adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/589046d9-01ac-40d2-b47d-e592950d210f.json

5388 lines
No EOL
230 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--589046d9-01ac-40d2-b47d-e592950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:43:09.000Z",
"modified": "2017-01-31T08:43:09.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--589046d9-01ac-40d2-b47d-e592950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:43:09.000Z",
"modified": "2017-01-31T08:43:09.000Z",
"name": "OSINT - Flokibot Invades PoS: Trouble in Brazil",
"published": "2017-01-31T08:43:27Z",
"object_refs": [
"x-misp-attribute--589046f4-2314-4b63-9bda-e596950d210f",
"indicator--58904a2c-bfc4-4007-a6da-e596950d210f",
"indicator--58904a2c-83d8-4762-81ff-e596950d210f",
"indicator--58904a2d-ad00-47cc-bc71-e596950d210f",
"indicator--58904a2e-d5d0-4112-a648-e596950d210f",
"indicator--58904a2e-71e4-4c48-8b42-e596950d210f",
"indicator--58904a2f-2d5c-4b6c-b8ff-e596950d210f",
"indicator--58904a30-9fd0-4c5e-b844-e596950d210f",
"indicator--58904a31-88f8-4927-9be5-e596950d210f",
"indicator--58904a31-fbc0-46ad-8196-e596950d210f",
"indicator--58904a32-51d0-4851-8ab1-e596950d210f",
"indicator--58904a33-bd3c-4a20-970b-e596950d210f",
"indicator--58904a34-7fc8-4551-b6ab-e596950d210f",
"indicator--58904a34-f270-43c3-8784-e596950d210f",
"indicator--58904a35-bfd8-46a3-bd01-e596950d210f",
"indicator--58904a36-3ae0-4dda-aff8-e596950d210f",
"indicator--58904a37-53c4-4d25-b51c-e596950d210f",
"indicator--58904a37-98c8-4e46-a5b0-e596950d210f",
"indicator--58904a38-7e24-46f5-be1f-e596950d210f",
"indicator--58904a39-63c0-48be-a0ef-e596950d210f",
"indicator--58904a39-ef10-4b4e-8ea6-e596950d210f",
"indicator--58904a3a-8084-4462-9842-e596950d210f",
"indicator--58904a3b-2034-4060-acfe-e596950d210f",
"indicator--58904a3c-9418-4409-b165-e596950d210f",
"indicator--58904a3c-a448-4d93-9a7d-e596950d210f",
"indicator--58904a3d-647c-4277-a452-e596950d210f",
"indicator--58904a3e-bab0-41cc-b0da-e596950d210f",
"indicator--58904a3e-f058-404d-beec-e596950d210f",
"indicator--58904a3f-fed8-4590-a773-e596950d210f",
"observed-data--58904a73-70a4-403a-93d1-e27e950d210f",
"url--58904a73-70a4-403a-93d1-e27e950d210f",
"indicator--58904b89-e114-4294-91cb-e590950d210f",
"indicator--58904b8a-d2cc-4756-ab3f-e590950d210f",
"indicator--58904b8a-9878-495a-acfb-e590950d210f",
"indicator--58904b8b-67a4-4710-af2a-e590950d210f",
"indicator--58904b8c-d91c-43b1-ba31-e590950d210f",
"indicator--58904b8c-2170-4f0e-9962-e590950d210f",
"indicator--58904b8d-e6a4-47f1-ac59-e590950d210f",
"indicator--58904b8e-7fb8-4829-a6e0-e590950d210f",
"indicator--58904b8f-9f6c-4698-9259-e590950d210f",
"indicator--58904b90-0d78-4e48-92b6-e590950d210f",
"indicator--58904b90-dc38-4499-a4f0-e590950d210f",
"indicator--58904b91-d390-41d5-b7e4-e590950d210f",
"indicator--58904b92-80c8-46b8-9765-e590950d210f",
"indicator--58904b93-4070-46d2-b1dc-e590950d210f",
"indicator--58904b93-ea2c-4a6c-8502-e590950d210f",
"indicator--58904b94-f1c4-40c0-8cfc-e590950d210f",
"indicator--58904b95-63bc-48dd-a55c-e590950d210f",
"indicator--58904b96-88c8-4614-8c6e-e590950d210f",
"indicator--58904b96-f9ac-4b3d-b50e-e590950d210f",
"indicator--58904b97-ea28-4c94-be8c-e590950d210f",
"indicator--58904bfd-0f40-4c7d-a996-e250950d210f",
"indicator--58904bfe-c01c-4ad2-a596-e250950d210f",
"indicator--58904bff-83b8-4155-a932-e250950d210f",
"indicator--58904bff-9434-4a37-830f-e250950d210f",
"indicator--58904c00-bc58-4ea9-b342-e250950d210f",
"indicator--58904c01-6194-4327-90bb-e250950d210f",
"indicator--58904c01-2f14-4305-b9b1-e250950d210f",
"indicator--58904c02-e4a4-4a9c-8a06-e250950d210f",
"indicator--58904c03-7448-4bb3-98a5-e250950d210f",
"indicator--58904c04-64a4-4560-ad9b-e250950d210f",
"indicator--58904c04-5c6c-495b-b3e1-e250950d210f",
"indicator--58904c05-9008-4b12-a4c5-e250950d210f",
"indicator--58904c06-c070-4d5f-b634-e250950d210f",
"indicator--58904c07-7610-4b62-aad0-e250950d210f",
"indicator--58904c1f-0a38-440d-ac22-e59a950d210f",
"indicator--58904c20-94b8-414a-b22e-e59a950d210f",
"indicator--58904c20-7898-492a-9f4b-e59a950d210f",
"indicator--58904c21-820c-4a61-8a3b-e59a950d210f",
"indicator--58904c22-44cc-4586-8c00-e59a950d210f",
"indicator--58904c3b-efc8-4708-96d8-e24a950d210f",
"indicator--58904c3c-5f70-488a-a4c9-e24a950d210f",
"indicator--58904cfd-a950-492d-889a-e25202de0b81",
"indicator--58904cfd-6f1c-4fbd-9893-e25202de0b81",
"observed-data--58904cfe-309c-4fc5-a399-e25202de0b81",
"url--58904cfe-309c-4fc5-a399-e25202de0b81",
"indicator--58904cff-4ff8-4903-8dee-e25202de0b81",
"indicator--58904d00-becc-4214-afb6-e25202de0b81",
"observed-data--58904d00-8cf8-4b67-8abe-e25202de0b81",
"url--58904d00-8cf8-4b67-8abe-e25202de0b81",
"indicator--58904d01-5c78-4193-85c2-e25202de0b81",
"indicator--58904d02-e95c-4206-a9fd-e25202de0b81",
"observed-data--58904d02-f8b8-47fa-b354-e25202de0b81",
"url--58904d02-f8b8-47fa-b354-e25202de0b81",
"indicator--58904d03-e6d0-4714-ac82-e25202de0b81",
"indicator--58904d04-0b3c-4623-9724-e25202de0b81",
"observed-data--58904d05-cd14-451e-b0da-e25202de0b81",
"url--58904d05-cd14-451e-b0da-e25202de0b81",
"indicator--58904d05-4670-420a-bd2d-e25202de0b81",
"indicator--58904d06-8e08-4422-9f86-e25202de0b81",
"observed-data--58904d07-4e04-4b51-b66d-e25202de0b81",
"url--58904d07-4e04-4b51-b66d-e25202de0b81",
"indicator--58904d08-c920-4f0a-b5d1-e25202de0b81",
"indicator--58904d08-7b14-4612-a050-e25202de0b81",
"observed-data--58904d09-3680-4ba2-9658-e25202de0b81",
"url--58904d09-3680-4ba2-9658-e25202de0b81",
"indicator--58904d0a-b16c-4dcf-9b24-e25202de0b81",
"indicator--58904d0a-8814-42e8-a211-e25202de0b81",
"observed-data--58904d0b-37ac-443c-a148-e25202de0b81",
"url--58904d0b-37ac-443c-a148-e25202de0b81",
"indicator--58904d0c-dfb8-4adb-9ad2-e25202de0b81",
"indicator--58904d0c-1aa4-44e0-8fd4-e25202de0b81",
"observed-data--58904d0d-7830-485e-8576-e25202de0b81",
"url--58904d0d-7830-485e-8576-e25202de0b81",
"indicator--58904d0e-9fb0-4cac-be87-e25202de0b81",
"indicator--58904d0f-3da4-49c8-854c-e25202de0b81",
"observed-data--58904d0f-1f48-4288-95f1-e25202de0b81",
"url--58904d0f-1f48-4288-95f1-e25202de0b81",
"indicator--58904d10-3bd0-4404-821b-e25202de0b81",
"indicator--58904d11-1e24-4858-8c14-e25202de0b81",
"observed-data--58904d11-8ccc-4007-aef3-e25202de0b81",
"url--58904d11-8ccc-4007-aef3-e25202de0b81",
"indicator--58904d12-b4fc-4616-943b-e25202de0b81",
"indicator--58904d13-66d4-43e9-b290-e25202de0b81",
"observed-data--58904d14-1e48-4596-9d5e-e25202de0b81",
"url--58904d14-1e48-4596-9d5e-e25202de0b81",
"indicator--58904d15-f088-4585-80dc-e25202de0b81",
"indicator--58904d15-8acc-441d-ac4c-e25202de0b81",
"observed-data--58904d16-d4e8-4466-93f7-e25202de0b81",
"url--58904d16-d4e8-4466-93f7-e25202de0b81",
"indicator--58904d17-fea4-402e-98c3-e25202de0b81",
"indicator--58904d17-3828-479c-9699-e25202de0b81",
"observed-data--58904d18-b61c-4e84-96bc-e25202de0b81",
"url--58904d18-b61c-4e84-96bc-e25202de0b81",
"indicator--58904d19-dfd8-4d62-b953-e25202de0b81",
"indicator--58904d1a-96f8-429a-8bfa-e25202de0b81",
"observed-data--58904d1a-a2e0-431d-8f75-e25202de0b81",
"url--58904d1a-a2e0-431d-8f75-e25202de0b81",
"indicator--58904d1b-c048-4490-860c-e25202de0b81",
"indicator--58904d1c-e958-41df-95b5-e25202de0b81",
"observed-data--58904d1c-c35c-415e-8088-e25202de0b81",
"url--58904d1c-c35c-415e-8088-e25202de0b81",
"indicator--58904d1d-e87c-489b-bb98-e25202de0b81",
"indicator--58904d1e-e9e0-4f80-aa5a-e25202de0b81",
"observed-data--58904d1f-a454-4d66-afd2-e25202de0b81",
"url--58904d1f-a454-4d66-afd2-e25202de0b81",
"indicator--58904d1f-9a08-44ac-a0fa-e25202de0b81",
"indicator--58904d20-1c1c-47a6-92fb-e25202de0b81",
"observed-data--58904d21-0560-4b42-80c4-e25202de0b81",
"url--58904d21-0560-4b42-80c4-e25202de0b81",
"indicator--58904d22-2a9c-4eb8-8e49-e25202de0b81",
"indicator--58904d22-83b0-4c6e-9e99-e25202de0b81",
"observed-data--58904d23-3de0-46eb-8cf8-e25202de0b81",
"url--58904d23-3de0-46eb-8cf8-e25202de0b81",
"indicator--58904d24-34dc-46ea-92ef-e25202de0b81",
"indicator--58904d24-ee5c-4c89-b27a-e25202de0b81",
"observed-data--58904d25-ec48-4dff-95e3-e25202de0b81",
"url--58904d25-ec48-4dff-95e3-e25202de0b81",
"indicator--58904d26-6128-469d-ae2f-e25202de0b81",
"indicator--58904d27-c534-495a-a440-e25202de0b81",
"observed-data--58904d27-e8e0-47c1-a6da-e25202de0b81",
"url--58904d27-e8e0-47c1-a6da-e25202de0b81",
"indicator--58904d28-0644-4238-a0b6-e25202de0b81",
"indicator--58904d29-df88-4503-b865-e25202de0b81",
"observed-data--58904d29-a578-44b0-84e7-e25202de0b81",
"url--58904d29-a578-44b0-84e7-e25202de0b81",
"indicator--58904d2a-1850-41c0-bb2b-e25202de0b81",
"indicator--58904d2b-1320-4671-a651-e25202de0b81",
"observed-data--58904d2c-afb0-4a44-b418-e25202de0b81",
"url--58904d2c-afb0-4a44-b418-e25202de0b81",
"indicator--58904d2c-0878-48ad-af07-e25202de0b81",
"indicator--58904d2d-8018-4e44-bd72-e25202de0b81",
"observed-data--58904d2e-6c00-4a7f-a5d0-e25202de0b81",
"url--58904d2e-6c00-4a7f-a5d0-e25202de0b81",
"indicator--58904d2e-a1a4-4a5f-a7f8-e25202de0b81",
"indicator--58904d2f-4288-4eea-9761-e25202de0b81",
"observed-data--58904d30-3540-454d-be48-e25202de0b81",
"url--58904d30-3540-454d-be48-e25202de0b81",
"indicator--58904d31-ce04-4d0d-bb7f-e25202de0b81",
"indicator--58904d31-e1d8-4e3b-8a9d-e25202de0b81",
"observed-data--58904d32-004c-4efc-ae84-e25202de0b81",
"url--58904d32-004c-4efc-ae84-e25202de0b81",
"indicator--58904d33-ca1c-4a89-9fe6-e25202de0b81",
"indicator--58904d34-9370-4f17-b899-e25202de0b81",
"observed-data--58904d34-952c-4b2f-bd6a-e25202de0b81",
"url--58904d34-952c-4b2f-bd6a-e25202de0b81",
"indicator--58904d35-02f0-4d28-bbf4-e25202de0b81",
