{ "type": "bundle", "id": "bundle--589046d9-01ac-40d2-b47d-e592950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:43:09.000Z", "modified": "2017-01-31T08:43:09.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--589046d9-01ac-40d2-b47d-e592950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:43:09.000Z", "modified": "2017-01-31T08:43:09.000Z", "name": "OSINT - Flokibot Invades PoS: Trouble in Brazil", "published": "2017-01-31T08:43:27Z", "object_refs": [ "x-misp-attribute--589046f4-2314-4b63-9bda-e596950d210f", "indicator--58904a2c-bfc4-4007-a6da-e596950d210f", "indicator--58904a2c-83d8-4762-81ff-e596950d210f", "indicator--58904a2d-ad00-47cc-bc71-e596950d210f", "indicator--58904a2e-d5d0-4112-a648-e596950d210f", "indicator--58904a2e-71e4-4c48-8b42-e596950d210f", "indicator--58904a2f-2d5c-4b6c-b8ff-e596950d210f", "indicator--58904a30-9fd0-4c5e-b844-e596950d210f", "indicator--58904a31-88f8-4927-9be5-e596950d210f", "indicator--58904a31-fbc0-46ad-8196-e596950d210f", "indicator--58904a32-51d0-4851-8ab1-e596950d210f", "indicator--58904a33-bd3c-4a20-970b-e596950d210f", "indicator--58904a34-7fc8-4551-b6ab-e596950d210f", "indicator--58904a34-f270-43c3-8784-e596950d210f", "indicator--58904a35-bfd8-46a3-bd01-e596950d210f", "indicator--58904a36-3ae0-4dda-aff8-e596950d210f", "indicator--58904a37-53c4-4d25-b51c-e596950d210f", "indicator--58904a37-98c8-4e46-a5b0-e596950d210f", "indicator--58904a38-7e24-46f5-be1f-e596950d210f", "indicator--58904a39-63c0-48be-a0ef-e596950d210f", "indicator--58904a39-ef10-4b4e-8ea6-e596950d210f", "indicator--58904a3a-8084-4462-9842-e596950d210f", "indicator--58904a3b-2034-4060-acfe-e596950d210f", "indicator--58904a3c-9418-4409-b165-e596950d210f", "indicator--58904a3c-a448-4d93-9a7d-e596950d210f", "indicator--58904a3d-647c-4277-a452-e596950d210f", "indicator--58904a3e-bab0-41cc-b0da-e596950d210f", "indicator--58904a3e-f058-404d-beec-e596950d210f", "indicator--58904a3f-fed8-4590-a773-e596950d210f", "observed-data--58904a73-70a4-403a-93d1-e27e950d210f", "url--58904a73-70a4-403a-93d1-e27e950d210f", "indicator--58904b89-e114-4294-91cb-e590950d210f", "indicator--58904b8a-d2cc-4756-ab3f-e590950d210f", "indicator--58904b8a-9878-495a-acfb-e590950d210f", "indicator--58904b8b-67a4-4710-af2a-e590950d210f", "indicator--58904b8c-d91c-43b1-ba31-e590950d210f", "indicator--58904b8c-2170-4f0e-9962-e590950d210f", "indicator--58904b8d-e6a4-47f1-ac59-e590950d210f", "indicator--58904b8e-7fb8-4829-a6e0-e590950d210f", "indicator--58904b8f-9f6c-4698-9259-e590950d210f", "indicator--58904b90-0d78-4e48-92b6-e590950d210f", "indicator--58904b90-dc38-4499-a4f0-e590950d210f", "indicator--58904b91-d390-41d5-b7e4-e590950d210f", "indicator--58904b92-80c8-46b8-9765-e590950d210f", "indicator--58904b93-4070-46d2-b1dc-e590950d210f", "indicator--58904b93-ea2c-4a6c-8502-e590950d210f", "indicator--58904b94-f1c4-40c0-8cfc-e590950d210f", "indicator--58904b95-63bc-48dd-a55c-e590950d210f", "indicator--58904b96-88c8-4614-8c6e-e590950d210f", "indicator--58904b96-f9ac-4b3d-b50e-e590950d210f", "indicator--58904b97-ea28-4c94-be8c-e590950d210f", "indicator--58904bfd-0f40-4c7d-a996-e250950d210f", "indicator--58904bfe-c01c-4ad2-a596-e250950d210f", "indicator--58904bff-83b8-4155-a932-e250950d210f", "indicator--58904bff-9434-4a37-830f-e250950d210f", "indicator--58904c00-bc58-4ea9-b342-e250950d210f", "indicator--58904c01-6194-4327-90bb-e250950d210f", "indicator--58904c01-2f14-4305-b9b1-e250950d210f", "indicator--58904c02-e4a4-4a9c-8a06-e250950d210f", "indicator--58904c03-7448-4bb3-98a5-e250950d210f", "indicator--58904c04-64a4-4560-ad9b-e250950d210f", "indicator--58904c04-5c6c-495b-b3e1-e250950d210f", "indicator--58904c05-9008-4b12-a4c5-e250950d210f", "indicator--58904c06-c070-4d5f-b634-e250950d210f", "indicator--58904c07-7610-4b62-aad0-e250950d210f", "indicator--58904c1f-0a38-440d-ac22-e59a950d210f", "indicator--58904c20-94b8-414a-b22e-e59a950d210f", "indicator--58904c20-7898-492a-9f4b-e59a950d210f", "indicator--58904c21-820c-4a61-8a3b-e59a950d210f", "indicator--58904c22-44cc-4586-8c00-e59a950d210f", "indicator--58904c3b-efc8-4708-96d8-e24a950d210f", "indicator--58904c3c-5f70-488a-a4c9-e24a950d210f", "indicator--58904cfd-a950-492d-889a-e25202de0b81", "indicator--58904cfd-6f1c-4fbd-9893-e25202de0b81", "observed-data--58904cfe-309c-4fc5-a399-e25202de0b81", "url--58904cfe-309c-4fc5-a399-e25202de0b81", "indicator--58904cff-4ff8-4903-8dee-e25202de0b81", "indicator--58904d00-becc-4214-afb6-e25202de0b81", "observed-data--58904d00-8cf8-4b67-8abe-e25202de0b81", "url--58904d00-8cf8-4b67-8abe-e25202de0b81", "indicator--58904d01-5c78-4193-85c2-e25202de0b81", "indicator--58904d02-e95c-4206-a9fd-e25202de0b81", "observed-data--58904d02-f8b8-47fa-b354-e25202de0b81", "url--58904d02-f8b8-47fa-b354-e25202de0b81", "indicator--58904d03-e6d0-4714-ac82-e25202de0b81", "indicator--58904d04-0b3c-4623-9724-e25202de0b81", "observed-data--58904d05-cd14-451e-b0da-e25202de0b81", "url--58904d05-cd14-451e-b0da-e25202de0b81", "indicator--58904d05-4670-420a-bd2d-e25202de0b81", "indicator--58904d06-8e08-4422-9f86-e25202de0b81", "observed-data--58904d07-4e04-4b51-b66d-e25202de0b81", "url--58904d07-4e04-4b51-b66d-e25202de0b81", "indicator--58904d08-c920-4f0a-b5d1-e25202de0b81", "indicator--58904d08-7b14-4612-a050-e25202de0b81", "observed-data--58904d09-3680-4ba2-9658-e25202de0b81", "url--58904d09-3680-4ba2-9658-e25202de0b81", "indicator--58904d0a-b16c-4dcf-9b24-e25202de0b81", "indicator--58904d0a-8814-42e8-a211-e25202de0b81", "observed-data--58904d0b-37ac-443c-a148-e25202de0b81", "url--58904d0b-37ac-443c-a148-e25202de0b81", "indicator--58904d0c-dfb8-4adb-9ad2-e25202de0b81", "indicator--58904d0c-1aa4-44e0-8fd4-e25202de0b81", "observed-data--58904d0d-7830-485e-8576-e25202de0b81", "url--58904d0d-7830-485e-8576-e25202de0b81", "indicator--58904d0e-9fb0-4cac-be87-e25202de0b81", "indicator--58904d0f-3da4-49c8-854c-e25202de0b81", "observed-data--58904d0f-1f48-4288-95f1-e25202de0b81", "url--58904d0f-1f48-4288-95f1-e25202de0b81", "indicator--58904d10-3bd0-4404-821b-e25202de0b81", "indicator--58904d11-1e24-4858-8c14-e25202de0b81", "observed-data--58904d11-8ccc-4007-aef3-e25202de0b81", "url--58904d11-8ccc-4007-aef3-e25202de0b81", "indicator--58904d12-b4fc-4616-943b-e25202de0b81", "indicator--58904d13-66d4-43e9-b290-e25202de0b81", "observed-data--58904d14-1e48-4596-9d5e-e25202de0b81", "url--58904d14-1e48-4596-9d5e-e25202de0b81", "indicator--58904d15-f088-4585-80dc-e25202de0b81", "indicator--58904d15-8acc-441d-ac4c-e25202de0b81", "observed-data--58904d16-d4e8-4466-93f7-e25202de0b81", "url--58904d16-d4e8-4466-93f7-e25202de0b81", "indicator--58904d17-fea4-402e-98c3-e25202de0b81", "indicator--58904d17-3828-479c-9699-e25202de0b81", "observed-data--58904d18-b61c-4e84-96bc-e25202de0b81", "url--58904d18-b61c-4e84-96bc-e25202de0b81", "indicator--58904d19-dfd8-4d62-b953-e25202de0b81", "indicator--58904d1a-96f8-429a-8bfa-e25202de0b81", "observed-data--58904d1a-a2e0-431d-8f75-e25202de0b81", "url--58904d1a-a2e0-431d-8f75-e25202de0b81", "indicator--58904d1b-c048-4490-860c-e25202de0b81", "indicator--58904d1c-e958-41df-95b5-e25202de0b81", "observed-data--58904d1c-c35c-415e-8088-e25202de0b81", "url--58904d1c-c35c-415e-8088-e25202de0b81", "indicator--58904d1d-e87c-489b-bb98-e25202de0b81", "indicator--58904d1e-e9e0-4f80-aa5a-e25202de0b81", "observed-data--58904d1f-a454-4d66-afd2-e25202de0b81", "url--58904d1f-a454-4d66-afd2-e25202de0b81", "indicator--58904d1f-9a08-44ac-a0fa-e25202de0b81", "indicator--58904d20-1c1c-47a6-92fb-e25202de0b81", "observed-data--58904d21-0560-4b42-80c4-e25202de0b81", "url--58904d21-0560-4b42-80c4-e25202de0b81", "indicator--58904d22-2a9c-4eb8-8e49-e25202de0b81", "indicator--58904d22-83b0-4c6e-9e99-e25202de0b81", "observed-data--58904d23-3de0-46eb-8cf8-e25202de0b81", "url--58904d23-3de0-46eb-8cf8-e25202de0b81", "indicator--58904d24-34dc-46ea-92ef-e25202de0b81", "indicator--58904d24-ee5c-4c89-b27a-e25202de0b81", "observed-data--58904d25-ec48-4dff-95e3-e25202de0b81", "url--58904d25-ec48-4dff-95e3-e25202de0b81", "indicator--58904d26-6128-469d-ae2f-e25202de0b81", "indicator--58904d27-c534-495a-a440-e25202de0b81", "observed-data--58904d27-e8e0-47c1-a6da-e25202de0b81", "url--58904d27-e8e0-47c1-a6da-e25202de0b81", "indicator--58904d28-0644-4238-a0b6-e25202de0b81", "indicator--58904d29-df88-4503-b865-e25202de0b81", "observed-data--58904d29-a578-44b0-84e7-e25202de0b81", "url--58904d29-a578-44b0-84e7-e25202de0b81", "indicator--58904d2a-1850-41c0-bb2b-e25202de0b81", "indicator--58904d2b-1320-4671-a651-e25202de0b81", "observed-data--58904d2c-afb0-4a44-b418-e25202de0b81", "url--58904d2c-afb0-4a44-b418-e25202de0b81", "indicator--58904d2c-0878-48ad-af07-e25202de0b81", "indicator--58904d2d-8018-4e44-bd72-e25202de0b81", "observed-data--58904d2e-6c00-4a7f-a5d0-e25202de0b81", "url--58904d2e-6c00-4a7f-a5d0-e25202de0b81", "indicator--58904d2e-a1a4-4a5f-a7f8-e25202de0b81", "indicator--58904d2f-4288-4eea-9761-e25202de0b81", "observed-data--58904d30-3540-454d-be48-e25202de0b81", "url--58904d30-3540-454d-be48-e25202de0b81", "indicator--58904d31-ce04-4d0d-bb7f-e25202de0b81", "indicator--58904d31-e1d8-4e3b-8a9d-e25202de0b81", "observed-data--58904d32-004c-4efc-ae84-e25202de0b81", "url--58904d32-004c-4efc-ae84-e25202de0b81", "indicator--58904d33-ca1c-4a89-9fe6-e25202de0b81", "indicator--58904d34-9370-4f17-b899-e25202de0b81", "observed-data--58904d34-952c-4b2f-bd6a-e25202de0b81", "url--58904d34-952c-4b2f-bd6a-e25202de0b81", "indicator--58904d35-02f0-4d28-bbf4-e25202de0b81", "indicator--58904d36-88cc-48a5-af41-e25202de0b81", "observed-data--58904d37-97c0-494d-aeed-e25202de0b81", "url--58904d37-97c0-494d-aeed-e25202de0b81", "indicator--58904d38-c8a8-4161-8d37-e25202de0b81", "indicator--58904d38-dd8c-43d0-93b3-e25202de0b81", "observed-data--58904d39-0758-476a-b425-e25202de0b81", "url--58904d39-0758-476a-b425-e25202de0b81", "indicator--58904d3a-6490-4f5d-b113-e25202de0b81", "indicator--58904d3b-5ef0-45e8-9767-e25202de0b81", "observed-data--58904d3b-7ed0-44da-942d-e25202de0b81", "url--58904d3b-7ed0-44da-942d-e25202de0b81", "indicator--58904d3c-dd18-4e85-87c6-e25202de0b81", "indicator--58904d3d-50e0-4f9b-8a1f-e25202de0b81", "observed-data--58904d3d-acd0-4a51-be86-e25202de0b81", "url--58904d3d-acd0-4a51-be86-e25202de0b81", "indicator--58904d3e-9750-4944-9759-e25202de0b81", "indicator--58904d3f-c734-49a6-9eb5-e25202de0b81", "observed-data--58904d40-6c2c-4db6-866c-e25202de0b81", "url--58904d40-6c2c-4db6-866c-e25202de0b81", "indicator--58904d40-ad8c-47aa-bdd8-e25202de0b81", "indicator--58904d41-d698-4725-bc82-e25202de0b81", "observed-data--58904d42-f9a4-4e80-b4f2-e25202de0b81", "url--58904d42-f9a4-4e80-b4f2-e25202de0b81", "indicator--58904d43-18b4-4c42-aaf9-e25202de0b81", "indicator--58904d44-42dc-43d1-b398-e25202de0b81", "observed-data--58904d45-5af0-4298-8639-e25202de0b81", "url--58904d45-5af0-4298-8639-e25202de0b81", "indicator--58904d45-b4a8-4017-9e0d-e25202de0b81", "indicator--58904d46-9214-4b98-8075-e25202de0b81", "observed-data--58904d47-a580-45eb-9480-e25202de0b81", "url--58904d47-a580-45eb-9480-e25202de0b81", "indicator--58904d48-f258-4f34-8189-e25202de0b81", "indicator--58904d48-07b4-4331-8503-e25202de0b81", "observed-data--58904d49-d6a4-4876-91ac-e25202de0b81", "url--58904d49-d6a4-4876-91ac-e25202de0b81", "indicator--58904d4a-0890-4fb0-a5b0-e25202de0b81", "indicator--58904d4b-48d4-4cb1-bb50-e25202de0b81", "observed-data--58904d4b-9cf4-496d-a831-e25202de0b81", "url--58904d4b-9cf4-496d-a831-e25202de0b81", "indicator--58904d4c-5c24-4f48-b2ac-e25202de0b81", "indicator--58904d4d-2a60-4259-b4b2-e25202de0b81", "observed-data--58904d4d-9778-46a3-8b4f-e25202de0b81", "url--58904d4d-9778-46a3-8b4f-e25202de0b81", "indicator--58904d4e-e000-420e-86a2-e25202de0b81", "indicator--58904d4f-6db4-4f22-b128-e25202de0b81", "observed-data--58904d50-f99c-4c32-856f-e25202de0b81", "url--58904d50-f99c-4c32-856f-e25202de0b81", "indicator--58904d50-857c-4c3e-b63a-e25202de0b81", "indicator--58904d51-1054-467e-9065-e25202de0b81", "observed-data--58904d52-b470-4bbc-b15f-e25202de0b81", "url--58904d52-b470-4bbc-b15f-e25202de0b81", "indicator--58904d53-8e34-41a0-8ce0-e25202de0b81", "indicator--58904d53-a1f8-420c-b4e8-e25202de0b81", "observed-data--58904d54-5360-482c-bc3f-e25202de0b81", "url--58904d54-5360-482c-bc3f-e25202de0b81", "indicator--58904d55-9828-4438-84c0-e25202de0b81", "indicator--58904d55-be6c-40bf-88f9-e25202de0b81", "observed-data--58904d56-f6a0-4682-917d-e25202de0b81", "url--58904d56-f6a0-4682-917d-e25202de0b81", "indicator--58904d57-ccf8-45dc-b6f6-e25202de0b81", "indicator--58904d58-ba58-4272-9ce9-e25202de0b81", "observed-data--58904d58-ee98-41f6-a950-e25202de0b81", "url--58904d58-ee98-41f6-a950-e25202de0b81", "indicator--58904d59-db28-4b62-9b14-e25202de0b81", "indicator--58904d5a-90e4-41c3-8565-e25202de0b81", "observed-data--58904d5a-45b0-4260-9ae7-e25202de0b81", "url--58904d5a-45b0-4260-9ae7-e25202de0b81", "indicator--58904d5b-adc4-4055-b81e-e25202de0b81", "indicator--58904d5c-d394-4f99-bba3-e25202de0b81", "observed-data--58904d5d-02ac-4e8d-a412-e25202de0b81", "url--58904d5d-02ac-4e8d-a412-e25202de0b81", "indicator--58904d5d-e0cc-42d4-b8ae-e25202de0b81", "indicator--58904d5e-6614-4c3d-9ec9-e25202de0b81", "observed-data--58904d5f-e854-4655-9fdf-e25202de0b81", "url--58904d5f-e854-4655-9fdf-e25202de0b81", "indicator--58904d5f-f200-4057-ad49-e25202de0b81", "indicator--58904d60-7640-4959-a207-e25202de0b81", "observed-data--58904d61-ef28-47ad-829a-e25202de0b81", "url--58904d61-ef28-47ad-829a-e25202de0b81", "indicator--58904d62-e0e0-4fed-ba88-e25202de0b81", "indicator--58904d62-3c34-4f56-8563-e25202de0b81", "observed-data--58904d63-f5dc-4b9f-99fd-e25202de0b81", "url--58904d63-f5dc-4b9f-99fd-e25202de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:tool=\"Flokibot\"", "veris:asset:variety=\"U - POS terminal\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--589046f4-2314-4b63-9bda-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:12:36.000Z", "modified": "2017-01-31T08:12:36.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Threat actors salivate at the thought of an increased volume of credit and debit card transactions flowing through endpoints they have compromised with card-stealing malware. While there are many distinct malware families that scrape unencrypted process memory to obtain cards, some of these malware capabilities overlap with generic information stealing trojans such as Flokibot that obtain and exfiltrate HTTPS GET and POST data and other materials from compromised machines.\r\n\r\nRather than focusing on the Flokibot malware itself, which has already been profiled by ASERT [https://www.arbornetworks.com/blog/asert/flokibot-flock-bots/] and others [http://blog.talosintel.com/2016/12/flokibot-collab.html], we have profiled selected elements of three Flokibot compromises in order to provide increased awareness of risk factors and actor TTP\u00e2\u20ac\u2122s. The first compromise profiled is particularly interesting because it likely involves a threat actor participating in a card trafficking operation." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a2c-bfc4-4007-a6da-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:20.000Z", "modified": "2017-01-31T08:26:20.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '6db1f428becc2870517ae50fd892fc67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a2c-83d8-4762-81ff-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:20.000Z", "modified": "2017-01-31T08:26:20.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '6dcc9ef9258dea343e1fdb1aaa5c7e56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a2d-ad00-47cc-bc71-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:21.000Z", "modified": "2017-01-31T08:26:21.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '70f6abfb433327a7b3c394246cc37ea2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a2e-d5d0-4112-a648-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:22.000Z", "modified": "2017-01-31T08:26:22.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '7b7675705908d34432e2309880f5538e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a2e-71e4-4c48-8b42-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:22.000Z", "modified": "2017-01-31T08:26:22.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '7b8f8a999367f28b3ac42fc4d2b9439d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a2f-2d5c-4b6c-b8ff-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:23.000Z", "modified": "2017-01-31T08:26:23.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '7d17de98ce24a0c3e156efcc0e1ca565']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a30-9fd0-4c5e-b844-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:24.000Z", "modified": "2017-01-31T08:26:24.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '92316769af9e7cc204a81789c0dab9c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a31-88f8-4927-9be5-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:25.000Z", "modified": "2017-01-31T08:26:25.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '93c07b57a51e3eee44134caa39057e8d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a31-fbc0-46ad-8196-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:25.000Z", "modified": "2017-01-31T08:26:25.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '992e9518d69039c3ebae4191e1f8b8b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a32-51d0-4851-8ab1-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:26.000Z", "modified": "2017-01-31T08:26:26.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '99e9f5a4563f56e61f3806be39efce62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a33-bd3c-4a20-970b-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:27.000Z", "modified": "2017-01-31T08:26:27.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'a11b982bde341475e28d3a2fa96f982a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a34-7fc8-4551-b6ab-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:28.000Z", "modified": "2017-01-31T08:26:28.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'a1bd290317b03ade7941dedd4a4e903b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a34-f270-43c3-8784-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:28.000Z", "modified": "2017-01-31T08:26:28.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'a50e2d3419a9de9be87eb04f52f2245f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a35-bfd8-46a3-bd01-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:29.000Z", "modified": "2017-01-31T08:26:29.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'a53d38e93698ccf1843f15ebbd89a380']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a36-3ae0-4dda-aff8-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:30.000Z", "modified": "2017-01-31T08:26:30.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'c149ef34c57e6f7e970063679de01342']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a37-53c4-4d25-b51c-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:31.000Z", "modified": "2017-01-31T08:26:31.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'c6faf2a51122cad086370674a3c9ad1a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a37-98c8-4e46-a5b0-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:31.000Z", "modified": "2017-01-31T08:26:31.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'cb8d57c149330e7bd1798d62e5da5404']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a38-7e24-46f5-be1f-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:32.000Z", "modified": "2017-01-31T08:26:32.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'cc38fd598cbef1a3816bb64f2990e9b6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a39-63c0-48be-a0ef-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:33.000Z", "modified": "2017-01-31T08:26:33.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'cdb0762becd67b893d73cda594cd1c3e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a39-ef10-4b4e-8ea6-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:33.000Z", "modified": "2017-01-31T08:26:33.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'd4c5384da41fd391d16eff60abc21405']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a3a-8084-4462-9842-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:34.000Z", "modified": "2017-01-31T08:26:34.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'd840ecdd9c8b32af83131dab66ec0f44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a3b-2034-4060-acfe-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:35.000Z", "modified": "2017-01-31T08:26:35.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'e54d28a24c976348c438f45281d68c54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a3c-9418-4409-b165-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:36.000Z", "modified": "2017-01-31T08:26:36.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'e83d79fb671cf2335025022bebbb0bdd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a3c-a448-4d93-9a7d-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:36.000Z", "modified": "2017-01-31T08:26:36.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'ebbf3f2385157240e8a45a9dd00ddaef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a3d-647c-4277-a452-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:37.000Z", "modified": "2017-01-31T08:26:37.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'f33808ea5100648108c7d0d6a0d5eb61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a3e-bab0-41cc-b0da-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:38.000Z", "modified": "2017-01-31T08:26:38.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'f5f698c6c0660d14ce19fd36a4e94b9c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a3e-f058-404d-beec-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:38.000Z", "modified": "2017-01-31T08:26:38.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'f79035227cace85f01ee4ae63ad7c511']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904a3f-fed8-4590-a773-e596950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:26:39.000Z", "modified": "2017-01-31T08:26:39.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = 'fdca6464b694739178b5a46d3d9b0f5c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:26:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904a73-70a4-403a-93d1-e27e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:27:50.000Z", "modified": "2017-01-31T08:27:50.000Z", "first_observed": "2017-01-31T08:27:50Z", "last_observed": "2017-01-31T08:27:50Z", "number_observed": 1, "object_refs": [ "url--58904a73-70a4-403a-93d1-e27e950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"", "admiralty-scale:source-reliability=\"b\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904a73-70a4-403a-93d1-e27e950d210f", "value": "https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b89-e114-4294-91cb-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:09.000Z", "modified": "2017-01-31T08:32:09.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '4ada3fabb0e2cd0c90b16ec79e8147d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b8a-d2cc-4756-ab3f-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:10.000Z", "modified": "2017-01-31T08:32:10.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '20816af7c443180cccc6aa962151af67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b8a-9878-495a-acfb-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:10.000Z", "modified": "2017-01-31T08:32:10.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '23de0ef14737b0398af94d9d9ec5d5b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b8b-67a4-4710-af2a-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:11.000Z", "modified": "2017-01-31T08:32:11.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '2510953f05dcd2c758ad29160bbc3911']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b8c-d91c-43b1-ba31-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:12.000Z", "modified": "2017-01-31T08:32:12.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '2bbd8aa8be75537bd60e68b124eafbff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b8c-2170-4f0e-9962-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:12.000Z", "modified": "2017-01-31T08:32:12.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '33252b2c9e054617ecb7172837ce7775']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b8d-e6a4-47f1-ac59-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:13.000Z", "modified": "2017-01-31T08:32:13.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '37768af89b093b96ab7671456de894bc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b8e-7fb8-4829-a6e0-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:14.000Z", "modified": "2017-01-31T08:32:14.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '3bf85b3bf7393ec22426919d341715e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b8f-9f6c-4698-9259-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:15.000Z", "modified": "2017-01-31T08:32:15.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '3ddf657800e60a57b884b87e1e8a987c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b90-0d78-4e48-92b6-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:16.000Z", "modified": "2017-01-31T08:32:16.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '4725f4b5eec09bdb29433cbea6e360b3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b90-dc38-4499-a4f0-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:16.000Z", "modified": "2017-01-31T08:32:16.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '52645badc17613f95a7962b07e2f063e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b91-d390-41d5-b7e4-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:17.000Z", "modified": "2017-01-31T08:32:17.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '53203a1b05c0e039d8e690bad4808b97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b92-80c8-46b8-9765-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:18.000Z", "modified": "2017-01-31T08:32:18.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '5649e7a200df2fb85ad1fb5a723bef22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b93-4070-46d2-b1dc-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:19.000Z", "modified": "2017-01-31T08:32:19.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '5d513187fc3357bc58d49c33f1c3e9c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b93-ea2c-4a6c-8502-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:19.000Z", "modified": "2017-01-31T08:32:19.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '5d817395b4e6a828850e0010edeccc93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b94-f1c4-40c0-8cfc-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:20.000Z", "modified": "2017-01-31T08:32:20.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '5e5289bb2b5bb89bddbc2ec0a38a6c9b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b95-63bc-48dd-a55c-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:21.000Z", "modified": "2017-01-31T08:32:21.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '5fa30772b1f7a1f6dd33b84180f17add']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b96-88c8-4614-8c6e-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:22.000Z", "modified": "2017-01-31T08:32:22.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '624f84a9d8979789c630327a6b08c7c6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b96-f9ac-4b3d-b50e-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:22.000Z", "modified": "2017-01-31T08:32:22.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '6255a9d71494381b8a4319fd139e9242']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904b97-ea28-4c94-be8c-e590950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:32:23.000Z", "modified": "2017-01-31T08:32:23.000Z", "description": "Flokibot Sample hashes", "pattern": "[file:hashes.MD5 = '64a23908ade4bbf2a7c4aa31be3cff24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:32:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904bfd-0f40-4c7d-a996-e250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:05.000Z", "modified": "2017-01-31T08:34:05.000Z", "description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.", "pattern": "[domain-name:value = 'blackircd.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904bfe-c01c-4ad2-a596-e250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:06.000Z", "modified": "2017-01-31T08:34:06.000Z", "description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.", "pattern": "[domain-name:value = 'treasurehunter.at']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904bff-83b8-4155-a932-e250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:07.000Z", "modified": "2017-01-31T08:34:07.000Z", "description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.", "pattern": "[domain-name:value = '4haters.ga']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904bff-9434-4a37-830f-e250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:07.000Z", "modified": "2017-01-31T08:34:07.000Z", "description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.", "pattern": "[domain-name:value = 'uspal.cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c00-bc58-4ea9-b342-e250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:08.000Z", "modified": "2017-01-31T08:34:08.000Z", "description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.", "pattern": "[domain-name:value = 'duparseled.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c01-6194-4327-90bb-e250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:09.000Z", "modified": "2017-01-31T08:34:09.000Z", "description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.", "pattern": "[domain-name:value = 'web.netsworkupdates.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c01-2f14-4305-b9b1-e250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:09.000Z", "modified": "2017-01-31T08:34:09.000Z", "description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.", "pattern": "[domain-name:value = 'slalsaxxa1ma.cma.beehoney.co.nz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c02-e4a4-4a9c-8a06-e250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:10.000Z", "modified": "2017-01-31T08:34:10.000Z", "description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.", "pattern": "[domain-name:value = 'adultgirlmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c03-7448-4bb3-98a5-e250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:11.000Z", "modified": "2017-01-31T08:34:11.000Z", "description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.", "pattern": "[domain-name:value = 'wowsupplier.ga']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c04-64a4-4560-ad9b-e250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:12.000Z", "modified": "2017-01-31T08:34:12.000Z", "description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.", "pattern": "[domain-name:value = 'extensivee.bid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c04-5c6c-495b-b3e1-e250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:12.000Z", "modified": "2017-01-31T08:34:12.000Z", "description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.", "pattern": "[domain-name:value = 'feed.networksupdates.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c05-9008-4b12-a4c5-e250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:13.000Z", "modified": "2017-01-31T08:34:13.000Z", "description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.", "pattern": "[domain-name:value = 'springlovee.at']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c06-c070-4d5f-b634-e250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:14.000Z", "modified": "2017-01-31T08:34:14.000Z", "description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.", "pattern": "[domain-name:value = 'vtraffic.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c07-7610-4b62-aad0-e250950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:15.000Z", "modified": "2017-01-31T08:34:15.000Z", "description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.", "pattern": "[domain-name:value = 'shhtunnel.at']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c1f-0a38-440d-ac22-e59a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:39.000Z", "modified": "2017-01-31T08:34:39.000Z", "description": "Passive DNS Insight", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.191.52.175']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c20-94b8-414a-b22e-e59a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:40.000Z", "modified": "2017-01-31T08:34:40.000Z", "description": "Passive DNS Insight", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '128.199.205.239']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c20-7898-492a-9f4b-e59a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:40.000Z", "modified": "2017-01-31T08:34:40.000Z", "description": "Passive DNS Insight", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.67.156.144']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c21-820c-4a61-8a3b-e59a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:41.000Z", "modified": "2017-01-31T08:34:41.000Z", "description": "Passive DNS Insight", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.252.246.108']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c22-44cc-4586-8c00-e59a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:34:42.000Z", "modified": "2017-01-31T08:34:42.000Z", "description": "Passive DNS Insight", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.243.164.43']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:34:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c3b-efc8-4708-96d8-e24a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:35:07.000Z", "modified": "2017-01-31T08:35:07.000Z", "description": "Andromeda / downloader", "pattern": "[domain-name:value = 'sshtunnel02.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:35:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904c3c-5f70-488a-a4c9-e24a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:35:08.000Z", "modified": "2017-01-31T08:35:08.000Z", "description": "Ransomware", "pattern": "[domain-name:value = 'p0o9i8u7y9.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:35:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904cfd-a950-492d-889a-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:21.000Z", "modified": "2017-01-31T08:38:21.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 64a23908ade4bbf2a7c4aa31be3cff24", "pattern": "[file:hashes.SHA256 = 'a4a810eebd2fae1d088ee62af725e39717ead68140c4c5104605465319203d5e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904cfd-6f1c-4fbd-9893-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:21.000Z", "modified": "2017-01-31T08:38:21.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 64a23908ade4bbf2a7c4aa31be3cff24", "pattern": "[file:hashes.SHA1 = '2f87c2ce9ae1b741ac5477e9f8b786716b94afc5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904cfe-309c-4fc5-a399-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:22.000Z", "modified": "2017-01-31T08:38:22.000Z", "first_observed": "2017-01-31T08:38:22Z", "last_observed": "2017-01-31T08:38:22Z", "number_observed": 1, "object_refs": [ "url--58904cfe-309c-4fc5-a399-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904cfe-309c-4fc5-a399-e25202de0b81", "value": "https://www.virustotal.com/file/a4a810eebd2fae1d088ee62af725e39717ead68140c4c5104605465319203d5e/analysis/1479614665/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904cff-4ff8-4903-8dee-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:23.000Z", "modified": "2017-01-31T08:38:23.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 6255a9d71494381b8a4319fd139e9242", "pattern": "[file:hashes.SHA256 = 'd037964bd7ce1ea678c86aaf4326de665b39a76cd9e8664fb6faee79c585bd62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d00-becc-4214-afb6-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:24.000Z", "modified": "2017-01-31T08:38:24.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 6255a9d71494381b8a4319fd139e9242", "pattern": "[file:hashes.SHA1 = '93c2ed068a431e098191bd871992d0e45b8876cb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d00-8cf8-4b67-8abe-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:24.000Z", "modified": "2017-01-31T08:38:24.000Z", "first_observed": "2017-01-31T08:38:24Z", "last_observed": "2017-01-31T08:38:24Z", "number_observed": 1, "object_refs": [ "url--58904d00-8cf8-4b67-8abe-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d00-8cf8-4b67-8abe-e25202de0b81", "value": "https://www.virustotal.com/file/d037964bd7ce1ea678c86aaf4326de665b39a76cd9e8664fb6faee79c585bd62/analysis/1480677470/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d01-5c78-4193-85c2-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:25.000Z", "modified": "2017-01-31T08:38:25.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 624f84a9d8979789c630327a6b08c7c6", "pattern": "[file:hashes.SHA256 = 'a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d02-e95c-4206-a9fd-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:26.000Z", "modified": "2017-01-31T08:38:26.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 624f84a9d8979789c630327a6b08c7c6", "pattern": "[file:hashes.SHA1 = 'f9484baf6f7194248a388d41dfd06543b3dc5d26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d02-f8b8-47fa-b354-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:26.000Z", "modified": "2017-01-31T08:38:26.000Z", "first_observed": "2017-01-31T08:38:26Z", "last_observed": "2017-01-31T08:38:26Z", "number_observed": 1, "object_refs": [ "url--58904d02-f8b8-47fa-b354-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d02-f8b8-47fa-b354-e25202de0b81", "value": "https://www.virustotal.com/file/a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa/analysis/1483842081/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d03-e6d0-4714-ac82-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:27.000Z", "modified": "2017-01-31T08:38:27.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 5fa30772b1f7a1f6dd33b84180f17add", "pattern": "[file:hashes.SHA256 = '562f1b99f2ed4ef74a175f488b2744aee22d49a255be2110acd57465a05e5a2c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d04-0b3c-4623-9724-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:28.000Z", "modified": "2017-01-31T08:38:28.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 5fa30772b1f7a1f6dd33b84180f17add", "pattern": "[file:hashes.SHA1 = 'f0ff98a966ad2ddc38694a8002aed0c70a82b0f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d05-cd14-451e-b0da-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:29.000Z", "modified": "2017-01-31T08:38:29.000Z", "first_observed": "2017-01-31T08:38:29Z", "last_observed": "2017-01-31T08:38:29Z", "number_observed": 1, "object_refs": [ "url--58904d05-cd14-451e-b0da-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d05-cd14-451e-b0da-e25202de0b81", "value": "https://www.virustotal.com/file/562f1b99f2ed4ef74a175f488b2744aee22d49a255be2110acd57465a05e5a2c/analysis/1480172318/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d05-4670-420a-bd2d-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:29.000Z", "modified": "2017-01-31T08:38:29.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 5e5289bb2b5bb89bddbc2ec0a38a6c9b", "pattern": "[file:hashes.SHA256 = '20567c4ff6178ac99f4584408dafc736c8504c8e3acf8db0b3015938e8483c02']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d06-8e08-4422-9f86-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:30.000Z", "modified": "2017-01-31T08:38:30.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 5e5289bb2b5bb89bddbc2ec0a38a6c9b", "pattern": "[file:hashes.SHA1 = 'b07cc350d879d906af4d6f203ab236cd18abe7b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d07-4e04-4b51-b66d-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:31.000Z", "modified": "2017-01-31T08:38:31.000Z", "first_observed": "2017-01-31T08:38:31Z", "last_observed": "2017-01-31T08:38:31Z", "number_observed": 1, "object_refs": [ "url--58904d07-4e04-4b51-b66d-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d07-4e04-4b51-b66d-e25202de0b81", "value": "https://www.virustotal.com/file/20567c4ff6178ac99f4584408dafc736c8504c8e3acf8db0b3015938e8483c02/analysis/1480624347/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d08-c920-4f0a-b5d1-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:32.000Z", "modified": "2017-01-31T08:38:32.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 5d817395b4e6a828850e0010edeccc93", "pattern": "[file:hashes.SHA256 = 'b3d08fdd904e214ea5a9044b2ae4b7eaf2b35512f0956ed46237b962276de07e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d08-7b14-4612-a050-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:32.000Z", "modified": "2017-01-31T08:38:32.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 5d817395b4e6a828850e0010edeccc93", "pattern": "[file:hashes.SHA1 = '26b75a8962310ab39283cdf28d63cf8f80c002bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d09-3680-4ba2-9658-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:33.000Z", "modified": "2017-01-31T08:38:33.000Z", "first_observed": "2017-01-31T08:38:33Z", "last_observed": "2017-01-31T08:38:33Z", "number_observed": 1, "object_refs": [ "url--58904d09-3680-4ba2-9658-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d09-3680-4ba2-9658-e25202de0b81", "value": "https://www.virustotal.com/file/b3d08fdd904e214ea5a9044b2ae4b7eaf2b35512f0956ed46237b962276de07e/analysis/1479908511/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d0a-b16c-4dcf-9b24-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:34.000Z", "modified": "2017-01-31T08:38:34.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 5d513187fc3357bc58d49c33f1c3e9c7", "pattern": "[file:hashes.SHA256 = '5c40ffd550c2a0849279270fab45968f27dd75d36f0338f2d4a014de477b318b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d0a-8814-42e8-a211-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:34.000Z", "modified": "2017-01-31T08:38:34.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 5d513187fc3357bc58d49c33f1c3e9c7", "pattern": "[file:hashes.SHA1 = 'cce9e52f8c69a5dd1ce1c8e7df618ee7ff5a2994']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d0b-37ac-443c-a148-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:35.000Z", "modified": "2017-01-31T08:38:35.000Z", "first_observed": "2017-01-31T08:38:35Z", "last_observed": "2017-01-31T08:38:35Z", "number_observed": 1, "object_refs": [ "url--58904d0b-37ac-443c-a148-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d0b-37ac-443c-a148-e25202de0b81", "value": "https://www.virustotal.com/file/5c40ffd550c2a0849279270fab45968f27dd75d36f0338f2d4a014de477b318b/analysis/1480172229/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d0c-dfb8-4adb-9ad2-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:36.000Z", "modified": "2017-01-31T08:38:36.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 5649e7a200df2fb85ad1fb5a723bef22", "pattern": "[file:hashes.SHA256 = '5e1967db286d886b87d1ec655559b9af694fc6e002fea3a6c7fd3c6b0b49ea6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d0c-1aa4-44e0-8fd4-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:36.000Z", "modified": "2017-01-31T08:38:36.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 5649e7a200df2fb85ad1fb5a723bef22", "pattern": "[file:hashes.SHA1 = 'b057d20122048001850afeca671fd31dbcdd1c76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d0d-7830-485e-8576-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:37.000Z", "modified": "2017-01-31T08:38:37.000Z", "first_observed": "2017-01-31T08:38:37Z", "last_observed": "2017-01-31T08:38:37Z", "number_observed": 1, "object_refs": [ "url--58904d0d-7830-485e-8576-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d0d-7830-485e-8576-e25202de0b81", "value": "https://www.virustotal.com/file/5e1967db286d886b87d1ec655559b9af694fc6e002fea3a6c7fd3c6b0b49ea6e/analysis/1484658535/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d0e-9fb0-4cac-be87-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:38.000Z", "modified": "2017-01-31T08:38:38.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 53203a1b05c0e039d8e690bad4808b97", "pattern": "[file:hashes.SHA256 = 'ce1c00243eb04d83151f41d6286abc22762bb3a307d187c947e54e71cca2d0bf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d0f-3da4-49c8-854c-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:39.000Z", "modified": "2017-01-31T08:38:39.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 53203a1b05c0e039d8e690bad4808b97", "pattern": "[file:hashes.SHA1 = '8a48a0a2e9b98a4c8e72663a04b7422c490823c3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d0f-1f48-4288-95f1-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:39.000Z", "modified": "2017-01-31T08:38:39.000Z", "first_observed": "2017-01-31T08:38:39Z", "last_observed": "2017-01-31T08:38:39Z", "number_observed": 1, "object_refs": [ "url--58904d0f-1f48-4288-95f1-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d0f-1f48-4288-95f1-e25202de0b81", "value": "https://www.virustotal.com/file/ce1c00243eb04d83151f41d6286abc22762bb3a307d187c947e54e71cca2d0bf/analysis/1482096582/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d10-3bd0-4404-821b-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:40.000Z", "modified": "2017-01-31T08:38:40.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 52645badc17613f95a7962b07e2f063e", "pattern": "[file:hashes.SHA256 = '54ec1c5c5e958d1177889b829e6fd0d2056586f6d3fcfb168a0a68700f634d77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d11-1e24-4858-8c14-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:41.000Z", "modified": "2017-01-31T08:38:41.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 52645badc17613f95a7962b07e2f063e", "pattern": "[file:hashes.SHA1 = '9f47f08b72776c863890dcc24fa98fe52e564da3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d11-8ccc-4007-aef3-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:41.000Z", "modified": "2017-01-31T08:38:41.000Z", "first_observed": "2017-01-31T08:38:41Z", "last_observed": "2017-01-31T08:38:41Z", "number_observed": 1, "object_refs": [ "url--58904d11-8ccc-4007-aef3-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d11-8ccc-4007-aef3-e25202de0b81", "value": "https://www.virustotal.com/file/54ec1c5c5e958d1177889b829e6fd0d2056586f6d3fcfb168a0a68700f634d77/analysis/1482751964/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d12-b4fc-4616-943b-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:42.000Z", "modified": "2017-01-31T08:38:42.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 4725f4b5eec09bdb29433cbea6e360b3", "pattern": "[file:hashes.SHA256 = '3208f3849737d1ca815cd3f154a8165dd454273657cbd0b1450bddde628348dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d13-66d4-43e9-b290-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:43.000Z", "modified": "2017-01-31T08:38:43.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 4725f4b5eec09bdb29433cbea6e360b3", "pattern": "[file:hashes.SHA1 = 'b5a6a3aa9a994c0bc18f10418c44083951a5d63c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d14-1e48-4596-9d5e-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:44.000Z", "modified": "2017-01-31T08:38:44.000Z", "first_observed": "2017-01-31T08:38:44Z", "last_observed": "2017-01-31T08:38:44Z", "number_observed": 1, "object_refs": [ "url--58904d14-1e48-4596-9d5e-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d14-1e48-4596-9d5e-e25202de0b81", "value": "https://www.virustotal.com/file/3208f3849737d1ca815cd3f154a8165dd454273657cbd0b1450bddde628348dd/analysis/1481588732/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d15-f088-4585-80dc-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:45.000Z", "modified": "2017-01-31T08:38:45.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 3ddf657800e60a57b884b87e1e8a987c", "pattern": "[file:hashes.SHA256 = '9ed055548ed4439905225f24366927d7e8d045d69809cfec8af48a35f7ae636a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d15-8acc-441d-ac4c-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:45.000Z", "modified": "2017-01-31T08:38:45.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 3ddf657800e60a57b884b87e1e8a987c", "pattern": "[file:hashes.SHA1 = 'de090b7be6d5c2488ce0225c15048429d4cd1158']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d16-d4e8-4466-93f7-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:46.000Z", "modified": "2017-01-31T08:38:46.000Z", "first_observed": "2017-01-31T08:38:46Z", "last_observed": "2017-01-31T08:38:46Z", "number_observed": 1, "object_refs": [ "url--58904d16-d4e8-4466-93f7-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d16-d4e8-4466-93f7-e25202de0b81", "value": "https://www.virustotal.com/file/9ed055548ed4439905225f24366927d7e8d045d69809cfec8af48a35f7ae636a/analysis/1483968394/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d17-fea4-402e-98c3-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:47.000Z", "modified": "2017-01-31T08:38:47.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 37768af89b093b96ab7671456de894bc", "pattern": "[file:hashes.SHA256 = '4bdd8bbdab3021d1d8cc23c388db83f1673bdab44288fccae932660eb11aec2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d17-3828-479c-9699-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:47.000Z", "modified": "2017-01-31T08:38:47.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 37768af89b093b96ab7671456de894bc", "pattern": "[file:hashes.SHA1 = '5ae4f380324ce93243504092592c7b275420a338']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d18-b61c-4e84-96bc-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:48.000Z", "modified": "2017-01-31T08:38:48.000Z", "first_observed": "2017-01-31T08:38:48Z", "last_observed": "2017-01-31T08:38:48Z", "number_observed": 1, "object_refs": [ "url--58904d18-b61c-4e84-96bc-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d18-b61c-4e84-96bc-e25202de0b81", "value": "https://www.virustotal.com/file/4bdd8bbdab3021d1d8cc23c388db83f1673bdab44288fccae932660eb11aec2a/analysis/1484690283/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d19-dfd8-4d62-b953-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:49.000Z", "modified": "2017-01-31T08:38:49.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 33252b2c9e054617ecb7172837ce7775", "pattern": "[file:hashes.SHA256 = 'b7d3cc17b4a70b0fc35963a36369935b86a4c7a4396846582c04d674cf40aade']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d1a-96f8-429a-8bfa-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:50.000Z", "modified": "2017-01-31T08:38:50.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 33252b2c9e054617ecb7172837ce7775", "pattern": "[file:hashes.SHA1 = 'f994ac8328267dbe37ce9d1e47f105f2cea922d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d1a-a2e0-431d-8f75-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:50.000Z", "modified": "2017-01-31T08:38:50.000Z", "first_observed": "2017-01-31T08:38:50Z", "last_observed": "2017-01-31T08:38:50Z", "number_observed": 1, "object_refs": [ "url--58904d1a-a2e0-431d-8f75-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d1a-a2e0-431d-8f75-e25202de0b81", "value": "https://www.virustotal.com/file/b7d3cc17b4a70b0fc35963a36369935b86a4c7a4396846582c04d674cf40aade/analysis/1481664304/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d1b-c048-4490-860c-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:51.000Z", "modified": "2017-01-31T08:38:51.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 2bbd8aa8be75537bd60e68b124eafbff", "pattern": "[file:hashes.SHA256 = '2b832ef36978f7852be42e6585e761c3e288cfbb53aef595c7289a3aef0d3c95']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d1c-e958-41df-95b5-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:52.000Z", "modified": "2017-01-31T08:38:52.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 2bbd8aa8be75537bd60e68b124eafbff", "pattern": "[file:hashes.SHA1 = 'f2d5ca7d009f01be4b21a269de4554c7bd891473']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d1c-c35c-415e-8088-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:52.000Z", "modified": "2017-01-31T08:38:52.000Z", "first_observed": "2017-01-31T08:38:52Z", "last_observed": "2017-01-31T08:38:52Z", "number_observed": 1, "object_refs": [ "url--58904d1c-c35c-415e-8088-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d1c-c35c-415e-8088-e25202de0b81", "value": "https://www.virustotal.com/file/2b832ef36978f7852be42e6585e761c3e288cfbb53aef595c7289a3aef0d3c95/analysis/1481808375/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d1d-e87c-489b-bb98-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:53.000Z", "modified": "2017-01-31T08:38:53.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 2510953f05dcd2c758ad29160bbc3911", "pattern": "[file:hashes.SHA256 = 'fbf23b449db5ae1122c503756d9ad7f4d1c77ed367f0874ffe8dde5c578dd2c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d1e-e9e0-4f80-aa5a-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:54.000Z", "modified": "2017-01-31T08:38:54.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 2510953f05dcd2c758ad29160bbc3911", "pattern": "[file:hashes.SHA1 = '9e0094cc8be1bbe494d7dac88a57a3db235f8a04']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d1f-a454-4d66-afd2-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:55.000Z", "modified": "2017-01-31T08:38:55.000Z", "first_observed": "2017-01-31T08:38:55Z", "last_observed": "2017-01-31T08:38:55Z", "number_observed": 1, "object_refs": [ "url--58904d1f-a454-4d66-afd2-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d1f-a454-4d66-afd2-e25202de0b81", "value": "https://www.virustotal.com/file/fbf23b449db5ae1122c503756d9ad7f4d1c77ed367f0874ffe8dde5c578dd2c8/analysis/1477747774/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d1f-9a08-44ac-a0fa-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:55.000Z", "modified": "2017-01-31T08:38:55.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 23de0ef14737b0398af94d9d9ec5d5b7", "pattern": "[file:hashes.SHA256 = '9d9c0ada6891309c2e43f6bad7ffe55c724bb79a0983ea6a51bc1d5dc7dccf83']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d20-1c1c-47a6-92fb-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:56.000Z", "modified": "2017-01-31T08:38:56.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 23de0ef14737b0398af94d9d9ec5d5b7", "pattern": "[file:hashes.SHA1 = '38e37f1f3f89e76d390564e8ff37eebba8cada44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d21-0560-4b42-80c4-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:57.000Z", "modified": "2017-01-31T08:38:57.000Z", "first_observed": "2017-01-31T08:38:57Z", "last_observed": "2017-01-31T08:38:57Z", "number_observed": 1, "object_refs": [ "url--58904d21-0560-4b42-80c4-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d21-0560-4b42-80c4-e25202de0b81", "value": "https://www.virustotal.com/file/9d9c0ada6891309c2e43f6bad7ffe55c724bb79a0983ea6a51bc1d5dc7dccf83/analysis/1479905945/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d22-2a9c-4eb8-8e49-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:58.000Z", "modified": "2017-01-31T08:38:58.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 20816af7c443180cccc6aa962151af67", "pattern": "[file:hashes.SHA256 = '94aec5548e1c51ba874b5723b445fad1c9bf3ac39d45b21d9ef5277ab4b1315b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d22-83b0-4c6e-9e99-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:58.000Z", "modified": "2017-01-31T08:38:58.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 20816af7c443180cccc6aa962151af67", "pattern": "[file:hashes.SHA1 = '7583d06da294a47ddcc48b2b19f19d6a5220c1fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:38:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d23-3de0-46eb-8cf8-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:38:59.000Z", "modified": "2017-01-31T08:38:59.000Z", "first_observed": "2017-01-31T08:38:59Z", "last_observed": "2017-01-31T08:38:59Z", "number_observed": 1, "object_refs": [ "url--58904d23-3de0-46eb-8cf8-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d23-3de0-46eb-8cf8-e25202de0b81", "value": "https://www.virustotal.com/file/94aec5548e1c51ba874b5723b445fad1c9bf3ac39d45b21d9ef5277ab4b1315b/analysis/1478620795/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d24-34dc-46ea-92ef-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:00.000Z", "modified": "2017-01-31T08:39:00.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 4ada3fabb0e2cd0c90b16ec79e8147d8", "pattern": "[file:hashes.SHA256 = '0aa1f07a2ebcdd42896d3d8fdb5e9a9fef0f4f894d2501b9cbbe4cbad673ec03']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d24-ee5c-4c89-b27a-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:00.000Z", "modified": "2017-01-31T08:39:00.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 4ada3fabb0e2cd0c90b16ec79e8147d8", "pattern": "[file:hashes.SHA1 = '44cea646146c11e85bbffbaf634e728b3aea16ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d25-ec48-4dff-95e3-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:01.000Z", "modified": "2017-01-31T08:39:01.000Z", "first_observed": "2017-01-31T08:39:01Z", "last_observed": "2017-01-31T08:39:01Z", "number_observed": 1, "object_refs": [ "url--58904d25-ec48-4dff-95e3-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d25-ec48-4dff-95e3-e25202de0b81", "value": "https://www.virustotal.com/file/0aa1f07a2ebcdd42896d3d8fdb5e9a9fef0f4f894d2501b9cbbe4cbad673ec03/analysis/1481230392/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d26-6128-469d-ae2f-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:02.000Z", "modified": "2017-01-31T08:39:02.