{ "type": "bundle", "id": "bundle--5ec960a6-b798-445c-8ae2-478a950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:16:15.000Z", "modified": "2020-05-23T18:16:15.000Z", "name": "MalwareMustDie", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5ec960a6-b798-445c-8ae2-478a950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:16:15.000Z", "modified": "2020-05-23T18:16:15.000Z", "name": "Linux/KAITEN AK47(a Mod-Telnet-Scanner) & Echo-loader hexstrings spread", "published": "2020-05-23T18:16:30Z", "object_refs": [ "observed-data--5ec9644b-4b8c-4ca8-b247-2e98950d210f", "file--5ec9644b-4b8c-4ca8-b247-2e98950d210f", "observed-data--5ec9644b-eb0c-40d1-a28f-2e98950d210f", "file--5ec9644b-eb0c-40d1-a28f-2e98950d210f", "observed-data--5ec9644b-a6b0-430c-ae81-2e98950d210f", "file--5ec9644b-a6b0-430c-ae81-2e98950d210f", "observed-data--5ec9644b-dfb4-43ea-bddd-2e98950d210f", "file--5ec9644b-dfb4-43ea-bddd-2e98950d210f", "observed-data--5ec9644b-7090-4190-9e35-2e98950d210f", "file--5ec9644b-7090-4190-9e35-2e98950d210f", "observed-data--5ec9644b-4f08-4de9-9c0b-2e98950d210f", "file--5ec9644b-4f08-4de9-9c0b-2e98950d210f", "observed-data--5ec9644b-4284-4f19-90a4-2e98950d210f", "file--5ec9644b-4284-4f19-90a4-2e98950d210f", "observed-data--5ec9644b-5b40-4328-a278-2e98950d210f", "file--5ec9644b-5b40-4328-a278-2e98950d210f", "observed-data--5ec9644b-716c-4e6c-83cf-2e98950d210f", "file--5ec9644b-716c-4e6c-83cf-2e98950d210f", "observed-data--5ec9649d-9c64-4619-abb5-4e71950d210f", "file--5ec9649d-9c64-4619-abb5-4e71950d210f", "observed-data--5ec9649d-4b04-4bbf-a267-4200950d210f", "file--5ec9649d-4b04-4bbf-a267-4200950d210f", "observed-data--5ec9649d-9e6c-4267-841f-4caf950d210f", "file--5ec9649d-9e6c-4267-841f-4caf950d210f", "observed-data--5ec9649d-8af4-4492-893d-4aea950d210f", "file--5ec9649d-8af4-4492-893d-4aea950d210f", "observed-data--5ec9649d-9a80-4287-81d9-4242950d210f", "file--5ec9649d-9a80-4287-81d9-4242950d210f", "observed-data--5ec9649d-2214-424a-9e73-45f2950d210f", "file--5ec9649d-2214-424a-9e73-45f2950d210f", "observed-data--5ec9649d-9004-4551-abf4-4221950d210f", "file--5ec9649d-9004-4551-abf4-4221950d210f", "observed-data--5ec9649d-7770-4936-abee-43fc950d210f", "file--5ec9649d-7770-4936-abee-43fc950d210f", "observed-data--5ec9649d-ddc8-434b-ab7b-4888950d210f", "file--5ec9649d-ddc8-434b-ab7b-4888950d210f", "observed-data--5ec9651a-74d8-4321-9801-4485950d210f", "network-traffic--5ec9651a-74d8-4321-9801-4485950d210f", "ipv4-addr--5ec9651a-74d8-4321-9801-4485950d210f", "observed-data--5ec9651a-edd4-4050-90f3-413d950d210f", "network-traffic--5ec9651a-edd4-4050-90f3-413d950d210f", "ipv4-addr--5ec9651a-edd4-4050-90f3-413d950d210f", "observed-data--5ec9656e-b94c-4932-8275-4bca950d210f", "network-traffic--5ec9656e-b94c-4932-8275-4bca950d210f", "ipv4-addr--5ec9656e-b94c-4932-8275-4bca950d210f", "observed-data--5ec965b3-987c-4a25-84af-4999950d210f", "file--5ec965b3-987c-4a25-84af-4999950d210f", "x-misp-attribute--5ec9662e-9320-4e61-9e17-4aca950d210f", "x-misp-attribute--5ec9663a-e5b4-4d84-b5db-4a63950d210f", "x-misp-attribute--5ec9668a-2078-4769-b5fe-4e19950d210f", "x-misp-attribute--5ec966ae-d430-4211-9e70-4f2b950d210f", "x-misp-attribute--5ec966ae-d9c0-4c28-b877-48a3950d210f", "x-misp-attribute--5ec966ae-092c-48a3-bd2f-4710950d210f", "x-misp-attribute--5ec966ae-15a4-4e17-bc6e-419f950d210f", "x-misp-attribute--5ec966ae-2ab0-4a9b-ab4c-44b5950d210f", "x-misp-attribute--5ec966ae-78a0-41d3-b302-4c55950d210f", "x-misp-attribute--5ec966ae-7980-4f11-bc2e-4a5b950d210f", "x-misp-attribute--5ec966ae-cf14-4dd7-9faf-4861950d210f", "x-misp-attribute--5ec966ae-c324-4229-92d5-4243950d210f", "x-misp-attribute--5ec966ae-1180-43d3-a4a1-4e30950d210f", "x-misp-attribute--5ec966ae-1a2c-499d-916c-4f2e950d210f", "observed-data--5ec966f5-2ae0-463d-b2a0-4c65950d210f", "network-traffic--5ec966f5-2ae0-463d-b2a0-4c65950d210f", "ipv4-addr--5ec966f5-2ae0-463d-b2a0-4c65950d210f", "observed-data--5ec966f5-7690-4f72-9037-483b950d210f", "network-traffic--5ec966f5-7690-4f72-9037-483b950d210f", "ipv4-addr--5ec966f5-7690-4f72-9037-483b950d210f", "observed-data--5ec96731-05fc-4acf-9b81-4840950d210f", "url--5ec96731-05fc-4acf-9b81-4840950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "malware_classification:malware-category=\"Botnet\"", "ddos:type=\"flooding-attack\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9644b-4b8c-4ca8-b247-2e98950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:58:35.000Z", "modified": "2020-05-23T17:58:35.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9644b-4b8c-4ca8-b247-2e98950d210f" ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9644b-4b8c-4ca8-b247-2e98950d210f", "hashes": { "MD5": "d7062a6b3380c1c5c79fd0aec06051c5" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9644b-eb0c-40d1-a28f-2e98950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:58:35.000Z", "modified": "2020-05-23T17:58:35.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9644b-eb0c-40d1-a28f-2e98950d210f" ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9644b-eb0c-40d1-a28f-2e98950d210f", "hashes": { "MD5": "bb4d558ef723daa5e014aeaa5337df7c" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9644b-a6b0-430c-ae81-2e98950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:58:35.000Z", "modified": "2020-05-23T17:58:35.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9644b-a6b0-430c-ae81-2e98950d210f" ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9644b-a6b0-430c-ae81-2e98950d210f", "hashes": { "MD5": "f469f4130e1d267f63ede66cb4341e0d" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9644b-dfb4-43ea-bddd-2e98950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:58:35.000Z", "modified": "2020-05-23T17:58:35.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9644b-dfb4-43ea-bddd-2e98950d210f" ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9644b-dfb4-43ea-bddd-2e98950d210f", "hashes": { "MD5": "581b9b9d6230005fa3a5ab1e9090eb9a" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9644b-7090-4190-9e35-2e98950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:58:35.000Z", "modified": "2020-05-23T17:58:35.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9644b-7090-4190-9e35-2e98950d210f" ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9644b-7090-4190-9e35-2e98950d210f", "hashes": { "MD5": "e71c7c5f0b09c3b17e0064b5774499f9" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9644b-4f08-4de9-9c0b-2e98950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:58:35.000Z", "modified": "2020-05-23T17:58:35.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9644b-4f08-4de9-9c0b-2e98950d210f" ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9644b-4f08-4de9-9c0b-2e98950d210f", "hashes": { "MD5": "4f0724e3775f872eafcc70a0a946b0df" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9644b-4284-4f19-90a4-2e98950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:58:35.000Z", "modified": "2020-05-23T17:58:35.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9644b-4284-4f19-90a4-2e98950d210f" ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9644b-4284-4f19-90a4-2e98950d210f", "hashes": { "MD5": "a1c60716c51c64a89f96167057b51c68" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9644b-5b40-4328-a278-2e98950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:58:35.000Z", "modified": "2020-05-23T17:58:35.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9644b-5b40-4328-a278-2e98950d210f" ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9644b-5b40-4328-a278-2e98950d210f", "hashes": { "MD5": "9aa4741ad010753683a602bf7a2d99cd" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9644b-716c-4e6c-83cf-2e98950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:58:35.000Z", "modified": "2020-05-23T17:58:35.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9644b-716c-4e6c-83cf-2e98950d210f" ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9644b-716c-4e6c-83cf-2e98950d210f", "hashes": { "MD5": "604de8c8f3d612bcbfc44f1e3c4b2e33" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9649d-9c64-4619-abb5-4e71950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:59:57.000Z", "modified": "2020-05-23T17:59:57.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9649d-9c64-4619-abb5-4e71950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9649d-9c64-4619-abb5-4e71950d210f", "name": "igLHvijzbFarm" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9649d-4b04-4bbf-a267-4200950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:59:57.000Z", "modified": "2020-05-23T17:59:57.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9649d-4b04-4bbf-a267-4200950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9649d-4b04-4bbf-a267-4200950d210f", "name": "igLHvijzbFarm5" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9649d-9e6c-4267-841f-4caf950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:59:57.000Z", "modified": "2020-05-23T17:59:57.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9649d-9e6c-4267-841f-4caf950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9649d-9e6c-4267-841f-4caf950d210f", "name": "igLHvijzbFarm6" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9649d-8af4-4492-893d-4aea950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:59:57.000Z", "modified": "2020-05-23T17:59:57.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9649d-8af4-4492-893d-4aea950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9649d-8af4-4492-893d-4aea950d210f", "name": "igLHvijzbFm68k" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9649d-9a80-4287-81d9-4242950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:59:57.000Z", "modified": "2020-05-23T17:59:57.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9649d-9a80-4287-81d9-4242950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9649d-9a80-4287-81d9-4242950d210f", "name": "igLHvijzbFmips" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9649d-2214-424a-9e73-45f2950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:59:57.000Z", "modified": "2020-05-23T17:59:57.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9649d-2214-424a-9e73-45f2950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9649d-2214-424a-9e73-45f2950d210f", "name": "igLHvijzbFmpsl" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9649d-9004-4551-abf4-4221950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:59:57.000Z", "modified": "2020-05-23T17:59:57.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9649d-9004-4551-abf4-4221950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9649d-9004-4551-abf4-4221950d210f", "name": "igLHvijzbFppc" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9649d-7770-4936-abee-43fc950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:59:57.000Z", "modified": "2020-05-23T17:59:57.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9649d-7770-4936-abee-43fc950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9649d-7770-4936-abee-43fc950d210f", "name": "igLHvijzbFsh4" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9649d-ddc8-434b-ab7b-4888950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T17:59:57.000Z", "modified": "2020-05-23T17:59:57.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec9649d-ddc8-434b-ab7b-4888950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec9649d-ddc8-434b-ab7b-4888950d210f", "name": "igLHvijzbFspc" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9651a-74d8-4321-9801-4485950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:02:02.000Z", "modified": "2020-05-23T18:02:02.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "network-traffic--5ec9651a-74d8-4321-9801-4485950d210f", "ipv4-addr--5ec9651a-74d8-4321-9801-4485950d210f" ], "labels": [ "misp:type=\"ip-src|port\"", "misp:category=\"Payload delivery\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5ec9651a-74d8-4321-9801-4485950d210f", "src_ref": "ipv4-addr--5ec9651a-74d8-4321-9801-4485950d210f", "src_port": 80, "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5ec9651a-74d8-4321-9801-4485950d210f", "value": "204.11.49.132" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9651a-edd4-4050-90f3-413d950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:02:02.000Z", "modified": "2020-05-23T18:02:02.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "network-traffic--5ec9651a-edd4-4050-90f3-413d950d210f", "ipv4-addr--5ec9651a-edd4-4050-90f3-413d950d210f" ], "labels": [ "misp:type=\"ip-src|port\"", "misp:category=\"Payload delivery\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5ec9651a-edd4-4050-90f3-413d950d210f", "src_ref": "ipv4-addr--5ec9651a-edd4-4050-90f3-413d950d210f", "src_port": 80, "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5ec9651a-edd4-4050-90f3-413d950d210f", "value": "196.53.114.199" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec9656e-b94c-4932-8275-4bca950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:03:26.000Z", "modified": "2020-05-23T18:03:26.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-24T00:00:00Z", "number_observed": 1, "object_refs": [ "network-traffic--5ec9656e-b94c-4932-8275-4bca950d210f", "ipv4-addr--5ec9656e-b94c-4932-8275-4bca950d210f" ], "labels": [ "misp:type=\"ip-dst|port\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5ec9656e-b94c-4932-8275-4bca950d210f", "dst_ref": "ipv4-addr--5ec9656e-b94c-4932-8275-4bca950d210f", "dst_port": 8080, "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5ec9656e-b94c-4932-8275-4bca950d210f", "value": "196.53.114.199" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec965b3-987c-4a25-84af-4999950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:04:35.000Z", "modified": "2020-05-23T18:04:35.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-24T00:00:00Z", "number_observed": 1, "object_refs": [ "file--5ec965b3-987c-4a25-84af-4999950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5ec965b3-987c-4a25-84af-4999950d210f", "name": "bot.c" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ec9662e-9320-4e61-9e17-4aca950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:06:38.000Z", "modified": "2020-05-23T18:06:38.000Z", "labels": [ "misp:type=\"other\"", "misp:category=\"Network activity\"" ], "x_misp_category": "Network activity", "x_misp_comment": "C2 credential", "x_misp_type": "other", "x_misp_value": "#donks" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ec9663a-e5b4-4d84-b5db-4a63950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:06:50.000Z", "modified": "2020-05-23T18:06:50.000Z", "labels": [ "misp:type=\"other\"", "misp:category=\"Network activity\"" ], "x_misp_category": "Network activity", "x_misp_comment": "C2 credential", "x_misp_type": "other", "x_misp_value": "swagfag" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ec9668a-2078-4769-b5fe-4e19950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:08:10.000Z", "modified": "2020-05-23T18:08:10.000Z", "labels": [ "misp:type=\"other\"", "misp:category=\"Social network\"" ], "x_misp_category": "Social network", "x_misp_comment": "botherder handles hardcoded", "x_misp_type": "other", "x_misp_value": "Freak" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ec966ae-d430-4211-9e70-4f2b950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:08:46.000Z", "modified": "2020-05-23T18:08:46.000Z", "labels": [ "misp:type=\"other\"", "misp:category=\"Social network\"" ], "x_misp_category": "Social network", "x_misp_comment": "botherder handles hardcoded", "x_misp_type": "other", "x_misp_value": "Leonidus" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ec966ae-d9c0-4c28-b877-48a3950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:08:46.000Z", "modified": "2020-05-23T18:08:46.000Z", "labels": [ "misp:type=\"other\"", "misp:category=\"Social network\"" ], "x_misp_category": "Social network", "x_misp_comment": "botherder handles hardcoded", "x_misp_type": "other", "x_misp_value": "Crypto" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ec966ae-092c-48a3-bd2f-4710950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:08:46.000Z", "modified": "2020-05-23T18:08:46.000Z", "labels": [ "misp:type=\"other\"", "misp:category=\"Social network\"" ], "x_misp_category": "Social network", "x_misp_comment": "botherder handles hardcoded", "x_misp_type": "other", "x_misp_value": "error401" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ec966ae-15a4-4e17-bc6e-419f950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:08:46.000Z", "modified": "2020-05-23T18:08:46.000Z", "labels": [ "misp:type=\"other\"", "misp:category=\"Social network\"" ], "x_misp_category": "Social network", "x_misp_comment": "botherder handles hardcoded", "x_misp_type": "other", "x_misp_value": "lmfao" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ec966ae-2ab0-4a9b-ab4c-44b5950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:08:46.000Z", "modified": "2020-05-23T18:08:46.000Z", "labels": [ "misp:type=\"other\"", "misp:category=\"Social network\"" ], "x_misp_category": "Social network", "x_misp_comment": "botherder handles