"indicator--58904d36-88cc-48a5-af41-e25202de0b81",
"observed-data--58904d37-97c0-494d-aeed-e25202de0b81",
"url--58904d37-97c0-494d-aeed-e25202de0b81",
"indicator--58904d38-c8a8-4161-8d37-e25202de0b81",
"indicator--58904d38-dd8c-43d0-93b3-e25202de0b81",
"observed-data--58904d39-0758-476a-b425-e25202de0b81",
"url--58904d39-0758-476a-b425-e25202de0b81",
"indicator--58904d3a-6490-4f5d-b113-e25202de0b81",
"indicator--58904d3b-5ef0-45e8-9767-e25202de0b81",
"observed-data--58904d3b-7ed0-44da-942d-e25202de0b81",
"url--58904d3b-7ed0-44da-942d-e25202de0b81",
"indicator--58904d3c-dd18-4e85-87c6-e25202de0b81",
"indicator--58904d3d-50e0-4f9b-8a1f-e25202de0b81",
"observed-data--58904d3d-acd0-4a51-be86-e25202de0b81",
"url--58904d3d-acd0-4a51-be86-e25202de0b81",
"indicator--58904d3e-9750-4944-9759-e25202de0b81",
"indicator--58904d3f-c734-49a6-9eb5-e25202de0b81",
"observed-data--58904d40-6c2c-4db6-866c-e25202de0b81",
"url--58904d40-6c2c-4db6-866c-e25202de0b81",
"indicator--58904d40-ad8c-47aa-bdd8-e25202de0b81",
"indicator--58904d41-d698-4725-bc82-e25202de0b81",
"observed-data--58904d42-f9a4-4e80-b4f2-e25202de0b81",
"url--58904d42-f9a4-4e80-b4f2-e25202de0b81",
"indicator--58904d43-18b4-4c42-aaf9-e25202de0b81",
"indicator--58904d44-42dc-43d1-b398-e25202de0b81",
"observed-data--58904d45-5af0-4298-8639-e25202de0b81",
"url--58904d45-5af0-4298-8639-e25202de0b81",
"indicator--58904d45-b4a8-4017-9e0d-e25202de0b81",
"indicator--58904d46-9214-4b98-8075-e25202de0b81",
"observed-data--58904d47-a580-45eb-9480-e25202de0b81",
"url--58904d47-a580-45eb-9480-e25202de0b81",
"indicator--58904d48-f258-4f34-8189-e25202de0b81",
"indicator--58904d48-07b4-4331-8503-e25202de0b81",
"observed-data--58904d49-d6a4-4876-91ac-e25202de0b81",
"url--58904d49-d6a4-4876-91ac-e25202de0b81",
"indicator--58904d4a-0890-4fb0-a5b0-e25202de0b81",
"indicator--58904d4b-48d4-4cb1-bb50-e25202de0b81",
"observed-data--58904d4b-9cf4-496d-a831-e25202de0b81",
"url--58904d4b-9cf4-496d-a831-e25202de0b81",
"indicator--58904d4c-5c24-4f48-b2ac-e25202de0b81",
"indicator--58904d4d-2a60-4259-b4b2-e25202de0b81",
"observed-data--58904d4d-9778-46a3-8b4f-e25202de0b81",
"url--58904d4d-9778-46a3-8b4f-e25202de0b81",
"indicator--58904d4e-e000-420e-86a2-e25202de0b81",
"indicator--58904d4f-6db4-4f22-b128-e25202de0b81",
"observed-data--58904d50-f99c-4c32-856f-e25202de0b81",
"url--58904d50-f99c-4c32-856f-e25202de0b81",
"indicator--58904d50-857c-4c3e-b63a-e25202de0b81",
"indicator--58904d51-1054-467e-9065-e25202de0b81",
"observed-data--58904d52-b470-4bbc-b15f-e25202de0b81",
"url--58904d52-b470-4bbc-b15f-e25202de0b81",
"indicator--58904d53-8e34-41a0-8ce0-e25202de0b81",
"indicator--58904d53-a1f8-420c-b4e8-e25202de0b81",
"observed-data--58904d54-5360-482c-bc3f-e25202de0b81",
"url--58904d54-5360-482c-bc3f-e25202de0b81",
"indicator--58904d55-9828-4438-84c0-e25202de0b81",
"indicator--58904d55-be6c-40bf-88f9-e25202de0b81",
"observed-data--58904d56-f6a0-4682-917d-e25202de0b81",
"url--58904d56-f6a0-4682-917d-e25202de0b81",
"indicator--58904d57-ccf8-45dc-b6f6-e25202de0b81",
"indicator--58904d58-ba58-4272-9ce9-e25202de0b81",
"observed-data--58904d58-ee98-41f6-a950-e25202de0b81",
"url--58904d58-ee98-41f6-a950-e25202de0b81",
"indicator--58904d59-db28-4b62-9b14-e25202de0b81",
"indicator--58904d5a-90e4-41c3-8565-e25202de0b81",
"observed-data--58904d5a-45b0-4260-9ae7-e25202de0b81",
"url--58904d5a-45b0-4260-9ae7-e25202de0b81",
"indicator--58904d5b-adc4-4055-b81e-e25202de0b81",
"indicator--58904d5c-d394-4f99-bba3-e25202de0b81",
"observed-data--58904d5d-02ac-4e8d-a412-e25202de0b81",
"url--58904d5d-02ac-4e8d-a412-e25202de0b81",
"indicator--58904d5d-e0cc-42d4-b8ae-e25202de0b81",
"indicator--58904d5e-6614-4c3d-9ec9-e25202de0b81",
"observed-data--58904d5f-e854-4655-9fdf-e25202de0b81",
"url--58904d5f-e854-4655-9fdf-e25202de0b81",
"indicator--58904d5f-f200-4057-ad49-e25202de0b81",
"indicator--58904d60-7640-4959-a207-e25202de0b81",
"observed-data--58904d61-ef28-47ad-829a-e25202de0b81",
"url--58904d61-ef28-47ad-829a-e25202de0b81",
"indicator--58904d62-e0e0-4fed-ba88-e25202de0b81",
"indicator--58904d62-3c34-4f56-8563-e25202de0b81",
"observed-data--58904d63-f5dc-4b9f-99fd-e25202de0b81",
"url--58904d63-f5dc-4b9f-99fd-e25202de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:tool=\"Flokibot\"",
"veris:asset:variety=\"U - POS terminal\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--589046f4-2314-4b63-9bda-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:12:36.000Z",
"modified": "2017-01-31T08:12:36.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Threat actors salivate at the thought of an increased volume of credit and debit card transactions flowing through endpoints they have compromised with card-stealing malware. While there are many distinct malware families that scrape unencrypted process memory to obtain cards, some of these malware capabilities overlap with generic information stealing trojans such as Flokibot that obtain and exfiltrate HTTPS GET and POST data and other materials from compromised machines.\r\n\r\nRather than focusing on the Flokibot malware itself, which has already been profiled by ASERT [https://www.arbornetworks.com/blog/asert/flokibot-flock-bots/] and others [http://blog.talosintel.com/2016/12/flokibot-collab.html], we have profiled selected elements of three Flokibot compromises in order to provide increased awareness of risk factors and actor TTP\u00e2\u20ac\u2122s. The first compromise profiled is particularly interesting because it likely involves a threat actor participating in a card trafficking operation."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a2c-bfc4-4007-a6da-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:20.000Z",
"modified": "2017-01-31T08:26:20.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '6db1f428becc2870517ae50fd892fc67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a2c-83d8-4762-81ff-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:20.000Z",
"modified": "2017-01-31T08:26:20.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '6dcc9ef9258dea343e1fdb1aaa5c7e56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a2d-ad00-47cc-bc71-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:21.000Z",
"modified": "2017-01-31T08:26:21.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '70f6abfb433327a7b3c394246cc37ea2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a2e-d5d0-4112-a648-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:22.000Z",
"modified": "2017-01-31T08:26:22.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '7b7675705908d34432e2309880f5538e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a2e-71e4-4c48-8b42-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:22.000Z",
"modified": "2017-01-31T08:26:22.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '7b8f8a999367f28b3ac42fc4d2b9439d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a2f-2d5c-4b6c-b8ff-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:23.000Z",
"modified": "2017-01-31T08:26:23.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '7d17de98ce24a0c3e156efcc0e1ca565']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a30-9fd0-4c5e-b844-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:24.000Z",
"modified": "2017-01-31T08:26:24.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '92316769af9e7cc204a81789c0dab9c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a31-88f8-4927-9be5-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:25.000Z",
"modified": "2017-01-31T08:26:25.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '93c07b57a51e3eee44134caa39057e8d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a31-fbc0-46ad-8196-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:25.000Z",
"modified": "2017-01-31T08:26:25.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '992e9518d69039c3ebae4191e1f8b8b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a32-51d0-4851-8ab1-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:26.000Z",
"modified": "2017-01-31T08:26:26.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '99e9f5a4563f56e61f3806be39efce62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a33-bd3c-4a20-970b-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:27.000Z",
"modified": "2017-01-31T08:26:27.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'a11b982bde341475e28d3a2fa96f982a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a34-7fc8-4551-b6ab-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:28.000Z",
"modified": "2017-01-31T08:26:28.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'a1bd290317b03ade7941dedd4a4e903b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a34-f270-43c3-8784-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:28.000Z",
"modified": "2017-01-31T08:26:28.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'a50e2d3419a9de9be87eb04f52f2245f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a35-bfd8-46a3-bd01-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:29.000Z",
"modified": "2017-01-31T08:26:29.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'a53d38e93698ccf1843f15ebbd89a380']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a36-3ae0-4dda-aff8-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:30.000Z",
"modified": "2017-01-31T08:26:30.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'c149ef34c57e6f7e970063679de01342']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a37-53c4-4d25-b51c-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:31.000Z",
"modified": "2017-01-31T08:26:31.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'c6faf2a51122cad086370674a3c9ad1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a37-98c8-4e46-a5b0-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:31.000Z",
"modified": "2017-01-31T08:26:31.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'cb8d57c149330e7bd1798d62e5da5404']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a38-7e24-46f5-be1f-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:32.000Z",
"modified": "2017-01-31T08:26:32.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'cc38fd598cbef1a3816bb64f2990e9b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a39-63c0-48be-a0ef-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:33.000Z",
"modified": "2017-01-31T08:26:33.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'cdb0762becd67b893d73cda594cd1c3e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a39-ef10-4b4e-8ea6-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:33.000Z",
"modified": "2017-01-31T08:26:33.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'd4c5384da41fd391d16eff60abc21405']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a3a-8084-4462-9842-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:34.000Z",
"modified": "2017-01-31T08:26:34.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'd840ecdd9c8b32af83131dab66ec0f44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a3b-2034-4060-acfe-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:35.000Z",
"modified": "2017-01-31T08:26:35.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'e54d28a24c976348c438f45281d68c54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a3c-9418-4409-b165-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:36.000Z",
"modified": "2017-01-31T08:26:36.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'e83d79fb671cf2335025022bebbb0bdd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a3c-a448-4d93-9a7d-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:36.000Z",
"modified": "2017-01-31T08:26:36.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'ebbf3f2385157240e8a45a9dd00ddaef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a3d-647c-4277-a452-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:37.000Z",
"modified": "2017-01-31T08:26:37.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'f33808ea5100648108c7d0d6a0d5eb61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a3e-bab0-41cc-b0da-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:38.000Z",
"modified": "2017-01-31T08:26:38.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'f5f698c6c0660d14ce19fd36a4e94b9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a3e-f058-404d-beec-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:38.000Z",
"modified": "2017-01-31T08:26:38.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'f79035227cace85f01ee4ae63ad7c511']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904a3f-fed8-4590-a773-e596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:26:39.000Z",
"modified": "2017-01-31T08:26:39.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = 'fdca6464b694739178b5a46d3d9b0f5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:26:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904a73-70a4-403a-93d1-e27e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:27:50.000Z",
"modified": "2017-01-31T08:27:50.000Z",
"first_observed": "2017-01-31T08:27:50Z",
"last_observed": "2017-01-31T08:27:50Z",
"number_observed": 1,
"object_refs": [
"url--58904a73-70a4-403a-93d1-e27e950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"admiralty-scale:source-reliability=\"b\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904a73-70a4-403a-93d1-e27e950d210f",
"value": "https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b89-e114-4294-91cb-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:09.000Z",
"modified": "2017-01-31T08:32:09.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '4ada3fabb0e2cd0c90b16ec79e8147d8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b8a-d2cc-4756-ab3f-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:10.000Z",
"modified": "2017-01-31T08:32:10.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '20816af7c443180cccc6aa962151af67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b8a-9878-495a-acfb-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:10.000Z",
"modified": "2017-01-31T08:32:10.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '23de0ef14737b0398af94d9d9ec5d5b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b8b-67a4-4710-af2a-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:11.000Z",
"modified": "2017-01-31T08:32:11.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '2510953f05dcd2c758ad29160bbc3911']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b8c-d91c-43b1-ba31-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:12.000Z",
"modified": "2017-01-31T08:32:12.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '2bbd8aa8be75537bd60e68b124eafbff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b8c-2170-4f0e-9962-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:12.000Z",
"modified": "2017-01-31T08:32:12.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '33252b2c9e054617ecb7172837ce7775']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b8d-e6a4-47f1-ac59-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:13.000Z",
"modified": "2017-01-31T08:32:13.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '37768af89b093b96ab7671456de894bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b8e-7fb8-4829-a6e0-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:14.000Z",
"modified": "2017-01-31T08:32:14.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '3bf85b3bf7393ec22426919d341715e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b8f-9f6c-4698-9259-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:15.000Z",
"modified": "2017-01-31T08:32:15.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '3ddf657800e60a57b884b87e1e8a987c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b90-0d78-4e48-92b6-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:16.000Z",
"modified": "2017-01-31T08:32:16.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '4725f4b5eec09bdb29433cbea6e360b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b90-dc38-4499-a4f0-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:16.000Z",
"modified": "2017-01-31T08:32:16.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '52645badc17613f95a7962b07e2f063e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b91-d390-41d5-b7e4-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:17.000Z",
"modified": "2017-01-31T08:32:17.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '53203a1b05c0e039d8e690bad4808b97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b92-80c8-46b8-9765-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:18.000Z",
"modified": "2017-01-31T08:32:18.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '5649e7a200df2fb85ad1fb5a723bef22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b93-4070-46d2-b1dc-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:19.000Z",
"modified": "2017-01-31T08:32:19.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '5d513187fc3357bc58d49c33f1c3e9c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b93-ea2c-4a6c-8502-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:19.000Z",
"modified": "2017-01-31T08:32:19.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '5d817395b4e6a828850e0010edeccc93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b94-f1c4-40c0-8cfc-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:20.000Z",
"modified": "2017-01-31T08:32:20.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '5e5289bb2b5bb89bddbc2ec0a38a6c9b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b95-63bc-48dd-a55c-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:21.000Z",
"modified": "2017-01-31T08:32:21.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '5fa30772b1f7a1f6dd33b84180f17add']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b96-88c8-4614-8c6e-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:22.000Z",
"modified": "2017-01-31T08:32:22.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '624f84a9d8979789c630327a6b08c7c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b96-f9ac-4b3d-b50e-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:22.000Z",
"modified": "2017-01-31T08:32:22.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '6255a9d71494381b8a4319fd139e9242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904b97-ea28-4c94-be8c-e590950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:32:23.000Z",
"modified": "2017-01-31T08:32:23.000Z",
"description": "Flokibot Sample hashes",
"pattern": "[file:hashes.MD5 = '64a23908ade4bbf2a7c4aa31be3cff24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:32:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904bfd-0f40-4c7d-a996-e250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:05.000Z",
"modified": "2017-01-31T08:34:05.000Z",
"description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"pattern": "[domain-name:value = 'blackircd.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904bfe-c01c-4ad2-a596-e250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:06.000Z",
"modified": "2017-01-31T08:34:06.000Z",
"description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"pattern": "[domain-name:value = 'treasurehunter.at']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904bff-83b8-4155-a932-e250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:07.000Z",
"modified": "2017-01-31T08:34:07.000Z",
"description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"pattern": "[domain-name:value = '4haters.ga']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904bff-9434-4a37-830f-e250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:07.000Z",
"modified": "2017-01-31T08:34:07.000Z",
"description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"pattern": "[domain-name:value = 'uspal.cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c00-bc58-4ea9-b342-e250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:08.000Z",
"modified": "2017-01-31T08:34:08.000Z",
"description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"pattern": "[domain-name:value = 'duparseled.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c01-6194-4327-90bb-e250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:09.000Z",
"modified": "2017-01-31T08:34:09.000Z",
"description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"pattern": "[domain-name:value = 'web.netsworkupdates.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c01-2f14-4305-b9b1-e250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:09.000Z",
"modified": "2017-01-31T08:34:09.000Z",
"description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"pattern": "[domain-name:value = 'slalsaxxa1ma.cma.beehoney.co.nz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c02-e4a4-4a9c-8a06-e250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:10.000Z",
"modified": "2017-01-31T08:34:10.000Z",
"description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"pattern": "[domain-name:value = 'adultgirlmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c03-7448-4bb3-98a5-e250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:11.000Z",
"modified": "2017-01-31T08:34:11.000Z",
"description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"pattern": "[domain-name:value = 'wowsupplier.ga']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c04-64a4-4560-ad9b-e250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:12.000Z",
"modified": "2017-01-31T08:34:12.000Z",
"description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"pattern": "[domain-name:value = 'extensivee.bid']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c04-5c6c-495b-b3e1-e250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:12.000Z",
"modified": "2017-01-31T08:34:12.000Z",
"description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"pattern": "[domain-name:value = 'feed.networksupdates.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c05-9008-4b12-a4c5-e250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:13.000Z",
"modified": "2017-01-31T08:34:13.000Z",
"description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"pattern": "[domain-name:value = 'springlovee.at']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c06-c070-4d5f-b634-e250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:14.000Z",
"modified": "2017-01-31T08:34:14.000Z",
"description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"pattern": "[domain-name:value = 'vtraffic.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c07-7610-4b62-aad0-e250950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:15.000Z",
"modified": "2017-01-31T08:34:15.000Z",
"description": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"pattern": "[domain-name:value = 'shhtunnel.at']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c1f-0a38-440d-ac22-e59a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:39.000Z",
"modified": "2017-01-31T08:34:39.000Z",
"description": "Passive DNS Insight",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.191.52.175']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c20-94b8-414a-b22e-e59a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:40.000Z",
"modified": "2017-01-31T08:34:40.000Z",
"description": "Passive DNS Insight",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '128.199.205.239']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c20-7898-492a-9f4b-e59a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:40.000Z",
"modified": "2017-01-31T08:34:40.000Z",
"description": "Passive DNS Insight",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.67.156.144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c21-820c-4a61-8a3b-e59a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:41.000Z",
"modified": "2017-01-31T08:34:41.000Z",
"description": "Passive DNS Insight",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.252.246.108']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c22-44cc-4586-8c00-e59a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:34:42.000Z",
"modified": "2017-01-31T08:34:42.000Z",
"description": "Passive DNS Insight",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.243.164.43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:34:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c3b-efc8-4708-96d8-e24a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:35:07.000Z",
"modified": "2017-01-31T08:35:07.000Z",
"description": "Andromeda / downloader",
"pattern": "[domain-name:value = 'sshtunnel02.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:35:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904c3c-5f70-488a-a4c9-e24a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:35:08.000Z",
"modified": "2017-01-31T08:35:08.000Z",
"description": "Ransomware",
"pattern": "[domain-name:value = 'p0o9i8u7y9.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:35:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904cfd-a950-492d-889a-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:21.000Z",
"modified": "2017-01-31T08:38:21.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 64a23908ade4bbf2a7c4aa31be3cff24",
"pattern": "[file:hashes.SHA256 = 'a4a810eebd2fae1d088ee62af725e39717ead68140c4c5104605465319203d5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904cfd-6f1c-4fbd-9893-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:21.000Z",
"modified": "2017-01-31T08:38:21.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 64a23908ade4bbf2a7c4aa31be3cff24",
"pattern": "[file:hashes.SHA1 = '2f87c2ce9ae1b741ac5477e9f8b786716b94afc5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904cfe-309c-4fc5-a399-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:22.000Z",
"modified": "2017-01-31T08:38:22.000Z",
"first_observed": "2017-01-31T08:38:22Z",
"last_observed": "2017-01-31T08:38:22Z",
"number_observed": 1,
"object_refs": [
"url--58904cfe-309c-4fc5-a399-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904cfe-309c-4fc5-a399-e25202de0b81",
"value": "https://www.virustotal.com/file/a4a810eebd2fae1d088ee62af725e39717ead68140c4c5104605465319203d5e/analysis/1479614665/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904cff-4ff8-4903-8dee-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:23.000Z",
"modified": "2017-01-31T08:38:23.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 6255a9d71494381b8a4319fd139e9242",
"pattern": "[file:hashes.SHA256 = 'd037964bd7ce1ea678c86aaf4326de665b39a76cd9e8664fb6faee79c585bd62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d00-becc-4214-afb6-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:24.000Z",
"modified": "2017-01-31T08:38:24.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 6255a9d71494381b8a4319fd139e9242",
"pattern": "[file:hashes.SHA1 = '93c2ed068a431e098191bd871992d0e45b8876cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d00-8cf8-4b67-8abe-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:24.000Z",
"modified": "2017-01-31T08:38:24.000Z",
"first_observed": "2017-01-31T08:38:24Z",
"last_observed": "2017-01-31T08:38:24Z",
"number_observed": 1,
"object_refs": [
"url--58904d00-8cf8-4b67-8abe-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d00-8cf8-4b67-8abe-e25202de0b81",
"value": "https://www.virustotal.com/file/d037964bd7ce1ea678c86aaf4326de665b39a76cd9e8664fb6faee79c585bd62/analysis/1480677470/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d01-5c78-4193-85c2-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:25.000Z",
"modified": "2017-01-31T08:38:25.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 624f84a9d8979789c630327a6b08c7c6",
"pattern": "[file:hashes.SHA256 = 'a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d02-e95c-4206-a9fd-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:26.000Z",
"modified": "2017-01-31T08:38:26.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 624f84a9d8979789c630327a6b08c7c6",
"pattern": "[file:hashes.SHA1 = 'f9484baf6f7194248a388d41dfd06543b3dc5d26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d02-f8b8-47fa-b354-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:26.000Z",
"modified": "2017-01-31T08:38:26.000Z",
"first_observed": "2017-01-31T08:38:26Z",
"last_observed": "2017-01-31T08:38:26Z",
"number_observed": 1,
"object_refs": [
"url--58904d02-f8b8-47fa-b354-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d02-f8b8-47fa-b354-e25202de0b81",
"value": "https://www.virustotal.com/file/a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa/analysis/1483842081/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d03-e6d0-4714-ac82-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:27.000Z",
"modified": "2017-01-31T08:38:27.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 5fa30772b1f7a1f6dd33b84180f17add",
"pattern": "[file:hashes.SHA256 = '562f1b99f2ed4ef74a175f488b2744aee22d49a255be2110acd57465a05e5a2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d04-0b3c-4623-9724-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:28.000Z",
"modified": "2017-01-31T08:38:28.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 5fa30772b1f7a1f6dd33b84180f17add",
"pattern": "[file:hashes.SHA1 = 'f0ff98a966ad2ddc38694a8002aed0c70a82b0f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d05-cd14-451e-b0da-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:29.000Z",
"modified": "2017-01-31T08:38:29.000Z",
"first_observed": "2017-01-31T08:38:29Z",
"last_observed": "2017-01-31T08:38:29Z",
"number_observed": 1,
"object_refs": [
"url--58904d05-cd14-451e-b0da-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d05-cd14-451e-b0da-e25202de0b81",
"value": "https://www.virustotal.com/file/562f1b99f2ed4ef74a175f488b2744aee22d49a255be2110acd57465a05e5a2c/analysis/1480172318/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d05-4670-420a-bd2d-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:29.000Z",
"modified": "2017-01-31T08:38:29.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 5e5289bb2b5bb89bddbc2ec0a38a6c9b",
"pattern": "[file:hashes.SHA256 = '20567c4ff6178ac99f4584408dafc736c8504c8e3acf8db0b3015938e8483c02']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d06-8e08-4422-9f86-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:30.000Z",
"modified": "2017-01-31T08:38:30.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 5e5289bb2b5bb89bddbc2ec0a38a6c9b",
"pattern": "[file:hashes.SHA1 = 'b07cc350d879d906af4d6f203ab236cd18abe7b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d07-4e04-4b51-b66d-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:31.000Z",
"modified": "2017-01-31T08:38:31.000Z",
"first_observed": "2017-01-31T08:38:31Z",
"last_observed": "2017-01-31T08:38:31Z",
"number_observed": 1,
"object_refs": [
"url--58904d07-4e04-4b51-b66d-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d07-4e04-4b51-b66d-e25202de0b81",
"value": "https://www.virustotal.com/file/20567c4ff6178ac99f4584408dafc736c8504c8e3acf8db0b3015938e8483c02/analysis/1480624347/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d08-c920-4f0a-b5d1-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:32.000Z",
"modified": "2017-01-31T08:38:32.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 5d817395b4e6a828850e0010edeccc93",
"pattern": "[file:hashes.SHA256 = 'b3d08fdd904e214ea5a9044b2ae4b7eaf2b35512f0956ed46237b962276de07e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d08-7b14-4612-a050-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:32.000Z",
"modified": "2017-01-31T08:38:32.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 5d817395b4e6a828850e0010edeccc93",
"pattern": "[file:hashes.SHA1 = '26b75a8962310ab39283cdf28d63cf8f80c002bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d09-3680-4ba2-9658-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:33.000Z",
"modified": "2017-01-31T08:38:33.000Z",
"first_observed": "2017-01-31T08:38:33Z",
"last_observed": "2017-01-31T08:38:33Z",
"number_observed": 1,
"object_refs": [
"url--58904d09-3680-4ba2-9658-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d09-3680-4ba2-9658-e25202de0b81",
"value": "https://www.virustotal.com/file/b3d08fdd904e214ea5a9044b2ae4b7eaf2b35512f0956ed46237b962276de07e/analysis/1479908511/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d0a-b16c-4dcf-9b24-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:34.000Z",
"modified": "2017-01-31T08:38:34.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 5d513187fc3357bc58d49c33f1c3e9c7",
"pattern": "[file:hashes.SHA256 = '5c40ffd550c2a0849279270fab45968f27dd75d36f0338f2d4a014de477b318b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d0a-8814-42e8-a211-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:34.000Z",
"modified": "2017-01-31T08:38:34.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 5d513187fc3357bc58d49c33f1c3e9c7",
"pattern": "[file:hashes.SHA1 = 'cce9e52f8c69a5dd1ce1c8e7df618ee7ff5a2994']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d0b-37ac-443c-a148-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:35.000Z",
"modified": "2017-01-31T08:38:35.000Z",
"first_observed": "2017-01-31T08:38:35Z",
"last_observed": "2017-01-31T08:38:35Z",
"number_observed": 1,
"object_refs": [
"url--58904d0b-37ac-443c-a148-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d0b-37ac-443c-a148-e25202de0b81",
"value": "https://www.virustotal.com/file/5c40ffd550c2a0849279270fab45968f27dd75d36f0338f2d4a014de477b318b/analysis/1480172229/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d0c-dfb8-4adb-9ad2-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:36.000Z",
"modified": "2017-01-31T08:38:36.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 5649e7a200df2fb85ad1fb5a723bef22",
"pattern": "[file:hashes.SHA256 = '5e1967db286d886b87d1ec655559b9af694fc6e002fea3a6c7fd3c6b0b49ea6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d0c-1aa4-44e0-8fd4-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:36.000Z",
"modified": "2017-01-31T08:38:36.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 5649e7a200df2fb85ad1fb5a723bef22",
"pattern": "[file:hashes.SHA1 = 'b057d20122048001850afeca671fd31dbcdd1c76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d0d-7830-485e-8576-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:37.000Z",
"modified": "2017-01-31T08:38:37.000Z",
"first_observed": "2017-01-31T08:38:37Z",
"last_observed": "2017-01-31T08:38:37Z",
"number_observed": 1,
"object_refs": [
"url--58904d0d-7830-485e-8576-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d0d-7830-485e-8576-e25202de0b81",
"value": "https://www.virustotal.com/file/5e1967db286d886b87d1ec655559b9af694fc6e002fea3a6c7fd3c6b0b49ea6e/analysis/1484658535/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d0e-9fb0-4cac-be87-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:38.000Z",
"modified": "2017-01-31T08:38:38.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 53203a1b05c0e039d8e690bad4808b97",
"pattern": "[file:hashes.SHA256 = 'ce1c00243eb04d83151f41d6286abc22762bb3a307d187c947e54e71cca2d0bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d0f-3da4-49c8-854c-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:39.000Z",
"modified": "2017-01-31T08:38:39.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 53203a1b05c0e039d8e690bad4808b97",
"pattern": "[file:hashes.SHA1 = '8a48a0a2e9b98a4c8e72663a04b7422c490823c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d0f-1f48-4288-95f1-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:39.000Z",
"modified": "2017-01-31T08:38:39.000Z",
"first_observed": "2017-01-31T08:38:39Z",
"last_observed": "2017-01-31T08:38:39Z",
"number_observed": 1,
"object_refs": [
"url--58904d0f-1f48-4288-95f1-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d0f-1f48-4288-95f1-e25202de0b81",
"value": "https://www.virustotal.com/file/ce1c00243eb04d83151f41d6286abc22762bb3a307d187c947e54e71cca2d0bf/analysis/1482096582/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d10-3bd0-4404-821b-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:40.000Z",
"modified": "2017-01-31T08:38:40.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 52645badc17613f95a7962b07e2f063e",
"pattern": "[file:hashes.SHA256 = '54ec1c5c5e958d1177889b829e6fd0d2056586f6d3fcfb168a0a68700f634d77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d11-1e24-4858-8c14-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:41.000Z",
"modified": "2017-01-31T08:38:41.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 52645badc17613f95a7962b07e2f063e",
"pattern": "[file:hashes.SHA1 = '9f47f08b72776c863890dcc24fa98fe52e564da3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d11-8ccc-4007-aef3-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:41.000Z",
"modified": "2017-01-31T08:38:41.000Z",
"first_observed": "2017-01-31T08:38:41Z",
"last_observed": "2017-01-31T08:38:41Z",
"number_observed": 1,
"object_refs": [
"url--58904d11-8ccc-4007-aef3-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d11-8ccc-4007-aef3-e25202de0b81",
"value": "https://www.virustotal.com/file/54ec1c5c5e958d1177889b829e6fd0d2056586f6d3fcfb168a0a68700f634d77/analysis/1482751964/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d12-b4fc-4616-943b-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:42.000Z",
"modified": "2017-01-31T08:38:42.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 4725f4b5eec09bdb29433cbea6e360b3",
"pattern": "[file:hashes.SHA256 = '3208f3849737d1ca815cd3f154a8165dd454273657cbd0b1450bddde628348dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d13-66d4-43e9-b290-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:43.000Z",
"modified": "2017-01-31T08:38:43.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 4725f4b5eec09bdb29433cbea6e360b3",
"pattern": "[file:hashes.SHA1 = 'b5a6a3aa9a994c0bc18f10418c44083951a5d63c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d14-1e48-4596-9d5e-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:44.000Z",
"modified": "2017-01-31T08:38:44.000Z",
"first_observed": "2017-01-31T08:38:44Z",
"last_observed": "2017-01-31T08:38:44Z",
"number_observed": 1,
"object_refs": [
"url--58904d14-1e48-4596-9d5e-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d14-1e48-4596-9d5e-e25202de0b81",
"value": "https://www.virustotal.com/file/3208f3849737d1ca815cd3f154a8165dd454273657cbd0b1450bddde628348dd/analysis/1481588732/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d15-f088-4585-80dc-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:45.000Z",
"modified": "2017-01-31T08:38:45.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 3ddf657800e60a57b884b87e1e8a987c",
"pattern": "[file:hashes.SHA256 = '9ed055548ed4439905225f24366927d7e8d045d69809cfec8af48a35f7ae636a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d15-8acc-441d-ac4c-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:45.000Z",
"modified": "2017-01-31T08:38:45.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 3ddf657800e60a57b884b87e1e8a987c",
"pattern": "[file:hashes.SHA1 = 'de090b7be6d5c2488ce0225c15048429d4cd1158']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d16-d4e8-4466-93f7-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:46.000Z",
"modified": "2017-01-31T08:38:46.000Z",
"first_observed": "2017-01-31T08:38:46Z",
"last_observed": "2017-01-31T08:38:46Z",
"number_observed": 1,
"object_refs": [
"url--58904d16-d4e8-4466-93f7-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d16-d4e8-4466-93f7-e25202de0b81",
"value": "https://www.virustotal.com/file/9ed055548ed4439905225f24366927d7e8d045d69809cfec8af48a35f7ae636a/analysis/1483968394/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d17-fea4-402e-98c3-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:47.000Z",
"modified": "2017-01-31T08:38:47.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 37768af89b093b96ab7671456de894bc",
"pattern": "[file:hashes.SHA256 = '4bdd8bbdab3021d1d8cc23c388db83f1673bdab44288fccae932660eb11aec2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d17-3828-479c-9699-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:47.000Z",
"modified": "2017-01-31T08:38:47.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 37768af89b093b96ab7671456de894bc",
"pattern": "[file:hashes.SHA1 = '5ae4f380324ce93243504092592c7b275420a338']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d18-b61c-4e84-96bc-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:48.000Z",
"modified": "2017-01-31T08:38:48.000Z",
"first_observed": "2017-01-31T08:38:48Z",
"last_observed": "2017-01-31T08:38:48Z",
"number_observed": 1,
"object_refs": [
"url--58904d18-b61c-4e84-96bc-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d18-b61c-4e84-96bc-e25202de0b81",
"value": "https://www.virustotal.com/file/4bdd8bbdab3021d1d8cc23c388db83f1673bdab44288fccae932660eb11aec2a/analysis/1484690283/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d19-dfd8-4d62-b953-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:49.000Z",
"modified": "2017-01-31T08:38:49.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 33252b2c9e054617ecb7172837ce7775",
"pattern": "[file:hashes.SHA256 = 'b7d3cc17b4a70b0fc35963a36369935b86a4c7a4396846582c04d674cf40aade']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d1a-96f8-429a-8bfa-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:50.000Z",
"modified": "2017-01-31T08:38:50.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 33252b2c9e054617ecb7172837ce7775",
"pattern": "[file:hashes.SHA1 = 'f994ac8328267dbe37ce9d1e47f105f2cea922d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d1a-a2e0-431d-8f75-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:50.000Z",
"modified": "2017-01-31T08:38:50.000Z",
"first_observed": "2017-01-31T08:38:50Z",
"last_observed": "2017-01-31T08:38:50Z",
"number_observed": 1,
"object_refs": [
"url--58904d1a-a2e0-431d-8f75-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d1a-a2e0-431d-8f75-e25202de0b81",
"value": "https://www.virustotal.com/file/b7d3cc17b4a70b0fc35963a36369935b86a4c7a4396846582c04d674cf40aade/analysis/1481664304/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d1b-c048-4490-860c-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:51.000Z",
"modified": "2017-01-31T08:38:51.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 2bbd8aa8be75537bd60e68b124eafbff",
"pattern": "[file:hashes.SHA256 = '2b832ef36978f7852be42e6585e761c3e288cfbb53aef595c7289a3aef0d3c95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d1c-e958-41df-95b5-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:52.000Z",
"modified": "2017-01-31T08:38:52.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 2bbd8aa8be75537bd60e68b124eafbff",
"pattern": "[file:hashes.SHA1 = 'f2d5ca7d009f01be4b21a269de4554c7bd891473']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d1c-c35c-415e-8088-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:52.000Z",
"modified": "2017-01-31T08:38:52.000Z",
"first_observed": "2017-01-31T08:38:52Z",
"last_observed": "2017-01-31T08:38:52Z",
"number_observed": 1,
"object_refs": [
"url--58904d1c-c35c-415e-8088-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d1c-c35c-415e-8088-e25202de0b81",
"value": "https://www.virustotal.com/file/2b832ef36978f7852be42e6585e761c3e288cfbb53aef595c7289a3aef0d3c95/analysis/1481808375/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d1d-e87c-489b-bb98-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:53.000Z",
"modified": "2017-01-31T08:38:53.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 2510953f05dcd2c758ad29160bbc3911",
"pattern": "[file:hashes.SHA256 = 'fbf23b449db5ae1122c503756d9ad7f4d1c77ed367f0874ffe8dde5c578dd2c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d1e-e9e0-4f80-aa5a-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:54.000Z",
"modified": "2017-01-31T08:38:54.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 2510953f05dcd2c758ad29160bbc3911",
"pattern": "[file:hashes.SHA1 = '9e0094cc8be1bbe494d7dac88a57a3db235f8a04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d1f-a454-4d66-afd2-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:55.000Z",
"modified": "2017-01-31T08:38:55.000Z",
"first_observed": "2017-01-31T08:38:55Z",
"last_observed": "2017-01-31T08:38:55Z",
"number_observed": 1,
"object_refs": [
"url--58904d1f-a454-4d66-afd2-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d1f-a454-4d66-afd2-e25202de0b81",
"value": "https://www.virustotal.com/file/fbf23b449db5ae1122c503756d9ad7f4d1c77ed367f0874ffe8dde5c578dd2c8/analysis/1477747774/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d1f-9a08-44ac-a0fa-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:55.000Z",
"modified": "2017-01-31T08:38:55.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 23de0ef14737b0398af94d9d9ec5d5b7",
"pattern": "[file:hashes.SHA256 = '9d9c0ada6891309c2e43f6bad7ffe55c724bb79a0983ea6a51bc1d5dc7dccf83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d20-1c1c-47a6-92fb-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:56.000Z",
"modified": "2017-01-31T08:38:56.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 23de0ef14737b0398af94d9d9ec5d5b7",
"pattern": "[file:hashes.SHA1 = '38e37f1f3f89e76d390564e8ff37eebba8cada44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d21-0560-4b42-80c4-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:57.000Z",
"modified": "2017-01-31T08:38:57.000Z",
"first_observed": "2017-01-31T08:38:57Z",
"last_observed": "2017-01-31T08:38:57Z",
"number_observed": 1,
"object_refs": [
"url--58904d21-0560-4b42-80c4-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d21-0560-4b42-80c4-e25202de0b81",
"value": "https://www.virustotal.com/file/9d9c0ada6891309c2e43f6bad7ffe55c724bb79a0983ea6a51bc1d5dc7dccf83/analysis/1479905945/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d22-2a9c-4eb8-8e49-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:58.000Z",
"modified": "2017-01-31T08:38:58.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 20816af7c443180cccc6aa962151af67",
"pattern": "[file:hashes.SHA256 = '94aec5548e1c51ba874b5723b445fad1c9bf3ac39d45b21d9ef5277ab4b1315b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d22-83b0-4c6e-9e99-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:58.000Z",
"modified": "2017-01-31T08:38:58.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 20816af7c443180cccc6aa962151af67",
"pattern": "[file:hashes.SHA1 = '7583d06da294a47ddcc48b2b19f19d6a5220c1fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:38:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d23-3de0-46eb-8cf8-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:38:59.000Z",
"modified": "2017-01-31T08:38:59.000Z",
"first_observed": "2017-01-31T08:38:59Z",
"last_observed": "2017-01-31T08:38:59Z",
"number_observed": 1,
"object_refs": [
"url--58904d23-3de0-46eb-8cf8-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d23-3de0-46eb-8cf8-e25202de0b81",
"value": "https://www.virustotal.com/file/94aec5548e1c51ba874b5723b445fad1c9bf3ac39d45b21d9ef5277ab4b1315b/analysis/1478620795/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d24-34dc-46ea-92ef-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:00.000Z",
"modified": "2017-01-31T08:39:00.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 4ada3fabb0e2cd0c90b16ec79e8147d8",
"pattern": "[file:hashes.SHA256 = '0aa1f07a2ebcdd42896d3d8fdb5e9a9fef0f4f894d2501b9cbbe4cbad673ec03']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d24-ee5c-4c89-b27a-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:00.000Z",
"modified": "2017-01-31T08:39:00.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 4ada3fabb0e2cd0c90b16ec79e8147d8",
"pattern": "[file:hashes.SHA1 = '44cea646146c11e85bbffbaf634e728b3aea16ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d25-ec48-4dff-95e3-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:01.000Z",
"modified": "2017-01-31T08:39:01.000Z",
"first_observed": "2017-01-31T08:39:01Z",
"last_observed": "2017-01-31T08:39:01Z",
"number_observed": 1,
"object_refs": [
"url--58904d25-ec48-4dff-95e3-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d25-ec48-4dff-95e3-e25202de0b81",
"value": "https://www.virustotal.com/file/0aa1f07a2ebcdd42896d3d8fdb5e9a9fef0f4f894d2501b9cbbe4cbad673ec03/analysis/1481230392/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d26-6128-469d-ae2f-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:02.000Z",
"modified": "2017-01-31T08:39:02.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: fdca6464b694739178b5a46d3d9b0f5c",
"pattern": "[file:hashes.SHA256 = 'df90aeedeceea03a7f996cddcb198a2dfe210c1e671d689e257d248f6808e001']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d27-c534-495a-a440-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:03.000Z",
"modified": "2017-01-31T08:39:03.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: fdca6464b694739178b5a46d3d9b0f5c",
"pattern": "[file:hashes.SHA1 = 'b40dcfb36187f8e50046d58b1d42c984bad3405d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d27-e8e0-47c1-a6da-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:03.000Z",
"modified": "2017-01-31T08:39:03.000Z",
"first_observed": "2017-01-31T08:39:03Z",
"last_observed": "2017-01-31T08:39:03Z",
"number_observed": 1,
"object_refs": [
"url--58904d27-e8e0-47c1-a6da-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d27-e8e0-47c1-a6da-e25202de0b81",
"value": "https://www.virustotal.com/file/df90aeedeceea03a7f996cddcb198a2dfe210c1e671d689e257d248f6808e001/analysis/1481386862/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d28-0644-4238-a0b6-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:04.000Z",
"modified": "2017-01-31T08:39:04.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: f79035227cace85f01ee4ae63ad7c511",
"pattern": "[file:hashes.SHA256 = '60151ba2f1f43ce900eeb76f3c9f2bcc166740e014ab6654a96216ddbf3ed227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d29-df88-4503-b865-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:05.000Z",
"modified": "2017-01-31T08:39:05.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: f79035227cace85f01ee4ae63ad7c511",
"pattern": "[file:hashes.SHA1 = 'e53a2b657c7f71d4b86f42f549fc61299922f291']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d29-a578-44b0-84e7-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:05.000Z",
"modified": "2017-01-31T08:39:05.000Z",
"first_observed": "2017-01-31T08:39:05Z",
"last_observed": "2017-01-31T08:39:05Z",
"number_observed": 1,
"object_refs": [
"url--58904d29-a578-44b0-84e7-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d29-a578-44b0-84e7-e25202de0b81",
"value": "https://www.virustotal.com/file/60151ba2f1f43ce900eeb76f3c9f2bcc166740e014ab6654a96216ddbf3ed227/analysis/1480677608/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d2a-1850-41c0-bb2b-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:06.000Z",
"modified": "2017-01-31T08:39:06.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: f5f698c6c0660d14ce19fd36a4e94b9c",
"pattern": "[file:hashes.SHA256 = '09032a7bf6eef650007c5e57e74f1abb2b7a0c2c97d7c5975ab348cf5419ccd8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d2b-1320-4671-a651-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:07.000Z",
"modified": "2017-01-31T08:39:07.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: f5f698c6c0660d14ce19fd36a4e94b9c",
"pattern": "[file:hashes.SHA1 = 'b0c7415b762186a316b96b976087c3bc66de599e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d2c-afb0-4a44-b418-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:08.000Z",
"modified": "2017-01-31T08:39:08.000Z",
"first_observed": "2017-01-31T08:39:08Z",
"last_observed": "2017-01-31T08:39:08Z",
"number_observed": 1,
"object_refs": [
"url--58904d2c-afb0-4a44-b418-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d2c-afb0-4a44-b418-e25202de0b81",
"value": "https://www.virustotal.com/file/09032a7bf6eef650007c5e57e74f1abb2b7a0c2c97d7c5975ab348cf5419ccd8/analysis/1483081815/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d2c-0878-48ad-af07-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:08.000Z",
"modified": "2017-01-31T08:39:08.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: f33808ea5100648108c7d0d6a0d5eb61",
"pattern": "[file:hashes.SHA256 = '7bd22e3147122eb4438f02356e8927f36866efa0cc07cc604f1bff03d76222a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d2d-8018-4e44-bd72-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:09.000Z",
"modified": "2017-01-31T08:39:09.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: f33808ea5100648108c7d0d6a0d5eb61",
"pattern": "[file:hashes.SHA1 = '79908f60571d837924118bd697e5b267a1c5fafa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d2e-6c00-4a7f-a5d0-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:10.000Z",
"modified": "2017-01-31T08:39:10.000Z",
"first_observed": "2017-01-31T08:39:10Z",
"last_observed": "2017-01-31T08:39:10Z",
"number_observed": 1,
"object_refs": [
"url--58904d2e-6c00-4a7f-a5d0-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d2e-6c00-4a7f-a5d0-e25202de0b81",
"value": "https://www.virustotal.com/file/7bd22e3147122eb4438f02356e8927f36866efa0cc07cc604f1bff03d76222a6/analysis/1480568783/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d2e-a1a4-4a5f-a7f8-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:10.000Z",
"modified": "2017-01-31T08:39:10.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: ebbf3f2385157240e8a45a9dd00ddaef",
"pattern": "[file:hashes.SHA256 = 'ea2b311cabaa6e43d858d1c29089189e7da7fdd2774d2651fffa6dda2bb9985f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d2f-4288-4eea-9761-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:11.000Z",
"modified": "2017-01-31T08:39:11.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: ebbf3f2385157240e8a45a9dd00ddaef",
"pattern": "[file:hashes.SHA1 = '6b33da8f57ae42e0f5b63ec6c83a88d7b14b7217']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d30-3540-454d-be48-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:12.000Z",
"modified": "2017-01-31T08:39:12.000Z",
"first_observed": "2017-01-31T08:39:12Z",
"last_observed": "2017-01-31T08:39:12Z",
"number_observed": 1,
"object_refs": [
"url--58904d30-3540-454d-be48-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d30-3540-454d-be48-e25202de0b81",
"value": "https://www.virustotal.com/file/ea2b311cabaa6e43d858d1c29089189e7da7fdd2774d2651fffa6dda2bb9985f/analysis/1481664072/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d31-ce04-4d0d-bb7f-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:13.000Z",
"modified": "2017-01-31T08:39:13.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: e83d79fb671cf2335025022bebbb0bdd",
"pattern": "[file:hashes.SHA256 = 'fbfecdfae811afadab5bddeef7f45202a0f891cea2b05e82abaa460fde151312']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d31-e1d8-4e3b-8a9d-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:13.000Z",
"modified": "2017-01-31T08:39:13.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: e83d79fb671cf2335025022bebbb0bdd",
"pattern": "[file:hashes.SHA1 = '737e61bcd3a4d2a0deaa061cdfa059d641380073']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d32-004c-4efc-ae84-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:14.000Z",
"modified": "2017-01-31T08:39:14.000Z",
"first_observed": "2017-01-31T08:39:14Z",
"last_observed": "2017-01-31T08:39:14Z",
"number_observed": 1,
"object_refs": [
"url--58904d32-004c-4efc-ae84-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d32-004c-4efc-ae84-e25202de0b81",
"value": "https://www.virustotal.com/file/fbfecdfae811afadab5bddeef7f45202a0f891cea2b05e82abaa460fde151312/analysis/1483447618/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d33-ca1c-4a89-9fe6-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:15.000Z",
"modified": "2017-01-31T08:39:15.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: e54d28a24c976348c438f45281d68c54",
"pattern": "[file:hashes.SHA256 = '5d2ee0440314f7229a126baa152e43473d771591e818f8317275c175fd888f23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d34-9370-4f17-b899-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:16.000Z",
"modified": "2017-01-31T08:39:16.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: e54d28a24c976348c438f45281d68c54",
"pattern": "[file:hashes.SHA1 = '3cd014e2ebdb8dd679deb70cd1005b0a2b8283e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d34-952c-4b2f-bd6a-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:16.000Z",
"modified": "2017-01-31T08:39:16.000Z",
"first_observed": "2017-01-31T08:39:16Z",
"last_observed": "2017-01-31T08:39:16Z",
"number_observed": 1,
"object_refs": [
"url--58904d34-952c-4b2f-bd6a-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d34-952c-4b2f-bd6a-e25202de0b81",
"value": "https://www.virustotal.com/file/5d2ee0440314f7229a126baa152e43473d771591e818f8317275c175fd888f23/analysis/1478618090/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d35-02f0-4d28-bbf4-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:17.000Z",
"modified": "2017-01-31T08:39:17.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: d840ecdd9c8b32af83131dab66ec0f44",
"pattern": "[file:hashes.SHA256 = '77a4c8babcc18e0d42a9338d132ec6e44b55f4479efb836f699c0d7984898db1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d36-88cc-48a5-af41-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:18.000Z",
"modified": "2017-01-31T08:39:18.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: d840ecdd9c8b32af83131dab66ec0f44",
