misp-circl-feed/feeds/circl/misp/5ec960a6-b798-445c-8ae2-478a950d210f.json

1011 lines
No EOL
40 KiB
JSON

{
"type": "bundle",
"id": "bundle--5ec960a6-b798-445c-8ae2-478a950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:16:15.000Z",
"modified": "2020-05-23T18:16:15.000Z",
"name": "MalwareMustDie",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5ec960a6-b798-445c-8ae2-478a950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:16:15.000Z",
"modified": "2020-05-23T18:16:15.000Z",
"name": "Linux/KAITEN AK47(a Mod-Telnet-Scanner) & Echo-loader hexstrings spread",
"published": "2020-05-23T18:16:30Z",
"object_refs": [
"observed-data--5ec9644b-4b8c-4ca8-b247-2e98950d210f",
"file--5ec9644b-4b8c-4ca8-b247-2e98950d210f",
"observed-data--5ec9644b-eb0c-40d1-a28f-2e98950d210f",
"file--5ec9644b-eb0c-40d1-a28f-2e98950d210f",
"observed-data--5ec9644b-a6b0-430c-ae81-2e98950d210f",
"file--5ec9644b-a6b0-430c-ae81-2e98950d210f",
"observed-data--5ec9644b-dfb4-43ea-bddd-2e98950d210f",
"file--5ec9644b-dfb4-43ea-bddd-2e98950d210f",
"observed-data--5ec9644b-7090-4190-9e35-2e98950d210f",
"file--5ec9644b-7090-4190-9e35-2e98950d210f",
"observed-data--5ec9644b-4f08-4de9-9c0b-2e98950d210f",
"file--5ec9644b-4f08-4de9-9c0b-2e98950d210f",
"observed-data--5ec9644b-4284-4f19-90a4-2e98950d210f",
"file--5ec9644b-4284-4f19-90a4-2e98950d210f",
"observed-data--5ec9644b-5b40-4328-a278-2e98950d210f",
"file--5ec9644b-5b40-4328-a278-2e98950d210f",
"observed-data--5ec9644b-716c-4e6c-83cf-2e98950d210f",
"file--5ec9644b-716c-4e6c-83cf-2e98950d210f",
"observed-data--5ec9649d-9c64-4619-abb5-4e71950d210f",
"file--5ec9649d-9c64-4619-abb5-4e71950d210f",
"observed-data--5ec9649d-4b04-4bbf-a267-4200950d210f",
"file--5ec9649d-4b04-4bbf-a267-4200950d210f",
"observed-data--5ec9649d-9e6c-4267-841f-4caf950d210f",
"file--5ec9649d-9e6c-4267-841f-4caf950d210f",
"observed-data--5ec9649d-8af4-4492-893d-4aea950d210f",
"file--5ec9649d-8af4-4492-893d-4aea950d210f",
"observed-data--5ec9649d-9a80-4287-81d9-4242950d210f",
"file--5ec9649d-9a80-4287-81d9-4242950d210f",
"observed-data--5ec9649d-2214-424a-9e73-45f2950d210f",
"file--5ec9649d-2214-424a-9e73-45f2950d210f",
"observed-data--5ec9649d-9004-4551-abf4-4221950d210f",
"file--5ec9649d-9004-4551-abf4-4221950d210f",
"observed-data--5ec9649d-7770-4936-abee-43fc950d210f",
"file--5ec9649d-7770-4936-abee-43fc950d210f",
"observed-data--5ec9649d-ddc8-434b-ab7b-4888950d210f",
"file--5ec9649d-ddc8-434b-ab7b-4888950d210f",
"observed-data--5ec9651a-74d8-4321-9801-4485950d210f",
"network-traffic--5ec9651a-74d8-4321-9801-4485950d210f",
"ipv4-addr--5ec9651a-74d8-4321-9801-4485950d210f",
"observed-data--5ec9651a-edd4-4050-90f3-413d950d210f",
"network-traffic--5ec9651a-edd4-4050-90f3-413d950d210f",
"ipv4-addr--5ec9651a-edd4-4050-90f3-413d950d210f",
"observed-data--5ec9656e-b94c-4932-8275-4bca950d210f",
"network-traffic--5ec9656e-b94c-4932-8275-4bca950d210f",
"ipv4-addr--5ec9656e-b94c-4932-8275-4bca950d210f",
"observed-data--5ec965b3-987c-4a25-84af-4999950d210f",
"file--5ec965b3-987c-4a25-84af-4999950d210f",
"x-misp-attribute--5ec9662e-9320-4e61-9e17-4aca950d210f",
"x-misp-attribute--5ec9663a-e5b4-4d84-b5db-4a63950d210f",
"x-misp-attribute--5ec9668a-2078-4769-b5fe-4e19950d210f",
"x-misp-attribute--5ec966ae-d430-4211-9e70-4f2b950d210f",
"x-misp-attribute--5ec966ae-d9c0-4c28-b877-48a3950d210f",
"x-misp-attribute--5ec966ae-092c-48a3-bd2f-4710950d210f",
"x-misp-attribute--5ec966ae-15a4-4e17-bc6e-419f950d210f",
"x-misp-attribute--5ec966ae-2ab0-4a9b-ab4c-44b5950d210f",
"x-misp-attribute--5ec966ae-78a0-41d3-b302-4c55950d210f",
"x-misp-attribute--5ec966ae-7980-4f11-bc2e-4a5b950d210f",
"x-misp-attribute--5ec966ae-cf14-4dd7-9faf-4861950d210f",
"x-misp-attribute--5ec966ae-c324-4229-92d5-4243950d210f",
"x-misp-attribute--5ec966ae-1180-43d3-a4a1-4e30950d210f",
"x-misp-attribute--5ec966ae-1a2c-499d-916c-4f2e950d210f",
"observed-data--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
"network-traffic--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
"ipv4-addr--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
"observed-data--5ec966f5-7690-4f72-9037-483b950d210f",
"network-traffic--5ec966f5-7690-4f72-9037-483b950d210f",
"ipv4-addr--5ec966f5-7690-4f72-9037-483b950d210f",
"observed-data--5ec96731-05fc-4acf-9b81-4840950d210f",
"url--5ec96731-05fc-4acf-9b81-4840950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"malware_classification:malware-category=\"Botnet\"",
"ddos:type=\"flooding-attack\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9644b-4b8c-4ca8-b247-2e98950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:58:35.000Z",
"modified": "2020-05-23T17:58:35.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9644b-4b8c-4ca8-b247-2e98950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9644b-4b8c-4ca8-b247-2e98950d210f",
"hashes": {
"MD5": "d7062a6b3380c1c5c79fd0aec06051c5"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9644b-eb0c-40d1-a28f-2e98950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:58:35.000Z",
"modified": "2020-05-23T17:58:35.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9644b-eb0c-40d1-a28f-2e98950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9644b-eb0c-40d1-a28f-2e98950d210f",
"hashes": {
"MD5": "bb4d558ef723daa5e014aeaa5337df7c"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9644b-a6b0-430c-ae81-2e98950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:58:35.000Z",
"modified": "2020-05-23T17:58:35.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9644b-a6b0-430c-ae81-2e98950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9644b-a6b0-430c-ae81-2e98950d210f",
"hashes": {
"MD5": "f469f4130e1d267f63ede66cb4341e0d"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9644b-dfb4-43ea-bddd-2e98950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:58:35.000Z",
"modified": "2020-05-23T17:58:35.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9644b-dfb4-43ea-bddd-2e98950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9644b-dfb4-43ea-bddd-2e98950d210f",
"hashes": {
"MD5": "581b9b9d6230005fa3a5ab1e9090eb9a"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9644b-7090-4190-9e35-2e98950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:58:35.000Z",
"modified": "2020-05-23T17:58:35.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9644b-7090-4190-9e35-2e98950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9644b-7090-4190-9e35-2e98950d210f",
"hashes": {
"MD5": "e71c7c5f0b09c3b17e0064b5774499f9"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9644b-4f08-4de9-9c0b-2e98950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:58:35.000Z",
"modified": "2020-05-23T17:58:35.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9644b-4f08-4de9-9c0b-2e98950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9644b-4f08-4de9-9c0b-2e98950d210f",
"hashes": {
"MD5": "4f0724e3775f872eafcc70a0a946b0df"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9644b-4284-4f19-90a4-2e98950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:58:35.000Z",
"modified": "2020-05-23T17:58:35.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9644b-4284-4f19-90a4-2e98950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9644b-4284-4f19-90a4-2e98950d210f",
"hashes": {
"MD5": "a1c60716c51c64a89f96167057b51c68"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9644b-5b40-4328-a278-2e98950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:58:35.000Z",
"modified": "2020-05-23T17:58:35.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9644b-5b40-4328-a278-2e98950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9644b-5b40-4328-a278-2e98950d210f",
"hashes": {
"MD5": "9aa4741ad010753683a602bf7a2d99cd"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9644b-716c-4e6c-83cf-2e98950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:58:35.000Z",
"modified": "2020-05-23T17:58:35.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9644b-716c-4e6c-83cf-2e98950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9644b-716c-4e6c-83cf-2e98950d210f",
"hashes": {
"MD5": "604de8c8f3d612bcbfc44f1e3c4b2e33"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9649d-9c64-4619-abb5-4e71950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:59:57.000Z",
"modified": "2020-05-23T17:59:57.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9649d-9c64-4619-abb5-4e71950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9649d-9c64-4619-abb5-4e71950d210f",
"name": "igLHvijzbFarm"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9649d-4b04-4bbf-a267-4200950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:59:57.000Z",
"modified": "2020-05-23T17:59:57.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9649d-4b04-4bbf-a267-4200950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9649d-4b04-4bbf-a267-4200950d210f",
"name": "igLHvijzbFarm5"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9649d-9e6c-4267-841f-4caf950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:59:57.000Z",
"modified": "2020-05-23T17:59:57.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9649d-9e6c-4267-841f-4caf950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9649d-9e6c-4267-841f-4caf950d210f",
"name": "igLHvijzbFarm6"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9649d-8af4-4492-893d-4aea950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:59:57.000Z",
"modified": "2020-05-23T17:59:57.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9649d-8af4-4492-893d-4aea950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9649d-8af4-4492-893d-4aea950d210f",
"name": "igLHvijzbFm68k"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9649d-9a80-4287-81d9-4242950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:59:57.000Z",
"modified": "2020-05-23T17:59:57.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9649d-9a80-4287-81d9-4242950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9649d-9a80-4287-81d9-4242950d210f",
"name": "igLHvijzbFmips"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9649d-2214-424a-9e73-45f2950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:59:57.000Z",
"modified": "2020-05-23T17:59:57.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9649d-2214-424a-9e73-45f2950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9649d-2214-424a-9e73-45f2950d210f",
"name": "igLHvijzbFmpsl"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9649d-9004-4551-abf4-4221950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:59:57.000Z",
"modified": "2020-05-23T17:59:57.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9649d-9004-4551-abf4-4221950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9649d-9004-4551-abf4-4221950d210f",
"name": "igLHvijzbFppc"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9649d-7770-4936-abee-43fc950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:59:57.000Z",
"modified": "2020-05-23T17:59:57.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9649d-7770-4936-abee-43fc950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9649d-7770-4936-abee-43fc950d210f",
"name": "igLHvijzbFsh4"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9649d-ddc8-434b-ab7b-4888950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T17:59:57.000Z",
"modified": "2020-05-23T17:59:57.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec9649d-ddc8-434b-ab7b-4888950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec9649d-ddc8-434b-ab7b-4888950d210f",
"name": "igLHvijzbFspc"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9651a-74d8-4321-9801-4485950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:02:02.000Z",
"modified": "2020-05-23T18:02:02.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5ec9651a-74d8-4321-9801-4485950d210f",
"ipv4-addr--5ec9651a-74d8-4321-9801-4485950d210f"
],
"labels": [
"misp:type=\"ip-src|port\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5ec9651a-74d8-4321-9801-4485950d210f",
"src_ref": "ipv4-addr--5ec9651a-74d8-4321-9801-4485950d210f",
"src_port": 80,
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5ec9651a-74d8-4321-9801-4485950d210f",
"value": "204.11.49.132"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9651a-edd4-4050-90f3-413d950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:02:02.000Z",
"modified": "2020-05-23T18:02:02.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5ec9651a-edd4-4050-90f3-413d950d210f",
"ipv4-addr--5ec9651a-edd4-4050-90f3-413d950d210f"
],
"labels": [
"misp:type=\"ip-src|port\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5ec9651a-edd4-4050-90f3-413d950d210f",
"src_ref": "ipv4-addr--5ec9651a-edd4-4050-90f3-413d950d210f",
"src_port": 80,
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5ec9651a-edd4-4050-90f3-413d950d210f",
"value": "196.53.114.199"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec9656e-b94c-4932-8275-4bca950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:03:26.000Z",
"modified": "2020-05-23T18:03:26.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-24T00:00:00Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5ec9656e-b94c-4932-8275-4bca950d210f",
"ipv4-addr--5ec9656e-b94c-4932-8275-4bca950d210f"
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5ec9656e-b94c-4932-8275-4bca950d210f",
"dst_ref": "ipv4-addr--5ec9656e-b94c-4932-8275-4bca950d210f",
"dst_port": 8080,
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5ec9656e-b94c-4932-8275-4bca950d210f",
"value": "196.53.114.199"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec965b3-987c-4a25-84af-4999950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:04:35.000Z",
"modified": "2020-05-23T18:04:35.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-24T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec965b3-987c-4a25-84af-4999950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec965b3-987c-4a25-84af-4999950d210f",
"name": "bot.c"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ec9662e-9320-4e61-9e17-4aca950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:06:38.000Z",
"modified": "2020-05-23T18:06:38.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "C2 credential",
"x_misp_type": "other",
"x_misp_value": "#donks"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ec9663a-e5b4-4d84-b5db-4a63950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:06:50.000Z",
"modified": "2020-05-23T18:06:50.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "C2 credential",
"x_misp_type": "other",
"x_misp_value": "swagfag"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ec9668a-2078-4769-b5fe-4e19950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:08:10.000Z",
"modified": "2020-05-23T18:08:10.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Social network\""
],
"x_misp_category": "Social network",
"x_misp_comment": "botherder handles hardcoded",
"x_misp_type": "other",
"x_misp_value": "Freak"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ec966ae-d430-4211-9e70-4f2b950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:08:46.000Z",
"modified": "2020-05-23T18:08:46.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Social network\""
],
"x_misp_category": "Social network",
"x_misp_comment": "botherder handles hardcoded",
"x_misp_type": "other",
"x_misp_value": "Leonidus"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ec966ae-d9c0-4c28-b877-48a3950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:08:46.000Z",
"modified": "2020-05-23T18:08:46.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Social network\""
],
"x_misp_category": "Social network",
"x_misp_comment": "botherder handles hardcoded",
"x_misp_type": "other",
"x_misp_value": "Crypto"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ec966ae-092c-48a3-bd2f-4710950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:08:46.000Z",
"modified": "2020-05-23T18:08:46.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Social network\""
],
"x_misp_category": "Social network",
"x_misp_comment": "botherder handles hardcoded",
"x_misp_type": "other",
"x_misp_value": "error401"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ec966ae-15a4-4e17-bc6e-419f950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:08:46.000Z",
"modified": "2020-05-23T18:08:46.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Social network\""
],
"x_misp_category": "Social network",
"x_misp_comment": "botherder handles hardcoded",
"x_misp_type": "other",
"x_misp_value": "lmfao"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ec966ae-2ab0-4a9b-ab4c-44b5950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:08:46.000Z",
"modified": "2020-05-23T18:08:46.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Social network\""
],
"x_misp_category": "Social network",
"x_misp_comment": "botherder handles hardcoded",
"x_misp_type": "other",
"x_misp_value": "dmt"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ec966ae-78a0-41d3-b302-4c55950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:08:46.000Z",
"modified": "2020-05-23T18:08:46.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Social network\""
],
"x_misp_category": "Social network",
"x_misp_comment": "botherder handles hardcoded",
"x_misp_type": "other",
"x_misp_value": "ni**er"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ec966ae-7980-4f11-bc2e-4a5b950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:08:46.000Z",
"modified": "2020-05-23T18:08:46.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Social network\""
],
"x_misp_category": "Social network",
"x_misp_comment": "botherder handles hardcoded",
"x_misp_type": "other",
"x_misp_value": "DeTH"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ec966ae-cf14-4dd7-9faf-4861950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:08:46.000Z",
"modified": "2020-05-23T18:08:46.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Social network\""
],
"x_misp_category": "Social network",
"x_misp_comment": "botherder handles hardcoded",
"x_misp_type": "other",
"x_misp_value": "Okami"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ec966ae-c324-4229-92d5-4243950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:08:46.000Z",
"modified": "2020-05-23T18:08:46.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Social network\""
],
"x_misp_category": "Social network",
"x_misp_comment": "botherder handles hardcoded",
"x_misp_type": "other",
"x_misp_value": "nightd0g"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ec966ae-1180-43d3-a4a1-4e30950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:08:46.000Z",
"modified": "2020-05-23T18:08:46.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Social network\""
],
"x_misp_category": "Social network",
"x_misp_comment": "botherder handles hardcoded",
"x_misp_type": "other",
"x_misp_value": "phpbot"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ec966ae-1a2c-499d-916c-4f2e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:08:46.000Z",
"modified": "2020-05-23T18:08:46.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Social network\""
],
"x_misp_category": "Social network",
"x_misp_comment": "botherder handles hardcoded",
"x_misp_type": "other",
"x_misp_value": "netspot1-netspot10"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:09:57.000Z",
"modified": "2020-05-23T18:09:57.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
"ipv4-addr--5ec966f5-2ae0-463d-b2a0-4c65950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
"dst_ref": "ipv4-addr--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5ec966f5-2ae0-463d-b2a0-4c65950d210f",
"value": "196.53.114.199"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec966f5-7690-4f72-9037-483b950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:09:57.000Z",
"modified": "2020-05-23T18:09:57.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-23T00:00:00Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5ec966f5-7690-4f72-9037-483b950d210f",
"ipv4-addr--5ec966f5-7690-4f72-9037-483b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5ec966f5-7690-4f72-9037-483b950d210f",
"dst_ref": "ipv4-addr--5ec966f5-7690-4f72-9037-483b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5ec966f5-7690-4f72-9037-483b950d210f",
"value": "204.11.49.132"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec96731-05fc-4acf-9b81-4840950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-23T18:16:15.000Z",
"modified": "2020-05-23T18:16:15.000Z",
"first_observed": "2020-05-21T00:00:00Z",
"last_observed": "2020-05-24T00:00:00Z",
"number_observed": 1,
"object_refs": [
"url--5ec96731-05fc-4acf-9b81-4840950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"Internal reference\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5ec96731-05fc-4acf-9b81-4840950d210f",
"value": "https://gist.github.com/unixfreaxjp/7b8bd6be614f7a051fc9a9da760d3138"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}