hardcoded", "x_misp_type": "other", "x_misp_value": "dmt" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ec966ae-78a0-41d3-b302-4c55950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:08:46.000Z", "modified": "2020-05-23T18:08:46.000Z", "labels": [ "misp:type=\"other\"", "misp:category=\"Social network\"" ], "x_misp_category": "Social network", "x_misp_comment": "botherder handles hardcoded", "x_misp_type": "other", "x_misp_value": "ni**er" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ec966ae-7980-4f11-bc2e-4a5b950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:08:46.000Z", "modified": "2020-05-23T18:08:46.000Z", "labels": [ "misp:type=\"other\"", "misp:category=\"Social network\"" ], "x_misp_category": "Social network", "x_misp_comment": "botherder handles hardcoded", "x_misp_type": "other", "x_misp_value": "DeTH" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ec966ae-cf14-4dd7-9faf-4861950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:08:46.000Z", "modified": "2020-05-23T18:08:46.000Z", "labels": [ "misp:type=\"other\"", "misp:category=\"Social network\"" ], "x_misp_category": "Social network", "x_misp_comment": "botherder handles hardcoded", "x_misp_type": "other", "x_misp_value": "Okami" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ec966ae-c324-4229-92d5-4243950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:08:46.000Z", "modified": "2020-05-23T18:08:46.000Z", "labels": [ "misp:type=\"other\"", "misp:category=\"Social network\"" ], "x_misp_category": "Social network", "x_misp_comment": "botherder handles hardcoded", "x_misp_type": "other", "x_misp_value": "nightd0g" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ec966ae-1180-43d3-a4a1-4e30950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:08:46.000Z", "modified": "2020-05-23T18:08:46.000Z", "labels": [ "misp:type=\"other\"", "misp:category=\"Social network\"" ], "x_misp_category": "Social network", "x_misp_comment": "botherder handles hardcoded", "x_misp_type": "other", "x_misp_value": "phpbot" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ec966ae-1a2c-499d-916c-4f2e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:08:46.000Z", "modified": "2020-05-23T18:08:46.000Z", "labels": [ "misp:type=\"other\"", "misp:category=\"Social network\"" ], "x_misp_category": "Social network", "x_misp_comment": "botherder handles hardcoded", "x_misp_type": "other", "x_misp_value": "netspot1-netspot10" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec966f5-2ae0-463d-b2a0-4c65950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:09:57.000Z", "modified": "2020-05-23T18:09:57.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "network-traffic--5ec966f5-2ae0-463d-b2a0-4c65950d210f", "ipv4-addr--5ec966f5-2ae0-463d-b2a0-4c65950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5ec966f5-2ae0-463d-b2a0-4c65950d210f", "dst_ref": "ipv4-addr--5ec966f5-2ae0-463d-b2a0-4c65950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5ec966f5-2ae0-463d-b2a0-4c65950d210f", "value": "196.53.114.199" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec966f5-7690-4f72-9037-483b950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:09:57.000Z", "modified": "2020-05-23T18:09:57.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-23T00:00:00Z", "number_observed": 1, "object_refs": [ "network-traffic--5ec966f5-7690-4f72-9037-483b950d210f", "ipv4-addr--5ec966f5-7690-4f72-9037-483b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5ec966f5-7690-4f72-9037-483b950d210f", "dst_ref": "ipv4-addr--5ec966f5-7690-4f72-9037-483b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5ec966f5-7690-4f72-9037-483b950d210f", "value": "204.11.49.132" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ec96731-05fc-4acf-9b81-4840950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2020-05-23T18:16:15.000Z", "modified": "2020-05-23T18:16:15.000Z", "first_observed": "2020-05-21T00:00:00Z", "last_observed": "2020-05-24T00:00:00Z", "number_observed": 1, "object_refs": [ "url--5ec96731-05fc-4acf-9b81-4840950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"Internal reference\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5ec96731-05fc-4acf-9b81-4840950d210f", "value": "https://gist.github.com/unixfreaxjp/7b8bd6be614f7a051fc9a9da760d3138" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }