misp-circl-feed/feeds/circl/stix-2.1/5d9049fa-1a6c-4668-b7aa-4bf7950d210f.json

{
    "type": "bundle",
    "id": "bundle--5d9049fa-1a6c-4668-b7aa-4bf7950d210f",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-30T17:59:46.000Z",
            "modified": "2019-09-30T17:59:46.000Z",
            "name": "MalwareMustDie",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--5d9049fa-1a6c-4668-b7aa-4bf7950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-30T17:59:46.000Z",
            "modified": "2019-09-30T17:59:46.000Z",
            "name": "New IoT multiplatform Linux malware: Linux/AirDropBot",
            "published": "2019-09-30T18:04:10Z",
            "object_refs": [
                "observed-data--5d904a90-5a30-4809-a7ba-45b4950d210f",
                "network-traffic--5d904a90-5a30-4809-a7ba-45b4950d210f",
                "ipv4-addr--5d904a90-5a30-4809-a7ba-45b4950d210f",
                "observed-data--5d904a90-ef94-41ad-bccf-4e01950d210f",
                "network-traffic--5d904a90-ef94-41ad-bccf-4e01950d210f",
                "ipv4-addr--5d904a90-ef94-41ad-bccf-4e01950d210f",
                "observed-data--5d904a90-53a4-4624-aecb-491b950d210f",
                "network-traffic--5d904a90-53a4-4624-aecb-491b950d210f",
                "ipv4-addr--5d904a90-53a4-4624-aecb-491b950d210f",
                "indicator--5d904bbf-964c-460c-9edf-4539950d210f",
                "indicator--5d904bbf-fe4c-4ea6-b1aa-48b9950d210f",
                "indicator--5d904bbf-af54-4c82-abf2-4ae5950d210f",
                "indicator--5d904bbf-1394-4eb6-bc6c-4343950d210f",
                "indicator--5d904bbf-0268-4b7d-8b8b-490f950d210f",
                "indicator--5d904bbf-0464-48c8-8ca9-4a5b950d210f",
                "indicator--5d904bbf-d358-4491-9a7b-42d2950d210f",
                "indicator--5d904bbf-a844-44f8-8e4b-4025950d210f",
                "indicator--5d904bbf-f544-4dba-a041-4852950d210f",
                "indicator--5d904bbf-72c4-4629-9273-4d0c950d210f",
                "indicator--5d904bbf-0d90-4605-9169-43cf950d210f",
                "indicator--5d904bbf-0f0c-4113-8ac0-4999950d210f",
                "indicator--5d904bbf-7c04-4e53-86e0-4e2f950d210f",
                "indicator--5d904bbf-2ecc-4765-b655-4f46950d210f",
                "indicator--5d904bbf-5f88-4ec9-98ab-49a2950d210f",
                "indicator--5d904bbf-b45c-4e50-ab5f-453a950d210f",
                "indicator--5d904bbf-9720-4a69-acf0-4aef950d210f",
                "indicator--5d904bbf-8b14-454b-91d2-4b31950d210f",
                "indicator--5d904bbf-6b10-4016-a9d5-4f32950d210f",
                "indicator--5d904bbf-b490-4091-aeec-423f950d210f",
                "indicator--5d904bbf-64f8-42fd-a0cd-4447950d210f",
                "indicator--5d904bc0-90b4-46aa-b797-401e950d210f",
                "indicator--5d904bc0-3a20-408b-a86b-486c950d210f",
                "indicator--5d904bc0-0c00-4a1c-b1e1-4307950d210f",
                "observed-data--5d904c06-4058-40c9-ae01-4c1a950d210f",
                "url--5d904c06-4058-40c9-ae01-4c1a950d210f",
                "indicator--5d924292-b9cc-49dd-ab90-6bc1950d210f",
                "indicator--5d924292-5444-44a0-96b1-6bc1950d210f",
                "indicator--5d924292-f1dc-4fcd-9395-6bc1950d210f"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "ms-caro-malware:malware-type=\"DDoS\"",
                "ms-caro-malware:malware-platform=\"Linux\"",
                "malware_classification:malware-category=\"Botnet\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--5d904a90-5a30-4809-a7ba-45b4950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:09:45.000Z",
            "modified": "2019-09-29T06:09:45.000Z",
            "first_observed": "2019-09-29T06:09:45Z",
            "last_observed": "2019-09-29T06:09:45Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--5d904a90-5a30-4809-a7ba-45b4950d210f",
                "ipv4-addr--5d904a90-5a30-4809-a7ba-45b4950d210f"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--5d904a90-5a30-4809-a7ba-45b4950d210f",
            "dst_ref": "ipv4-addr--5d904a90-5a30-4809-a7ba-45b4950d210f",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--5d904a90-5a30-4809-a7ba-45b4950d210f",
            "value": "179.43.149.189"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--5d904a90-ef94-41ad-bccf-4e01950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:10:15.000Z",
            "modified": "2019-09-29T06:10:15.000Z",
            "first_observed": "2019-09-29T06:10:15Z",
            "last_observed": "2019-09-29T06:10:15Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--5d904a90-ef94-41ad-bccf-4e01950d210f",
                "ipv4-addr--5d904a90-ef94-41ad-bccf-4e01950d210f"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--5d904a90-ef94-41ad-bccf-4e01950d210f",
            "dst_ref": "ipv4-addr--5d904a90-ef94-41ad-bccf-4e01950d210f",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--5d904a90-ef94-41ad-bccf-4e01950d210f",
            "value": "147.135.124.113"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--5d904a90-53a4-4624-aecb-491b950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:11:05.000Z",
            "modified": "2019-09-29T06:11:05.000Z",
            "first_observed": "2019-09-29T06:11:05Z",
            "last_observed": "2019-09-29T06:11:05Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--5d904a90-53a4-4624-aecb-491b950d210f",
                "ipv4-addr--5d904a90-53a4-4624-aecb-491b950d210f"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--5d904a90-53a4-4624-aecb-491b950d210f",
            "dst_ref": "ipv4-addr--5d904a90-53a4-4624-aecb-491b950d210f",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--5d904a90-53a4-4624-aecb-491b950d210f",
            "value": "192.168.0.14"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-964c-460c-9edf-4539950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '417151777eaaccfc62f778d33fd183ff']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-fe4c-4ea6-b1aa-48b9950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = 'd31f047c125deb4c2f879d88b083b9d5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-af54-4c82-abf2-4ae5950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = 'ff1eb225f31e5c29dde47c147f40627e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-1394-4eb6-bc6c-4343950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = 'f3aed39202b51afdd1354adc8362d6bf']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-0268-4b7d-8b8b-490f950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '083a5f463cb84f7ae8868cb2eb6a22eb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-0464-48c8-8ca9-4a5b950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '9ce4decd27c303a44ab2e187625934f3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-d358-4491-9a7b-42d2950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = 'b6c6c1b2e89de81db8633144f4cb4b7d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-a844-44f8-8e4b-4025950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = 'abd5008522f69cca92f8eefeb5f160e2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-f544-4dba-a041-4852950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = 'a84bbf660ace4f0159f3d13e058235e9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-72c4-4629-9273-4d0c950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '5fec65455bd8c842d672171d475460b6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-0d90-4605-9169-43cf950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '4d3cab2d0c51081e509ad25fbd7ff596']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-0f0c-4113-8ac0-4999950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '252e2dfdf04290e7e9fc3c4d61bb3529']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-7c04-4e53-86e0-4e2f950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '5dcdace449052a596bce05328bd23a3b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-2ecc-4765-b655-4f46950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '9c66fbe776a97a8613bfa983c7dca149']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-5f88-4ec9-98ab-49a2950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '59af44a74873ac034bd24ca1c3275af5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-b45c-4e50-ab5f-453a950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '9642b8aff1fda24baa6abe0aa8c8b173']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-9720-4a69-acf0-4aef950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = 'e56cec6001f2f6efc0ad7c2fb840aceb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-8b14-454b-91d2-4b31950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '54d93673f9539f1914008cfe8fd2bbdd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-6b10-4016-a9d5-4f32950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '6d202084d4f25a0aa2225589dab536e7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-b490-4091-aeec-423f950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = 'cfbf1bd882ae7b87d4b04122d2ab42cb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bbf-64f8-42fd-a0cd-4447950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:23.000Z",
            "modified": "2019-09-29T06:14:23.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = 'b02af5bd329e19d7e4e2006c9c172713']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bc0-90b4-46aa-b797-401e950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:24.000Z",
            "modified": "2019-09-29T06:14:24.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '85a8aad8d938c44c3f3f51089a60ec16']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bc0-3a20-408b-a86b-486c950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:24.000Z",
            "modified": "2019-09-29T06:14:24.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '2c0afe7b13cdd642336ccc7b3e952d8d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d904bc0-0c00-4a1c-b1e1-4307950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:14:24.000Z",
            "modified": "2019-09-29T06:14:24.000Z",
            "description": "Payload hash, AirDropBot binary",
            "pattern": "[file:hashes.MD5 = '94b8337a2d217286775bcc36d9c862d2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-29T06:14:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--5d904c06-4058-40c9-ae01-4c1a950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-29T06:15:34.000Z",
            "modified": "2019-09-29T06:15:34.000Z",
            "first_observed": "2019-09-29T06:15:34Z",
            "last_observed": "2019-09-29T06:15:34Z",
            "number_observed": 1,
            "object_refs": [
                "url--5d904c06-4058-40c9-ae01-4c1a950d210f"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"Internal reference\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--5d904c06-4058-40c9-ae01-4c1a950d210f",
            "value": "https://blog.malwaremustdie.org/2019/09/mmd-0064-2019-linuxairdropbot.html"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d924292-b9cc-49dd-ab90-6bc1950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-30T17:59:46.000Z",
            "modified": "2019-09-30T17:59:46.000Z",
            "description": "other C2",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.244.25.200']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-30T17:59:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d924292-5444-44a0-96b1-6bc1950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-30T17:59:46.000Z",
            "modified": "2019-09-30T17:59:46.000Z",
            "description": "other C2",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.244.25.201']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-30T17:59:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d924292-f1dc-4fcd-9395-6bc1950d210f",
            "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
            "created": "2019-09-30T17:59:46.000Z",
            "modified": "2019-09-30T17:59:46.000Z",
            "description": "other C2",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.244.25.202']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-09-30T17:59:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}