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: fdca6464b694739178b5a46d3d9b0f5c", "pattern": "[file:hashes.SHA256 = 'df90aeedeceea03a7f996cddcb198a2dfe210c1e671d689e257d248f6808e001']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d27-c534-495a-a440-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:03.000Z", "modified": "2017-01-31T08:39:03.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: fdca6464b694739178b5a46d3d9b0f5c", "pattern": "[file:hashes.SHA1 = 'b40dcfb36187f8e50046d58b1d42c984bad3405d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d27-e8e0-47c1-a6da-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:03.000Z", "modified": "2017-01-31T08:39:03.000Z", "first_observed": "2017-01-31T08:39:03Z", "last_observed": "2017-01-31T08:39:03Z", "number_observed": 1, "object_refs": [ "url--58904d27-e8e0-47c1-a6da-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d27-e8e0-47c1-a6da-e25202de0b81", "value": "https://www.virustotal.com/file/df90aeedeceea03a7f996cddcb198a2dfe210c1e671d689e257d248f6808e001/analysis/1481386862/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d28-0644-4238-a0b6-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:04.000Z", "modified": "2017-01-31T08:39:04.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: f79035227cace85f01ee4ae63ad7c511", "pattern": "[file:hashes.SHA256 = '60151ba2f1f43ce900eeb76f3c9f2bcc166740e014ab6654a96216ddbf3ed227']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d29-df88-4503-b865-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:05.000Z", "modified": "2017-01-31T08:39:05.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: f79035227cace85f01ee4ae63ad7c511", "pattern": "[file:hashes.SHA1 = 'e53a2b657c7f71d4b86f42f549fc61299922f291']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d29-a578-44b0-84e7-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:05.000Z", "modified": "2017-01-31T08:39:05.000Z", "first_observed": "2017-01-31T08:39:05Z", "last_observed": "2017-01-31T08:39:05Z", "number_observed": 1, "object_refs": [ "url--58904d29-a578-44b0-84e7-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d29-a578-44b0-84e7-e25202de0b81", "value": "https://www.virustotal.com/file/60151ba2f1f43ce900eeb76f3c9f2bcc166740e014ab6654a96216ddbf3ed227/analysis/1480677608/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d2a-1850-41c0-bb2b-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:06.000Z", "modified": "2017-01-31T08:39:06.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: f5f698c6c0660d14ce19fd36a4e94b9c", "pattern": "[file:hashes.SHA256 = '09032a7bf6eef650007c5e57e74f1abb2b7a0c2c97d7c5975ab348cf5419ccd8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d2b-1320-4671-a651-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:07.000Z", "modified": "2017-01-31T08:39:07.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: f5f698c6c0660d14ce19fd36a4e94b9c", "pattern": "[file:hashes.SHA1 = 'b0c7415b762186a316b96b976087c3bc66de599e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d2c-afb0-4a44-b418-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:08.000Z", "modified": "2017-01-31T08:39:08.000Z", "first_observed": "2017-01-31T08:39:08Z", "last_observed": "2017-01-31T08:39:08Z", "number_observed": 1, "object_refs": [ "url--58904d2c-afb0-4a44-b418-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d2c-afb0-4a44-b418-e25202de0b81", "value": "https://www.virustotal.com/file/09032a7bf6eef650007c5e57e74f1abb2b7a0c2c97d7c5975ab348cf5419ccd8/analysis/1483081815/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d2c-0878-48ad-af07-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:08.000Z", "modified": "2017-01-31T08:39:08.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: f33808ea5100648108c7d0d6a0d5eb61", "pattern": "[file:hashes.SHA256 = '7bd22e3147122eb4438f02356e8927f36866efa0cc07cc604f1bff03d76222a6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d2d-8018-4e44-bd72-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:09.000Z", "modified": "2017-01-31T08:39:09.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: f33808ea5100648108c7d0d6a0d5eb61", "pattern": "[file:hashes.SHA1 = '79908f60571d837924118bd697e5b267a1c5fafa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d2e-6c00-4a7f-a5d0-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:10.000Z", "modified": "2017-01-31T08:39:10.000Z", "first_observed": "2017-01-31T08:39:10Z", "last_observed": "2017-01-31T08:39:10Z", "number_observed": 1, "object_refs": [ "url--58904d2e-6c00-4a7f-a5d0-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d2e-6c00-4a7f-a5d0-e25202de0b81", "value": "https://www.virustotal.com/file/7bd22e3147122eb4438f02356e8927f36866efa0cc07cc604f1bff03d76222a6/analysis/1480568783/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d2e-a1a4-4a5f-a7f8-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:10.000Z", "modified": "2017-01-31T08:39:10.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: ebbf3f2385157240e8a45a9dd00ddaef", "pattern": "[file:hashes.SHA256 = 'ea2b311cabaa6e43d858d1c29089189e7da7fdd2774d2651fffa6dda2bb9985f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d2f-4288-4eea-9761-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:11.000Z", "modified": "2017-01-31T08:39:11.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: ebbf3f2385157240e8a45a9dd00ddaef", "pattern": "[file:hashes.SHA1 = '6b33da8f57ae42e0f5b63ec6c83a88d7b14b7217']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d30-3540-454d-be48-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:12.000Z", "modified": "2017-01-31T08:39:12.000Z", "first_observed": "2017-01-31T08:39:12Z", "last_observed": "2017-01-31T08:39:12Z", "number_observed": 1, "object_refs": [ "url--58904d30-3540-454d-be48-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d30-3540-454d-be48-e25202de0b81", "value": "https://www.virustotal.com/file/ea2b311cabaa6e43d858d1c29089189e7da7fdd2774d2651fffa6dda2bb9985f/analysis/1481664072/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d31-ce04-4d0d-bb7f-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:13.000Z", "modified": "2017-01-31T08:39:13.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: e83d79fb671cf2335025022bebbb0bdd", "pattern": "[file:hashes.SHA256 = 'fbfecdfae811afadab5bddeef7f45202a0f891cea2b05e82abaa460fde151312']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d31-e1d8-4e3b-8a9d-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:13.000Z", "modified": "2017-01-31T08:39:13.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: e83d79fb671cf2335025022bebbb0bdd", "pattern": "[file:hashes.SHA1 = '737e61bcd3a4d2a0deaa061cdfa059d641380073']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d32-004c-4efc-ae84-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:14.000Z", "modified": "2017-01-31T08:39:14.000Z", "first_observed": "2017-01-31T08:39:14Z", "last_observed": "2017-01-31T08:39:14Z", "number_observed": 1, "object_refs": [ "url--58904d32-004c-4efc-ae84-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d32-004c-4efc-ae84-e25202de0b81", "value": "https://www.virustotal.com/file/fbfecdfae811afadab5bddeef7f45202a0f891cea2b05e82abaa460fde151312/analysis/1483447618/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d33-ca1c-4a89-9fe6-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:15.000Z", "modified": "2017-01-31T08:39:15.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: e54d28a24c976348c438f45281d68c54", "pattern": "[file:hashes.SHA256 = '5d2ee0440314f7229a126baa152e43473d771591e818f8317275c175fd888f23']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d34-9370-4f17-b899-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:16.000Z", "modified": "2017-01-31T08:39:16.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: e54d28a24c976348c438f45281d68c54", "pattern": "[file:hashes.SHA1 = '3cd014e2ebdb8dd679deb70cd1005b0a2b8283e7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d34-952c-4b2f-bd6a-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:16.000Z", "modified": "2017-01-31T08:39:16.000Z", "first_observed": "2017-01-31T08:39:16Z", "last_observed": "2017-01-31T08:39:16Z", "number_observed": 1, "object_refs": [ "url--58904d34-952c-4b2f-bd6a-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d34-952c-4b2f-bd6a-e25202de0b81", "value": "https://www.virustotal.com/file/5d2ee0440314f7229a126baa152e43473d771591e818f8317275c175fd888f23/analysis/1478618090/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d35-02f0-4d28-bbf4-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:17.000Z", "modified": "2017-01-31T08:39:17.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: d840ecdd9c8b32af83131dab66ec0f44", "pattern": "[file:hashes.SHA256 = '77a4c8babcc18e0d42a9338d132ec6e44b55f4479efb836f699c0d7984898db1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d36-88cc-48a5-af41-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:18.000Z", "modified": "2017-01-31T08:39:18.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: d840ecdd9c8b32af83131dab66ec0f44", "pattern": "[file:hashes.SHA1 = 'cdeba8c395be1f4b61d30dac1d32dd3567264262']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d37-97c0-494d-aeed-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:19.000Z", "modified": "2017-01-31T08:39:19.000Z", "first_observed": "2017-01-31T08:39:19Z", "last_observed": "2017-01-31T08:39:19Z", "number_observed": 1, "object_refs": [ "url--58904d37-97c0-494d-aeed-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d37-97c0-494d-aeed-e25202de0b81", "value": "https://www.virustotal.com/file/77a4c8babcc18e0d42a9338d132ec6e44b55f4479efb836f699c0d7984898db1/analysis/1483968372/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d38-c8a8-4161-8d37-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:20.000Z", "modified": "2017-01-31T08:39:20.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: d4c5384da41fd391d16eff60abc21405", "pattern": "[file:hashes.SHA256 = '0522bfea61ab0db154cde9c1217c90547bd46ba1be0fc6a17bfb4b52e8241a63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d38-dd8c-43d0-93b3-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:20.000Z", "modified": "2017-01-31T08:39:20.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: d4c5384da41fd391d16eff60abc21405", "pattern": "[file:hashes.SHA1 = '75f47640299fc2b33492c3640128d58ac2dc1463']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d39-0758-476a-b425-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:21.000Z", "modified": "2017-01-31T08:39:21.000Z", "first_observed": "2017-01-31T08:39:21Z", "last_observed": "2017-01-31T08:39:21Z", "number_observed": 1, "object_refs": [ "url--58904d39-0758-476a-b425-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d39-0758-476a-b425-e25202de0b81", "value": "https://www.virustotal.com/file/0522bfea61ab0db154cde9c1217c90547bd46ba1be0fc6a17bfb4b52e8241a63/analysis/1480068801/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d3a-6490-4f5d-b113-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:22.000Z", "modified": "2017-01-31T08:39:22.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: cdb0762becd67b893d73cda594cd1c3e", "pattern": "[file:hashes.SHA256 = '08e132f3889ee73357b6bb38e752a749f40dd7e9fb168c6f66be3575dbbbc63d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d3b-5ef0-45e8-9767-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:23.000Z", "modified": "2017-01-31T08:39:23.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: cdb0762becd67b893d73cda594cd1c3e", "pattern": "[file:hashes.SHA1 = '4bf3a98d542e173fdcdba19cec79f177dc8a65ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d3b-7ed0-44da-942d-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:23.000Z", "modified": "2017-01-31T08:39:23.000Z", "first_observed": "2017-01-31T08:39:23Z", "last_observed": "2017-01-31T08:39:23Z", "number_observed": 1, "object_refs": [ "url--58904d3b-7ed0-44da-942d-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d3b-7ed0-44da-942d-e25202de0b81", "value": "https://www.virustotal.com/file/08e132f3889ee73357b6bb38e752a749f40dd7e9fb168c6f66be3575dbbbc63d/analysis/1478522618/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d3c-dd18-4e85-87c6-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:24.000Z", "modified": "2017-01-31T08:39:24.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: cc38fd598cbef1a3816bb64f2990e9b6", "pattern": "[file:hashes.SHA256 = 'e0b599f73d0c46a5130396f81daf5ba9f31639589035b49686bf3ef5f164f009']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d3d-50e0-4f9b-8a1f-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:25.000Z", "modified": "2017-01-31T08:39:25.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: cc38fd598cbef1a3816bb64f2990e9b6", "pattern": "[file:hashes.SHA1 = '5ac80df4f80d466e616d13e8d35be3fe9da5a45e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d3d-acd0-4a51-be86-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:25.000Z", "modified": "2017-01-31T08:39:25.000Z", "first_observed": "2017-01-31T08:39:25Z", "last_observed": "2017-01-31T08:39:25Z", "number_observed": 1, "object_refs": [ "url--58904d3d-acd0-4a51-be86-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d3d-acd0-4a51-be86-e25202de0b81", "value": "https://www.virustotal.com/file/e0b599f73d0c46a5130396f81daf5ba9f31639589035b49686bf3ef5f164f009/analysis/1481230393/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d3e-9750-4944-9759-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:26.000Z", "modified": "2017-01-31T08:39:26.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: cb8d57c149330e7bd1798d62e5da5404", "pattern": "[file:hashes.SHA256 = 'd1d851326a00c1c14fc8ae77480a2150c398e4ef058c316ea32b191fd0e603c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d3f-c734-49a6-9eb5-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:27.000Z", "modified": "2017-01-31T08:39:27.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: cb8d57c149330e7bd1798d62e5da5404", "pattern": "[file:hashes.SHA1 = '7f23a5b87402928e02175e3a5942aee596cdc91f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d40-6c2c-4db6-866c-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:28.000Z", "modified": "2017-01-31T08:39:28.000Z", "first_observed": "2017-01-31T08:39:28Z", "last_observed": "2017-01-31T08:39:28Z", "number_observed": 1, "object_refs": [ "url--58904d40-6c2c-4db6-866c-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d40-6c2c-4db6-866c-e25202de0b81", "value": "https://www.virustotal.com/file/d1d851326a00c1c14fc8ae77480a2150c398e4ef058c316ea32b191fd0e603c0/analysis/1478188503/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d40-ad8c-47aa-bdd8-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:28.000Z", "modified": "2017-01-31T08:39:28.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: c6faf2a51122cad086370674a3c9ad1a", "pattern": "[file:hashes.SHA256 = 'af9f98fd77f38090f382334178004ca1a687460c78d9342337d3ace5643dcacf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d41-d698-4725-bc82-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:29.000Z", "modified": "2017-01-31T08:39:29.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: c6faf2a51122cad086370674a3c9ad1a", "pattern": "[file:hashes.SHA1 = '2eccaac35aa3b351b2a5d367fb8dd478cea1a3f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d42-f9a4-4e80-b4f2-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:30.000Z", "modified": "2017-01-31T08:39:30.000Z", "first_observed": "2017-01-31T08:39:30Z", "last_observed": "2017-01-31T08:39:30Z", "number_observed": 1, "object_refs": [ "url--58904d42-f9a4-4e80-b4f2-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d42-f9a4-4e80-b4f2-e25202de0b81", "value": "https://www.virustotal.com/file/af9f98fd77f38090f382334178004ca1a687460c78d9342337d3ace5643dcacf/analysis/1483333415/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d43-18b4-4c42-aaf9-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:31.000Z", "modified": "2017-01-31T08:39:31.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: c149ef34c57e6f7e970063679de01342", "pattern": "[file:hashes.SHA256 = '5028124ce748b23e709f1540a7c58310f8481e179aff7986d5cfd693c9af94da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d44-42dc-43d1-b398-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:32.000Z", "modified": "2017-01-31T08:39:32.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: c149ef34c57e6f7e970063679de01342", "pattern": "[file:hashes.SHA1 = '855388d354f19322a722c6f9d01e574c9bbf19ae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d45-5af0-4298-8639-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:33.000Z", "modified": "2017-01-31T08:39:33.000Z", "first_observed": "2017-01-31T08:39:33Z", "last_observed": "2017-01-31T08:39:33Z", "number_observed": 1, "object_refs": [ "url--58904d45-5af0-4298-8639-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d45-5af0-4298-8639-e25202de0b81", "value": "https://www.virustotal.com/file/5028124ce748b23e709f1540a7c58310f8481e179aff7986d5cfd693c9af94da/analysis/1481230392/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d45-b4a8-4017-9e0d-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:33.000Z", "modified": "2017-01-31T08:39:33.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: a53d38e93698ccf1843f15ebbd89a380", "pattern": "[file:hashes.SHA256 = '1e4fb4dbb8e93d952e531f13d3a53505facec348cc2dee574eba3d50494b77ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d46-9214-4b98-8075-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:34.000Z", "modified": "2017-01-31T08:39:34.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: a53d38e93698ccf1843f15ebbd89a380", "pattern": "[file:hashes.SHA1 = 'de1257676011d476580c8a6070a39ab46bb5662d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d47-a580-45eb-9480-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:35.000Z", "modified": "2017-01-31T08:39:35.000Z", "first_observed": "2017-01-31T08:39:35Z", "last_observed": "2017-01-31T08:39:35Z", "number_observed": 1, "object_refs": [ "url--58904d47-a580-45eb-9480-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d47-a580-45eb-9480-e25202de0b81", "value": "https://www.virustotal.com/file/1e4fb4dbb8e93d952e531f13d3a53505facec348cc2dee574eba3d50494b77ab/analysis/1481895204/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d48-f258-4f34-8189-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:36.000Z", "modified": "2017-01-31T08:39:36.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: a50e2d3419a9de9be87eb04f52f2245f", "pattern": "[file:hashes.SHA256 = '29108419f575464fd2a6a4569b45acbf939455bbee1af8e35b0e058c3c762d87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d48-07b4-4331-8503-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:36.000Z", "modified": "2017-01-31T08:39:36.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: a50e2d3419a9de9be87eb04f52f2245f", "pattern": "[file:hashes.SHA1 = '9a78a5343135e126ec91629e1aca2e6aa6f03e1a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d49-d6a4-4876-91ac-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:37.000Z", "modified": "2017-01-31T08:39:37.000Z", "first_observed": "2017-01-31T08:39:37Z", "last_observed": "2017-01-31T08:39:37Z", "number_observed": 1, "object_refs": [ "url--58904d49-d6a4-4876-91ac-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d49-d6a4-4876-91ac-e25202de0b81", "value": "https://www.virustotal.com/file/29108419f575464fd2a6a4569b45acbf939455bbee1af8e35b0e058c3c762d87/analysis/1476826573/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d4a-0890-4fb0-a5b0-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:38.000Z", "modified": "2017-01-31T08:39:38.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: a1bd290317b03ade7941dedd4a4e903b", "pattern": "[file:hashes.SHA256 = '1f2e1b1ca63fd91d1db36765ef4a4a48891fb48e8c1c4c455d7807ce5ca089e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d4b-48d4-4cb1-bb50-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:39.000Z", "modified": "2017-01-31T08:39:39.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: a1bd290317b03ade7941dedd4a4e903b", "pattern": "[file:hashes.SHA1 = '5578f3b6709311db555f33be01a42feda6dfc743']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d4b-9cf4-496d-a831-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:39.000Z", "modified": "2017-01-31T08:39:39.000Z", "first_observed": "2017-01-31T08:39:39Z", "last_observed": "2017-01-31T08:39:39Z", "number_observed": 1, "object_refs": [ "url--58904d4b-9cf4-496d-a831-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d4b-9cf4-496d-a831-e25202de0b81", "value": "https://www.virustotal.com/file/1f2e1b1ca63fd91d1db36765ef4a4a48891fb48e8c1c4c455d7807ce5ca089e3/analysis/1482325662/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d4c-5c24-4f48-b2ac-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:40.000Z", "modified": "2017-01-31T08:39:40.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: a11b982bde341475e28d3a2fa96f982a", "pattern": "[file:hashes.SHA256 = 'e43ee2ab62f9dbeb6c3c43c91778308b450f5192c0abb0242bfddb8a65ab883a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d4d-2a60-4259-b4b2-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:41.000Z", "modified": "2017-01-31T08:39:41.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: a11b982bde341475e28d3a2fa96f982a", "pattern": "[file:hashes.SHA1 = '181fe69fa5f931251771814d2afc7bcd85c6468a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d4d-9778-46a3-8b4f-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:41.000Z", "modified": "2017-01-31T08:39:41.000Z", "first_observed": "2017-01-31T08:39:41Z", "last_observed": "2017-01-31T08:39:41Z", "number_observed": 1, "object_refs": [ "url--58904d4d-9778-46a3-8b4f-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d4d-9778-46a3-8b4f-e25202de0b81", "value": "https://www.virustotal.com/file/e43ee2ab62f9dbeb6c3c43c91778308b450f5192c0abb0242bfddb8a65ab883a/analysis/1479238484/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d4e-e000-420e-86a2-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:42.000Z", "modified": "2017-01-31T08:39:42.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 99e9f5a4563f56e61f3806be39efce62", "pattern": "[file:hashes.SHA256 = 'e205a0f5688810599b1af8f65e8fd111e0e8fa2dc61fe979df76a0e4401c2784']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d4f-6db4-4f22-b128-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:43.000Z", "modified": "2017-01-31T08:39:43.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 99e9f5a4563f56e61f3806be39efce62", "pattern": "[file:hashes.SHA1 = '44f723a16feb3d6a4d90353ded6a7757afc11510']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d50-f99c-4c32-856f-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:44.000Z", "modified": "2017-01-31T08:39:44.000Z", "first_observed": "2017-01-31T08:39:44Z", "last_observed": "2017-01-31T08:39:44Z", "number_observed": 1, "object_refs": [ "url--58904d50-f99c-4c32-856f-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d50-f99c-4c32-856f-e25202de0b81", "value": "https://www.virustotal.com/file/e205a0f5688810599b1af8f65e8fd111e0e8fa2dc61fe979df76a0e4401c2784/analysis/1481801135/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d50-857c-4c3e-b63a-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:44.000Z", "modified": "2017-01-31T08:39:44.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 992e9518d69039c3ebae4191e1f8b8b6", "pattern": "[file:hashes.SHA256 = '5668f2f784befed20b52f3d30aa3a9ab374b35a1a853d908ff9ac5c82ddea749']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d51-1054-467e-9065-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:45.000Z", "modified": "2017-01-31T08:39:45.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 992e9518d69039c3ebae4191e1f8b8b6", "pattern": "[file:hashes.SHA1 = '3c93cd0ef4c38e4055b88c22bb398dd45a66fb4f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d52-b470-4bbc-b15f-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:46.000Z", "modified": "2017-01-31T08:39:46.000Z", "first_observed": "2017-01-31T08:39:46Z", "last_observed": "2017-01-31T08:39:46Z", "number_observed": 1, "object_refs": [ "url--58904d52-b470-4bbc-b15f-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d52-b470-4bbc-b15f-e25202de0b81", "value": "https://www.virustotal.com/file/5668f2f784befed20b52f3d30aa3a9ab374b35a1a853d908ff9ac5c82ddea749/analysis/1479397561/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d53-8e34-41a0-8ce0-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:47.000Z", "modified": "2017-01-31T08:39:47.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 93c07b57a51e3eee44134caa39057e8d", "pattern": "[file:hashes.SHA256 = '7bc06cbf4a522a20eefe0e027af3623c987c80f6d0a8cf888c9209ab6f85ff66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d53-a1f8-420c-b4e8-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:47.000Z", "modified": "2017-01-31T08:39:47.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 93c07b57a51e3eee44134caa39057e8d", "pattern": "[file:hashes.SHA1 = '4d74dd452a54aca9099aa3ec0e4485b141a0995a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d54-5360-482c-bc3f-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:48.000Z", "modified": "2017-01-31T08:39:48.000Z", "first_observed": "2017-01-31T08:39:48Z", "last_observed": "2017-01-31T08:39:48Z", "number_observed": 1, "object_refs": [ "url--58904d54-5360-482c-bc3f-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d54-5360-482c-bc3f-e25202de0b81", "value": "https://www.virustotal.com/file/7bc06cbf4a522a20eefe0e027af3623c987c80f6d0a8cf888c9209ab6f85ff66/analysis/1480950931/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d55-9828-4438-84c0-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:49.000Z", "modified": "2017-01-31T08:39:49.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 92316769af9e7cc204a81789c0dab9c0", "pattern": "[file:hashes.SHA256 = '8c4e73647cb234384bf2f31504a49a245d897257f8b5e84098f0263d195cda7c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d55-be6c-40bf-88f9-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:49.000Z", "modified": "2017-01-31T08:39:49.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 92316769af9e7cc204a81789c0dab9c0", "pattern": "[file:hashes.SHA1 = 'c3480609ac5ed1a10d0bd1ef7b8b2e292cd51955']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d56-f6a0-4682-917d-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:50.000Z", "modified": "2017-01-31T08:39:50.000Z", "first_observed": "2017-01-31T08:39:50Z", "last_observed": "2017-01-31T08:39:50Z", "number_observed": 1, "object_refs": [ "url--58904d56-f6a0-4682-917d-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d56-f6a0-4682-917d-e25202de0b81", "value": "https://www.virustotal.com/file/8c4e73647cb234384bf2f31504a49a245d897257f8b5e84098f0263d195cda7c/analysis/1482325664/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d57-ccf8-45dc-b6f6-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:51.000Z", "modified": "2017-01-31T08:39:51.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 7d17de98ce24a0c3e156efcc0e1ca565", "pattern": "[file:hashes.SHA256 = 'f9e75d18efcd8d07a8e8981e9ad0d881225f85b875c77279cb329014c3d30a54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d58-ba58-4272-9ce9-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:52.000Z", "modified": "2017-01-31T08:39:52.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 7d17de98ce24a0c3e156efcc0e1ca565", "pattern": "[file:hashes.SHA1 = '641147b438129274d0189f19fa70046a379d6cf1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d58-ee98-41f6-a950-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:52.000Z", "modified": "2017-01-31T08:39:52.000Z", "first_observed": "2017-01-31T08:39:52Z", "last_observed": "2017-01-31T08:39:52Z", "number_observed": 1, "object_refs": [ "url--58904d58-ee98-41f6-a950-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d58-ee98-41f6-a950-e25202de0b81", "value": "https://www.virustotal.com/file/f9e75d18efcd8d07a8e8981e9ad0d881225f85b875c77279cb329014c3d30a54/analysis/1484568182/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d59-db28-4b62-9b14-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:53.000Z", "modified": "2017-01-31T08:39:53.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 7b8f8a999367f28b3ac42fc4d2b9439d", "pattern": "[file:hashes.SHA256 = '5fdc148bffbe0b27aed2269030bc9b21fa9e122880c94d8cf597db17c85212ef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d5a-90e4-41c3-8565-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:54.000Z", "modified": "2017-01-31T08:39:54.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 7b8f8a999367f28b3ac42fc4d2b9439d", "pattern": "[file:hashes.SHA1 = '4bc25f2fff09a00de45ddadc1d95e62c74cb46c2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d5a-45b0-4260-9ae7-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:54.000Z", "modified": "2017-01-31T08:39:54.000Z", "first_observed": "2017-01-31T08:39:54Z", "last_observed": "2017-01-31T08:39:54Z", "number_observed": 1, "object_refs": [ "url--58904d5a-45b0-4260-9ae7-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d5a-45b0-4260-9ae7-e25202de0b81", "value": "https://www.virustotal.com/file/5fdc148bffbe0b27aed2269030bc9b21fa9e122880c94d8cf597db17c85212ef/analysis/1483968314/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d5b-adc4-4055-b81e-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:55.000Z", "modified": "2017-01-31T08:39:55.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 7b7675705908d34432e2309880f5538e", "pattern": "[file:hashes.SHA256 = '2414b7709a44cedc3a55b927898251ca369f0589923e4cc688c72c11ede788bb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d5c-d394-4f99-bba3-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:56.000Z", "modified": "2017-01-31T08:39:56.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 7b7675705908d34432e2309880f5538e", "pattern": "[file:hashes.SHA1 = '1be90534bb557904283f5447becdb7bf448b28e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d5d-02ac-4e8d-a412-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:57.000Z", "modified": "2017-01-31T08:39:57.000Z", "first_observed": "2017-01-31T08:39:57Z", "last_observed": "2017-01-31T08:39:57Z", "number_observed": 1, "object_refs": [ "url--58904d5d-02ac-4e8d-a412-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d5d-02ac-4e8d-a412-e25202de0b81", "value": "https://www.virustotal.com/file/2414b7709a44cedc3a55b927898251ca369f0589923e4cc688c72c11ede788bb/analysis/1481154655/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d5d-e0cc-42d4-b8ae-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:57.000Z", "modified": "2017-01-31T08:39:57.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 70f6abfb433327a7b3c394246cc37ea2", "pattern": "[file:hashes.SHA256 = '3c2c753dbb62920cc00e37a7cab64fe0e16952ff731d39db26573819eb715b67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d5e-6614-4c3d-9ec9-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:58.000Z", "modified": "2017-01-31T08:39:58.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 70f6abfb433327a7b3c394246cc37ea2", "pattern": "[file:hashes.SHA1 = 'd2d0a6c7b63d5032a37b791f1fd07246d3a98093']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d5f-e854-4655-9fdf-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:59.000Z", "modified": "2017-01-31T08:39:59.000Z", "first_observed": "2017-01-31T08:39:59Z", "last_observed": "2017-01-31T08:39:59Z", "number_observed": 1, "object_refs": [ "url--58904d5f-e854-4655-9fdf-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d5f-e854-4655-9fdf-e25202de0b81", "value": "https://www.virustotal.com/file/3c2c753dbb62920cc00e37a7cab64fe0e16952ff731d39db26573819eb715b67/analysis/1481535806/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d5f-f200-4057-ad49-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:39:59.000Z", "modified": "2017-01-31T08:39:59.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 6dcc9ef9258dea343e1fdb1aaa5c7e56", "pattern": "[file:hashes.SHA256 = '2658c39d9e14e463c8c6dc7cd7a53bee6016e641f5ab2e22be3a1f13f0070809']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:39:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d60-7640-4959-a207-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:40:00.000Z", "modified": "2017-01-31T08:40:00.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 6dcc9ef9258dea343e1fdb1aaa5c7e56", "pattern": "[file:hashes.SHA1 = '7644de519b46524346d99ae279a3624e99187b9d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:40:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d61-ef28-47ad-829a-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:40:01.000Z", "modified": "2017-01-31T08:40:01.000Z", "first_observed": "2017-01-31T08:40:01Z", "last_observed": "2017-01-31T08:40:01Z", "number_observed": 1, "object_refs": [ "url--58904d61-ef28-47ad-829a-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d61-ef28-47ad-829a-e25202de0b81", "value": "https://www.virustotal.com/file/2658c39d9e14e463c8c6dc7cd7a53bee6016e641f5ab2e22be3a1f13f0070809/analysis/1482248474/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d62-e0e0-4fed-ba88-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:40:02.000Z", "modified": "2017-01-31T08:40:02.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 6db1f428becc2870517ae50fd892fc67", "pattern": "[file:hashes.SHA256 = 'ad6fd5137fab3142b1216037ff0c1f6850bb810f0bd23e2feb374c9ddd03bacb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:40:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58904d62-3c34-4f56-8563-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:40:02.000Z", "modified": "2017-01-31T08:40:02.000Z", "description": "Flokibot Sample hashes - Xchecked via VT: 6db1f428becc2870517ae50fd892fc67", "pattern": "[file:hashes.SHA1 = 'c4659b5e0b2703e192a683bf672b001888695699']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-01-31T08:40:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58904d63-f5dc-4b9f-99fd-e25202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-01-31T08:40:03.000Z", "modified": "2017-01-31T08:40:03.000Z", "first_observed": "2017-01-31T08:40:03Z", "last_observed": "2017-01-31T08:40:03Z", "number_observed": 1, "object_refs": [ "url--58904d63-f5dc-4b9f-99fd-e25202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58904d63-f5dc-4b9f-99fd-e25202de0b81", "value": "https://www.virustotal.com/file/ad6fd5137fab3142b1216037ff0c1f6850bb810f0bd23e2feb374c9ddd03bacb/analysis/1482185096/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }