{ "Event": { "analysis": "1", "date": "2020-05-23", "extends_uuid": "", "info": "Linux/KAITEN AK47(a Mod-Telnet-Scanner) & Echo-loader hexstrings spread", "publish_timestamp": "1590257790", "published": true, "threat_level_id": "3", "timestamp": "1590257775", "uuid": "5ec960a6-b798-445c-8ae2-478a950d210f", "Orgc": { "name": "MalwareMustDie", "uuid": "569e04b2-efd0-45bd-b83a-4f7b950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#22681c", "local": false, "name": "malware_classification:malware-category=\"Botnet\"", "relationship_type": "" }, { "colour": "#5ed600", "local": false, "name": "ddos:type=\"flooding-attack\"", "relationship_type": "" } ], "Attribute": [ { "category": "Payload delivery", "comment": "bot malware payload", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256715", "to_ids": false, "type": "md5", "uuid": "5ec9644b-4b8c-4ca8-b247-2e98950d210f", "value": "d7062a6b3380c1c5c79fd0aec06051c5" }, { "category": "Payload delivery", "comment": "bot malware payload", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256715", "to_ids": false, "type": "md5", "uuid": "5ec9644b-eb0c-40d1-a28f-2e98950d210f", "value": "bb4d558ef723daa5e014aeaa5337df7c" }, { "category": "Payload delivery", "comment": "bot malware payload", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256715", "to_ids": false, "type": "md5", "uuid": "5ec9644b-a6b0-430c-ae81-2e98950d210f", "value": "f469f4130e1d267f63ede66cb4341e0d" }, { "category": "Payload delivery", "comment": "bot malware payload", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256715", "to_ids": false, "type": "md5", "uuid": "5ec9644b-dfb4-43ea-bddd-2e98950d210f", "value": "581b9b9d6230005fa3a5ab1e9090eb9a" }, { "category": "Payload delivery", "comment": "bot malware payload", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256715", "to_ids": false, "type": "md5", "uuid": "5ec9644b-7090-4190-9e35-2e98950d210f", "value": "e71c7c5f0b09c3b17e0064b5774499f9" }, { "category": "Payload delivery", "comment": "bot malware payload", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256715", "to_ids": false, "type": "md5", "uuid": "5ec9644b-4f08-4de9-9c0b-2e98950d210f", "value": "4f0724e3775f872eafcc70a0a946b0df" }, { "category": "Payload delivery", "comment": "bot malware payload", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256715", "to_ids": false, "type": "md5", "uuid": "5ec9644b-4284-4f19-90a4-2e98950d210f", "value": "a1c60716c51c64a89f96167057b51c68" }, { "category": "Payload delivery", "comment": "bot malware payload", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256715", "to_ids": false, "type": "md5", "uuid": "5ec9644b-5b40-4328-a278-2e98950d210f", "value": "9aa4741ad010753683a602bf7a2d99cd" }, { "category": "Payload delivery", "comment": "bot malware payload", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256715", "to_ids": false, "type": "md5", "uuid": "5ec9644b-716c-4e6c-83cf-2e98950d210f", "value": "604de8c8f3d612bcbfc44f1e3c4b2e33" }, { "category": "Payload delivery", "comment": "payload filename in C2 (scan-able during download)", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256797", "to_ids": false, "type": "filename", "uuid": "5ec9649d-9c64-4619-abb5-4e71950d210f", "value": "igLHvijzbFarm" }, { "category": "Payload delivery", "comment": "payload filename in C2 (scan-able during download)", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256797", "to_ids": false, "type": "filename", "uuid": "5ec9649d-4b04-4bbf-a267-4200950d210f", "value": "igLHvijzbFarm5" }, { "category": "Payload delivery", "comment": "payload filename in C2 (scan-able during download)", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256797", "to_ids": false, "type": "filename", "uuid": "5ec9649d-9e6c-4267-841f-4caf950d210f", "value": "igLHvijzbFarm6" }, { "category": "Payload delivery", "comment": "payload filename in C2 (scan-able during download)", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256797", "to_ids": false, "type": "filename", "uuid": "5ec9649d-8af4-4492-893d-4aea950d210f", "value": "igLHvijzbFm68k" }, { "category": "Payload delivery", "comment": "payload filename in C2 (scan-able during download)", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256797", "to_ids": false, "type": "filename", "uuid": "5ec9649d-9a80-4287-81d9-4242950d210f", "value": "igLHvijzbFmips" }, { "category": "Payload delivery", "comment": "payload filename in C2 (scan-able during download)", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256797", "to_ids": false, "type": "filename", "uuid": "5ec9649d-2214-424a-9e73-45f2950d210f", "value": "igLHvijzbFmpsl" }, { "category": "Payload delivery", "comment": "payload filename in C2 (scan-able during download)", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256797", "to_ids": false, "type": "filename", "uuid": "5ec9649d-9004-4551-abf4-4221950d210f", "value": "igLHvijzbFppc" }, { "category": "Payload delivery", "comment": "payload filename in C2 (scan-able during download)", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256797", "to_ids": false, "type": "filename", "uuid": "5ec9649d-7770-4936-abee-43fc950d210f", "value": "igLHvijzbFsh4" }, { "category": "Payload delivery", "comment": "payload filename in C2 (scan-able during download)", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256797", "to_ids": false, "type": "filename", "uuid": "5ec9649d-ddc8-434b-ab7b-4888950d210f", "value": "igLHvijzbFspc" }, { "category": "Payload delivery", "comment": "Payload service IPv6|port_number", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256922", "to_ids": false, "type": "ip-src|port", "uuid": "5ec9651a-74d8-4321-9801-4485950d210f", "value": "204.11.49.132|80" }, { "category": "Payload delivery", "comment": "Payload service IPv6|port_number", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590256922", "to_ids": false, "type": "ip-src|port", "uuid": "5ec9651a-edd4-4050-90f3-413d950d210f", "value": "196.53.114.199|80" }, { "category": "Network activity", "comment": "C2 connection established activity", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-24T00:00:00+00:00", "timestamp": "1590257006", "to_ids": false, "type": "ip-dst|port", "uuid": "5ec9656e-b94c-4932-8275-4bca950d210f", "value": "196.53.114.199|8080" }, { "category": "Payload delivery", "comment": "Source code file name", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-24T00:00:00+00:00", "timestamp": "1590257075", "to_ids": false, "type": "filename", "uuid": "5ec965b3-987c-4a25-84af-4999950d210f", "value": "bot.c" }, { "category": "Network activity", "comment": "C2 credential", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257198", "to_ids": false, "type": "other", "uuid": "5ec9662e-9320-4e61-9e17-4aca950d210f", "value": "#donks" }, { "category": "Network activity", "comment": "C2 credential", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257210", "to_ids": false, "type": "other", "uuid": "5ec9663a-e5b4-4d84-b5db-4a63950d210f", "value": "swagfag" }, { "category": "Social network", "comment": "botherder handles hardcoded", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257290", "to_ids": false, "type": "other", "uuid": "5ec9668a-2078-4769-b5fe-4e19950d210f", "value": "Freak" }, { "category": "Social network", "comment": "botherder handles hardcoded", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257326", "to_ids": false, "type": "other", "uuid": "5ec966ae-d430-4211-9e70-4f2b950d210f", "value": "Leonidus" }, { "category": "Social network", "comment": "botherder handles hardcoded", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257326", "to_ids": false, "type": "other", "uuid": "5ec966ae-d9c0-4c28-b877-48a3950d210f", "value": "Crypto" }, { "category": "Social network", "comment": "botherder handles hardcoded", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257326", "to_ids": false, "type": "other", "uuid": "5ec966ae-092c-48a3-bd2f-4710950d210f", "value": "error401" }, { "category": "Social network", "comment": "botherder handles hardcoded", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257326", "to_ids": false, "type": "other", "uuid": "5ec966ae-15a4-4e17-bc6e-419f950d210f", "value": "lmfao" }, { "category": "Social network", "comment": "botherder handles hardcoded", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257326", "to_ids": false, "type": "other", "uuid": "5ec966ae-2ab0-4a9b-ab4c-44b5950d210f", "value": "dmt" }, { "category": "Social network", "comment": "botherder handles hardcoded", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257326", "to_ids": false, "type": "other", "uuid": "5ec966ae-78a0-41d3-b302-4c55950d210f", "value": "ni**er" }, { "category": "Social network", "comment": "botherder handles hardcoded", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257326", "to_ids": false, "type": "other", "uuid": "5ec966ae-7980-4f11-bc2e-4a5b950d210f", "value": "DeTH" }, { "category": "Social network", "comment": "botherder handles hardcoded", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257326", "to_ids": false, "type": "other", "uuid": "5ec966ae-cf14-4dd7-9faf-4861950d210f", "value": "Okami" }, { "category": "Social network", "comment": "botherder handles hardcoded", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257326", "to_ids": false, "type": "other", "uuid": "5ec966ae-c324-4229-92d5-4243950d210f", "value": "nightd0g" }, { "category": "Social network", "comment": "botherder handles hardcoded", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257326", "to_ids": false, "type": "other", "uuid": "5ec966ae-1180-43d3-a4a1-4e30950d210f", "value": "phpbot" }, { "category": "Social network", "comment": "botherder handles hardcoded", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257326", "to_ids": false, "type": "other", "uuid": "5ec966ae-1a2c-499d-916c-4f2e950d210f", "value": "netspot1-netspot10" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257397", "to_ids": false, "type": "ip-dst", "uuid": "5ec966f5-2ae0-463d-b2a0-4c65950d210f", "value": "196.53.114.199" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-23T00:00:00+00:00", "timestamp": "1590257397", "to_ids": false, "type": "ip-dst", "uuid": "5ec966f5-7690-4f72-9037-483b950d210f", "value": "204.11.49.132" }, { "category": "Internal reference", "comment": "Threat report (contains more details)", "deleted": false, "disable_correlation": false, "first_seen": "2020-05-21T00:00:00+00:00", "last_seen": "2020-05-24T00:00:00+00:00", "timestamp": "1590257775", "to_ids": false, "type": "link", "uuid": "5ec96731-05fc-4acf-9b81-4840950d210f", "value": "https://gist.github.com/unixfreaxjp/7b8bd6be614f7a051fc9a9da760d3138" } ] } }