{ "type": "bundle", "id": "bundle--5d9049fa-1a6c-4668-b7aa-4bf7950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-30T17:59:46.000Z", "modified": "2019-09-30T17:59:46.000Z", "name": "MalwareMustDie", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5d9049fa-1a6c-4668-b7aa-4bf7950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-30T17:59:46.000Z", "modified": "2019-09-30T17:59:46.000Z", "name": "New IoT multiplatform Linux malware: Linux/AirDropBot", "published": "2019-09-30T18:04:10Z", "object_refs": [ "observed-data--5d904a90-5a30-4809-a7ba-45b4950d210f", "network-traffic--5d904a90-5a30-4809-a7ba-45b4950d210f", "ipv4-addr--5d904a90-5a30-4809-a7ba-45b4950d210f", "observed-data--5d904a90-ef94-41ad-bccf-4e01950d210f", "network-traffic--5d904a90-ef94-41ad-bccf-4e01950d210f", "ipv4-addr--5d904a90-ef94-41ad-bccf-4e01950d210f", "observed-data--5d904a90-53a4-4624-aecb-491b950d210f", "network-traffic--5d904a90-53a4-4624-aecb-491b950d210f", "ipv4-addr--5d904a90-53a4-4624-aecb-491b950d210f", "indicator--5d904bbf-964c-460c-9edf-4539950d210f", "indicator--5d904bbf-fe4c-4ea6-b1aa-48b9950d210f", "indicator--5d904bbf-af54-4c82-abf2-4ae5950d210f", "indicator--5d904bbf-1394-4eb6-bc6c-4343950d210f", "indicator--5d904bbf-0268-4b7d-8b8b-490f950d210f", "indicator--5d904bbf-0464-48c8-8ca9-4a5b950d210f", "indicator--5d904bbf-d358-4491-9a7b-42d2950d210f", "indicator--5d904bbf-a844-44f8-8e4b-4025950d210f", "indicator--5d904bbf-f544-4dba-a041-4852950d210f", "indicator--5d904bbf-72c4-4629-9273-4d0c950d210f", "indicator--5d904bbf-0d90-4605-9169-43cf950d210f", "indicator--5d904bbf-0f0c-4113-8ac0-4999950d210f", "indicator--5d904bbf-7c04-4e53-86e0-4e2f950d210f", "indicator--5d904bbf-2ecc-4765-b655-4f46950d210f", "indicator--5d904bbf-5f88-4ec9-98ab-49a2950d210f", "indicator--5d904bbf-b45c-4e50-ab5f-453a950d210f", "indicator--5d904bbf-9720-4a69-acf0-4aef950d210f", "indicator--5d904bbf-8b14-454b-91d2-4b31950d210f", "indicator--5d904bbf-6b10-4016-a9d5-4f32950d210f", "indicator--5d904bbf-b490-4091-aeec-423f950d210f", "indicator--5d904bbf-64f8-42fd-a0cd-4447950d210f", "indicator--5d904bc0-90b4-46aa-b797-401e950d210f", "indicator--5d904bc0-3a20-408b-a86b-486c950d210f", "indicator--5d904bc0-0c00-4a1c-b1e1-4307950d210f", "observed-data--5d904c06-4058-40c9-ae01-4c1a950d210f", "url--5d904c06-4058-40c9-ae01-4c1a950d210f", "indicator--5d924292-b9cc-49dd-ab90-6bc1950d210f", "indicator--5d924292-5444-44a0-96b1-6bc1950d210f", "indicator--5d924292-f1dc-4fcd-9395-6bc1950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ms-caro-malware:malware-type=\"DDoS\"", "ms-caro-malware:malware-platform=\"Linux\"", "malware_classification:malware-category=\"Botnet\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d904a90-5a30-4809-a7ba-45b4950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:09:45.000Z", "modified": "2019-09-29T06:09:45.000Z", "first_observed": "2019-09-29T06:09:45Z", "last_observed": "2019-09-29T06:09:45Z", "number_observed": 1, "object_refs": [ "network-traffic--5d904a90-5a30-4809-a7ba-45b4950d210f", "ipv4-addr--5d904a90-5a30-4809-a7ba-45b4950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d904a90-5a30-4809-a7ba-45b4950d210f", "dst_ref": "ipv4-addr--5d904a90-5a30-4809-a7ba-45b4950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d904a90-5a30-4809-a7ba-45b4950d210f", "value": "179.43.149.189" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d904a90-ef94-41ad-bccf-4e01950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:10:15.000Z", "modified": "2019-09-29T06:10:15.000Z", "first_observed": "2019-09-29T06:10:15Z", "last_observed": "2019-09-29T06:10:15Z", "number_observed": 1, "object_refs": [ "network-traffic--5d904a90-ef94-41ad-bccf-4e01950d210f", "ipv4-addr--5d904a90-ef94-41ad-bccf-4e01950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d904a90-ef94-41ad-bccf-4e01950d210f", "dst_ref": "ipv4-addr--5d904a90-ef94-41ad-bccf-4e01950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d904a90-ef94-41ad-bccf-4e01950d210f", "value": "147.135.124.113" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d904a90-53a4-4624-aecb-491b950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:11:05.000Z", "modified": "2019-09-29T06:11:05.000Z", "first_observed": "2019-09-29T06:11:05Z", "last_observed": "2019-09-29T06:11:05Z", "number_observed": 1, "object_refs": [ "network-traffic--5d904a90-53a4-4624-aecb-491b950d210f", "ipv4-addr--5d904a90-53a4-4624-aecb-491b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5d904a90-53a4-4624-aecb-491b950d210f", "dst_ref": "ipv4-addr--5d904a90-53a4-4624-aecb-491b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5d904a90-53a4-4624-aecb-491b950d210f", "value": "192.168.0.14" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-964c-460c-9edf-4539950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '417151777eaaccfc62f778d33fd183ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-fe4c-4ea6-b1aa-48b9950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = 'd31f047c125deb4c2f879d88b083b9d5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-af54-4c82-abf2-4ae5950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = 'ff1eb225f31e5c29dde47c147f40627e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-1394-4eb6-bc6c-4343950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = 'f3aed39202b51afdd1354adc8362d6bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-0268-4b7d-8b8b-490f950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '083a5f463cb84f7ae8868cb2eb6a22eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-0464-48c8-8ca9-4a5b950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '9ce4decd27c303a44ab2e187625934f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-d358-4491-9a7b-42d2950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = 'b6c6c1b2e89de81db8633144f4cb4b7d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-a844-44f8-8e4b-4025950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = 'abd5008522f69cca92f8eefeb5f160e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-f544-4dba-a041-4852950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = 'a84bbf660ace4f0159f3d13e058235e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-72c4-4629-9273-4d0c950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '5fec65455bd8c842d672171d475460b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-0d90-4605-9169-43cf950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '4d3cab2d0c51081e509ad25fbd7ff596']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-0f0c-4113-8ac0-4999950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '252e2dfdf04290e7e9fc3c4d61bb3529']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-7c04-4e53-86e0-4e2f950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '5dcdace449052a596bce05328bd23a3b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-2ecc-4765-b655-4f46950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '9c66fbe776a97a8613bfa983c7dca149']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-5f88-4ec9-98ab-49a2950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '59af44a74873ac034bd24ca1c3275af5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-b45c-4e50-ab5f-453a950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '9642b8aff1fda24baa6abe0aa8c8b173']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-9720-4a69-acf0-4aef950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = 'e56cec6001f2f6efc0ad7c2fb840aceb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-8b14-454b-91d2-4b31950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '54d93673f9539f1914008cfe8fd2bbdd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-6b10-4016-a9d5-4f32950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '6d202084d4f25a0aa2225589dab536e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-b490-4091-aeec-423f950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = 'cfbf1bd882ae7b87d4b04122d2ab42cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bbf-64f8-42fd-a0cd-4447950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:23.000Z", "modified": "2019-09-29T06:14:23.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = 'b02af5bd329e19d7e4e2006c9c172713']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bc0-90b4-46aa-b797-401e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:24.000Z", "modified": "2019-09-29T06:14:24.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '85a8aad8d938c44c3f3f51089a60ec16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bc0-3a20-408b-a86b-486c950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:24.000Z", "modified": "2019-09-29T06:14:24.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '2c0afe7b13cdd642336ccc7b3e952d8d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d904bc0-0c00-4a1c-b1e1-4307950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:14:24.000Z", "modified": "2019-09-29T06:14:24.000Z", "description": "Payload hash, AirDropBot binary", "pattern": "[file:hashes.MD5 = '94b8337a2d217286775bcc36d9c862d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-29T06:14:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d904c06-4058-40c9-ae01-4c1a950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-29T06:15:34.000Z", "modified": "2019-09-29T06:15:34.000Z", "first_observed": "2019-09-29T06:15:34Z", "last_observed": "2019-09-29T06:15:34Z", "number_observed": 1, "object_refs": [ "url--5d904c06-4058-40c9-ae01-4c1a950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"Internal reference\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d904c06-4058-40c9-ae01-4c1a950d210f", "value": "https://blog.malwaremustdie.org/2019/09/mmd-0064-2019-linuxairdropbot.html" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d924292-b9cc-49dd-ab90-6bc1950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-30T17:59:46.000Z", "modified": "2019-09-30T17:59:46.000Z", "description": "other C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.244.25.200']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-30T17:59:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d924292-5444-44a0-96b1-6bc1950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-30T17:59:46.000Z", "modified": "2019-09-30T17:59:46.000Z", "description": "other C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.244.25.201']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-30T17:59:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d924292-f1dc-4fcd-9395-6bc1950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-09-30T17:59:46.000Z", "modified": "2019-09-30T17:59:46.000Z", "description": "other C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.244.25.202']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-09-30T17:59:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }