
|
|
|
|
"modified": "2020-05-23T17:58:35.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9644b-dfb4-43ea-bddd-2e98950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9644b-dfb4-43ea-bddd-2e98950d210f",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "581b9b9d6230005fa3a5ab1e9090eb9a"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9644b-7090-4190-9e35-2e98950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:58:35.000Z",
|
|
|
|
"modified": "2020-05-23T17:58:35.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9644b-7090-4190-9e35-2e98950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9644b-7090-4190-9e35-2e98950d210f",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "e71c7c5f0b09c3b17e0064b5774499f9"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9644b-4f08-4de9-9c0b-2e98950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:58:35.000Z",
|
|
|
|
"modified": "2020-05-23T17:58:35.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9644b-4f08-4de9-9c0b-2e98950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9644b-4f08-4de9-9c0b-2e98950d210f",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "4f0724e3775f872eafcc70a0a946b0df"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9644b-4284-4f19-90a4-2e98950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:58:35.000Z",
|
|
|
|
"modified": "2020-05-23T17:58:35.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9644b-4284-4f19-90a4-2e98950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9644b-4284-4f19-90a4-2e98950d210f",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "a1c60716c51c64a89f96167057b51c68"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9644b-5b40-4328-a278-2e98950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:58:35.000Z",
|
|
|
|
"modified": "2020-05-23T17:58:35.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9644b-5b40-4328-a278-2e98950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9644b-5b40-4328-a278-2e98950d210f",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "9aa4741ad010753683a602bf7a2d99cd"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9644b-716c-4e6c-83cf-2e98950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:58:35.000Z",
|
|
|
|
"modified": "2020-05-23T17:58:35.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9644b-716c-4e6c-83cf-2e98950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9644b-716c-4e6c-83cf-2e98950d210f",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "604de8c8f3d612bcbfc44f1e3c4b2e33"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9649d-9c64-4619-abb5-4e71950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:59:57.000Z",
|
|
|
|
"modified": "2020-05-23T17:59:57.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9649d-9c64-4619-abb5-4e71950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9649d-9c64-4619-abb5-4e71950d210f",
|
|
|
|
"name": "igLHvijzbFarm"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9649d-4b04-4bbf-a267-4200950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:59:57.000Z",
|
|
|
|
"modified": "2020-05-23T17:59:57.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9649d-4b04-4bbf-a267-4200950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9649d-4b04-4bbf-a267-4200950d210f",
|
|
|
|
"name": "igLHvijzbFarm5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9649d-9e6c-4267-841f-4caf950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:59:57.000Z",
|
|
|
|
"modified": "2020-05-23T17:59:57.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9649d-9e6c-4267-841f-4caf950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9649d-9e6c-4267-841f-4caf950d210f",
|
|
|
|
"name": "igLHvijzbFarm6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9649d-8af4-4492-893d-4aea950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:59:57.000Z",
|
|
|
|
"modified": "2020-05-23T17:59:57.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9649d-8af4-4492-893d-4aea950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9649d-8af4-4492-893d-4aea950d210f",
|
|
|
|
"name": "igLHvijzbFm68k"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9649d-9a80-4287-81d9-4242950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:59:57.000Z",
|
|
|
|
"modified": "2020-05-23T17:59:57.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9649d-9a80-4287-81d9-4242950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9649d-9a80-4287-81d9-4242950d210f",
|
|
|
|
"name": "igLHvijzbFmips"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9649d-2214-424a-9e73-45f2950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:59:57.000Z",
|
|
|
|
"modified": "2020-05-23T17:59:57.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9649d-2214-424a-9e73-45f2950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9649d-2214-424a-9e73-45f2950d210f",
|
|
|
|
"name": "igLHvijzbFmpsl"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9649d-9004-4551-abf4-4221950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:59:57.000Z",
|
|
|
|
"modified": "2020-05-23T17:59:57.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9649d-9004-4551-abf4-4221950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9649d-9004-4551-abf4-4221950d210f",
|
|
|
|
"name": "igLHvijzbFppc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9649d-7770-4936-abee-43fc950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:59:57.000Z",
|
|
|
|
"modified": "2020-05-23T17:59:57.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9649d-7770-4936-abee-43fc950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9649d-7770-4936-abee-43fc950d210f",
|
|
|
|
"name": "igLHvijzbFsh4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9649d-ddc8-434b-ab7b-4888950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T17:59:57.000Z",
|
|
|
|
"modified": "2020-05-23T17:59:57.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec9649d-ddc8-434b-ab7b-4888950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec9649d-ddc8-434b-ab7b-4888950d210f",
|
|
|
|
"name": "igLHvijzbFspc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9651a-74d8-4321-9801-4485950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:02:02.000Z",
|
|
|
|
"modified": "2020-05-23T18:02:02.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5ec9651a-74d8-4321-9801-4485950d210f",
|
|
|
|
"ipv4-addr--5ec9651a-74d8-4321-9801-4485950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src|port\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5ec9651a-74d8-4321-9801-4485950d210f",
|
|
|
|
"src_ref": "ipv4-addr--5ec9651a-74d8-4321-9801-4485950d210f",
|
|
|
|
"src_port": 80,
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5ec9651a-74d8-4321-9801-4485950d210f",
|
|
|
|
"value": "204.11.49.132"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9651a-edd4-4050-90f3-413d950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:02:02.000Z",
|
|
|
|
"modified": "2020-05-23T18:02:02.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5ec9651a-edd4-4050-90f3-413d950d210f",
|
|
|
|
"ipv4-addr--5ec9651a-edd4-4050-90f3-413d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src|port\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5ec9651a-edd4-4050-90f3-413d950d210f",
|
|
|
|
"src_ref": "ipv4-addr--5ec9651a-edd4-4050-90f3-413d950d210f",
|
|
|
|
"src_port": 80,
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5ec9651a-edd4-4050-90f3-413d950d210f",
|
|
|
|
"value": "196.53.114.199"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec9656e-b94c-4932-8275-4bca950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:03:26.000Z",
|
|
|
|
"modified": "2020-05-23T18:03:26.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-24T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5ec9656e-b94c-4932-8275-4bca950d210f",
|
|
|
|
"ipv4-addr--5ec9656e-b94c-4932-8275-4bca950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst|port\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5ec9656e-b94c-4932-8275-4bca950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5ec9656e-b94c-4932-8275-4bca950d210f",
|
|
|
|
"dst_port": 8080,
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5ec9656e-b94c-4932-8275-4bca950d210f",
|
|
|
|
"value": "196.53.114.199"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec965b3-987c-4a25-84af-4999950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:04:35.000Z",
|
|
|
|
"modified": "2020-05-23T18:04:35.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-24T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5ec965b3-987c-4a25-84af-4999950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5ec965b3-987c-4a25-84af-4999950d210f",
|
|
|
|
"name": "bot.c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5ec9662e-9320-4e61-9e17-4aca950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:06:38.000Z",
|
|
|
|
"modified": "2020-05-23T18:06:38.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"other\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Network activity",
|
|
|
|
"x_misp_comment": "C2 credential",
|
|
|
|
"x_misp_type": "other",
|
|
|
|
"x_misp_value": "#donks"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5ec9663a-e5b4-4d84-b5db-4a63950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:06:50.000Z",
|
|
|
|
"modified": "2020-05-23T18:06:50.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"other\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Network activity",
|
|
|
|
"x_misp_comment": "C2 credential",
|
|
|
|
"x_misp_type": "other",
|
|
|
|
"x_misp_value": "swagfag"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5ec9668a-2078-4769-b5fe-4e19950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:08:10.000Z",
|
|
|
|
"modified": "2020-05-23T18:08:10.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"other\"",
|
|
|
|
"misp:category=\"Social network\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Social network",
|
|
|
|
"x_misp_comment": "botherder handles hardcoded",
|
|
|
|
"x_misp_type": "other",
|
|
|
|
"x_misp_value": "Freak"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5ec966ae-d430-4211-9e70-4f2b950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:08:46.000Z",
|
|
|
|
"modified": "2020-05-23T18:08:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"other\"",
|
|
|
|
"misp:category=\"Social network\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Social network",
|
|
|
|
"x_misp_comment": "botherder handles hardcoded",
|
|
|
|
"x_misp_type": "other",
|
|
|
|
"x_misp_value": "Leonidus"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5ec966ae-d9c0-4c28-b877-48a3950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:08:46.000Z",
|
|
|
|
"modified": "2020-05-23T18:08:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"other\"",
|
|
|
|
"misp:category=\"Social network\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Social network",
|
|
|
|
"x_misp_comment": "botherder handles hardcoded",
|
|
|
|
"x_misp_type": "other",
|
|
|
|
"x_misp_value": "Crypto"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5ec966ae-092c-48a3-bd2f-4710950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:08:46.000Z",
|
|
|
|
"modified": "2020-05-23T18:08:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"other\"",
|
|
|
|
"misp:category=\"Social network\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Social network",
|
|
|
|
"x_misp_comment": "botherder handles hardcoded",
|
|
|
|
"x_misp_type": "other",
|
|
|
|
"x_misp_value": "error401"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5ec966ae-15a4-4e17-bc6e-419f950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:08:46.000Z",
|
|
|
|
"modified": "2020-05-23T18:08:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"other\"",
|
|
|
|
"misp:category=\"Social network\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Social network",
|
|
|
|
"x_misp_comment": "botherder handles hardcoded",
|
|
|
|
"x_misp_type": "other",
|
|
|
|
"x_misp_value": "lmfao"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5ec966ae-2ab0-4a9b-ab4c-44b5950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:08:46.000Z",
|
|
|
|
"modified": "2020-05-23T18:08:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"other\"",
|
|
|
|
"misp:category=\"Social network\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Social network",
|
|
|
|
"x_misp_comment": "botherder handles hardcoded",
|
|
|
|
"x_misp_type": "other",
|
|
|
|
"x_misp_value": "dmt"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5ec966ae-78a0-41d3-b302-4c55950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:08:46.000Z",
|
|
|
|
"modified": "2020-05-23T18:08:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"other\"",
|
|
|
|
"misp:category=\"Social network\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Social network",
|
|
|
|
"x_misp_comment": "botherder handles hardcoded",
|
|
|
|
"x_misp_type": "other",
|
|
|
|
"x_misp_value": "ni**er"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5ec966ae-7980-4f11-bc2e-4a5b950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:08:46.000Z",
|
|
|
|
"modified": "2020-05-23T18:08:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"other\"",
|
|
|
|
"misp:category=\"Social network\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Social network",
|
|
|
|
"x_misp_comment": "botherder handles hardcoded",
|
|
|
|
"x_misp_type": "other",
|
|
|
|
"x_misp_value": "DeTH"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5ec966ae-cf14-4dd7-9faf-4861950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:08:46.000Z",
|
|
|
|
"modified": "2020-05-23T18:08:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"other\"",
|
|
|
|
"misp:category=\"Social network\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Social network",
|
|
|
|
"x_misp_comment": "botherder handles hardcoded",
|
|
|
|
"x_misp_type": "other",
|
|
|
|
"x_misp_value": "Okami"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5ec966ae-c324-4229-92d5-4243950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:08:46.000Z",
|
|
|
|
"modified": "2020-05-23T18:08:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"other\"",
|
|
|
|
"misp:category=\"Social network\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Social network",
|
|
|
|
"x_misp_comment": "botherder handles hardcoded",
|
|
|
|
"x_misp_type": "other",
|
|
|
|
"x_misp_value": "nightd0g"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5ec966ae-1180-43d3-a4a1-4e30950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:08:46.000Z",
|
|
|
|
"modified": "2020-05-23T18:08:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"other\"",
|
|
|
|
"misp:category=\"Social network\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Social network",
|
|
|
|
"x_misp_comment": "botherder handles hardcoded",
|
|
|
|
"x_misp_type": "other",
|
|
|
|
"x_misp_value": "phpbot"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5ec966ae-1a2c-499d-916c-4f2e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:08:46.000Z",
|
|
|
|
"modified": "2020-05-23T18:08:46.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"other\"",
|
|
|
|
"misp:category=\"Social network\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Social network",
|
|
|
|
"x_misp_comment": "botherder handles hardcoded",
|
|
|
|
"x_misp_type": "other",
|
|
|
|
"x_misp_value": "netspot1-netspot10"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:09:57.000Z",
|
|
|
|
"modified": "2020-05-23T18:09:57.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
|
|
|
|
"ipv4-addr--5ec966f5-2ae0-463d-b2a0-4c65950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
|
|
|
|
"value": "196.53.114.199"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec966f5-7690-4f72-9037-483b950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:09:57.000Z",
|
|
|
|
"modified": "2020-05-23T18:09:57.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-23T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5ec966f5-7690-4f72-9037-483b950d210f",
|
|
|
|
"ipv4-addr--5ec966f5-7690-4f72-9037-483b950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5ec966f5-7690-4f72-9037-483b950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5ec966f5-7690-4f72-9037-483b950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5ec966f5-7690-4f72-9037-483b950d210f",
|
|
|
|
"value": "204.11.49.132"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5ec96731-05fc-4acf-9b81-4840950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2020-05-23T18:16:15.000Z",
|
|
|
|
"modified": "2020-05-23T18:16:15.000Z",
|
|
|
|
"first_observed": "2020-05-21T00:00:00Z",
|
|
|
|
"last_observed": "2020-05-24T00:00:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5ec96731-05fc-4acf-9b81-4840950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"Internal reference\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5ec96731-05fc-4acf-9b81-4840950d210f",
|
|
|
|
"value": "https://gist.github.com/unixfreaxjp/7b8bd6be614f7a051fc9a9da760d3138"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|