"pattern": "[file:hashes.SHA1 = 'cdeba8c395be1f4b61d30dac1d32dd3567264262']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d37-97c0-494d-aeed-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:19.000Z",
"modified": "2017-01-31T08:39:19.000Z",
"first_observed": "2017-01-31T08:39:19Z",
"last_observed": "2017-01-31T08:39:19Z",
"number_observed": 1,
"object_refs": [
"url--58904d37-97c0-494d-aeed-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d37-97c0-494d-aeed-e25202de0b81",
"value": "https://www.virustotal.com/file/77a4c8babcc18e0d42a9338d132ec6e44b55f4479efb836f699c0d7984898db1/analysis/1483968372/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d38-c8a8-4161-8d37-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:20.000Z",
"modified": "2017-01-31T08:39:20.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: d4c5384da41fd391d16eff60abc21405",
"pattern": "[file:hashes.SHA256 = '0522bfea61ab0db154cde9c1217c90547bd46ba1be0fc6a17bfb4b52e8241a63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d38-dd8c-43d0-93b3-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:20.000Z",
"modified": "2017-01-31T08:39:20.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: d4c5384da41fd391d16eff60abc21405",
"pattern": "[file:hashes.SHA1 = '75f47640299fc2b33492c3640128d58ac2dc1463']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d39-0758-476a-b425-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:21.000Z",
"modified": "2017-01-31T08:39:21.000Z",
"first_observed": "2017-01-31T08:39:21Z",
"last_observed": "2017-01-31T08:39:21Z",
"number_observed": 1,
"object_refs": [
"url--58904d39-0758-476a-b425-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d39-0758-476a-b425-e25202de0b81",
"value": "https://www.virustotal.com/file/0522bfea61ab0db154cde9c1217c90547bd46ba1be0fc6a17bfb4b52e8241a63/analysis/1480068801/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d3a-6490-4f5d-b113-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:22.000Z",
"modified": "2017-01-31T08:39:22.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: cdb0762becd67b893d73cda594cd1c3e",
"pattern": "[file:hashes.SHA256 = '08e132f3889ee73357b6bb38e752a749f40dd7e9fb168c6f66be3575dbbbc63d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d3b-5ef0-45e8-9767-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:23.000Z",
"modified": "2017-01-31T08:39:23.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: cdb0762becd67b893d73cda594cd1c3e",
"pattern": "[file:hashes.SHA1 = '4bf3a98d542e173fdcdba19cec79f177dc8a65ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d3b-7ed0-44da-942d-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:23.000Z",
"modified": "2017-01-31T08:39:23.000Z",
"first_observed": "2017-01-31T08:39:23Z",
"last_observed": "2017-01-31T08:39:23Z",
"number_observed": 1,
"object_refs": [
"url--58904d3b-7ed0-44da-942d-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d3b-7ed0-44da-942d-e25202de0b81",
"value": "https://www.virustotal.com/file/08e132f3889ee73357b6bb38e752a749f40dd7e9fb168c6f66be3575dbbbc63d/analysis/1478522618/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d3c-dd18-4e85-87c6-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:24.000Z",
"modified": "2017-01-31T08:39:24.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: cc38fd598cbef1a3816bb64f2990e9b6",
"pattern": "[file:hashes.SHA256 = 'e0b599f73d0c46a5130396f81daf5ba9f31639589035b49686bf3ef5f164f009']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d3d-50e0-4f9b-8a1f-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:25.000Z",
"modified": "2017-01-31T08:39:25.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: cc38fd598cbef1a3816bb64f2990e9b6",
"pattern": "[file:hashes.SHA1 = '5ac80df4f80d466e616d13e8d35be3fe9da5a45e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d3d-acd0-4a51-be86-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:25.000Z",
"modified": "2017-01-31T08:39:25.000Z",
"first_observed": "2017-01-31T08:39:25Z",
"last_observed": "2017-01-31T08:39:25Z",
"number_observed": 1,
"object_refs": [
"url--58904d3d-acd0-4a51-be86-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d3d-acd0-4a51-be86-e25202de0b81",
"value": "https://www.virustotal.com/file/e0b599f73d0c46a5130396f81daf5ba9f31639589035b49686bf3ef5f164f009/analysis/1481230393/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d3e-9750-4944-9759-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:26.000Z",
"modified": "2017-01-31T08:39:26.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: cb8d57c149330e7bd1798d62e5da5404",
"pattern": "[file:hashes.SHA256 = 'd1d851326a00c1c14fc8ae77480a2150c398e4ef058c316ea32b191fd0e603c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d3f-c734-49a6-9eb5-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:27.000Z",
"modified": "2017-01-31T08:39:27.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: cb8d57c149330e7bd1798d62e5da5404",
"pattern": "[file:hashes.SHA1 = '7f23a5b87402928e02175e3a5942aee596cdc91f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d40-6c2c-4db6-866c-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:28.000Z",
"modified": "2017-01-31T08:39:28.000Z",
"first_observed": "2017-01-31T08:39:28Z",
"last_observed": "2017-01-31T08:39:28Z",
"number_observed": 1,
"object_refs": [
"url--58904d40-6c2c-4db6-866c-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d40-6c2c-4db6-866c-e25202de0b81",
"value": "https://www.virustotal.com/file/d1d851326a00c1c14fc8ae77480a2150c398e4ef058c316ea32b191fd0e603c0/analysis/1478188503/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d40-ad8c-47aa-bdd8-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:28.000Z",
"modified": "2017-01-31T08:39:28.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: c6faf2a51122cad086370674a3c9ad1a",
"pattern": "[file:hashes.SHA256 = 'af9f98fd77f38090f382334178004ca1a687460c78d9342337d3ace5643dcacf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d41-d698-4725-bc82-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:29.000Z",
"modified": "2017-01-31T08:39:29.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: c6faf2a51122cad086370674a3c9ad1a",
"pattern": "[file:hashes.SHA1 = '2eccaac35aa3b351b2a5d367fb8dd478cea1a3f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d42-f9a4-4e80-b4f2-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:30.000Z",
"modified": "2017-01-31T08:39:30.000Z",
"first_observed": "2017-01-31T08:39:30Z",
"last_observed": "2017-01-31T08:39:30Z",
"number_observed": 1,
"object_refs": [
"url--58904d42-f9a4-4e80-b4f2-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d42-f9a4-4e80-b4f2-e25202de0b81",
"value": "https://www.virustotal.com/file/af9f98fd77f38090f382334178004ca1a687460c78d9342337d3ace5643dcacf/analysis/1483333415/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d43-18b4-4c42-aaf9-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:31.000Z",
"modified": "2017-01-31T08:39:31.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: c149ef34c57e6f7e970063679de01342",
"pattern": "[file:hashes.SHA256 = '5028124ce748b23e709f1540a7c58310f8481e179aff7986d5cfd693c9af94da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d44-42dc-43d1-b398-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:32.000Z",
"modified": "2017-01-31T08:39:32.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: c149ef34c57e6f7e970063679de01342",
"pattern": "[file:hashes.SHA1 = '855388d354f19322a722c6f9d01e574c9bbf19ae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d45-5af0-4298-8639-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:33.000Z",
"modified": "2017-01-31T08:39:33.000Z",
"first_observed": "2017-01-31T08:39:33Z",
"last_observed": "2017-01-31T08:39:33Z",
"number_observed": 1,
"object_refs": [
"url--58904d45-5af0-4298-8639-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d45-5af0-4298-8639-e25202de0b81",
"value": "https://www.virustotal.com/file/5028124ce748b23e709f1540a7c58310f8481e179aff7986d5cfd693c9af94da/analysis/1481230392/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d45-b4a8-4017-9e0d-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:33.000Z",
"modified": "2017-01-31T08:39:33.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: a53d38e93698ccf1843f15ebbd89a380",
"pattern": "[file:hashes.SHA256 = '1e4fb4dbb8e93d952e531f13d3a53505facec348cc2dee574eba3d50494b77ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d46-9214-4b98-8075-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:34.000Z",
"modified": "2017-01-31T08:39:34.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: a53d38e93698ccf1843f15ebbd89a380",
"pattern": "[file:hashes.SHA1 = 'de1257676011d476580c8a6070a39ab46bb5662d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d47-a580-45eb-9480-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:35.000Z",
"modified": "2017-01-31T08:39:35.000Z",
"first_observed": "2017-01-31T08:39:35Z",
"last_observed": "2017-01-31T08:39:35Z",
"number_observed": 1,
"object_refs": [
"url--58904d47-a580-45eb-9480-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d47-a580-45eb-9480-e25202de0b81",
"value": "https://www.virustotal.com/file/1e4fb4dbb8e93d952e531f13d3a53505facec348cc2dee574eba3d50494b77ab/analysis/1481895204/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d48-f258-4f34-8189-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:36.000Z",
"modified": "2017-01-31T08:39:36.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: a50e2d3419a9de9be87eb04f52f2245f",
"pattern": "[file:hashes.SHA256 = '29108419f575464fd2a6a4569b45acbf939455bbee1af8e35b0e058c3c762d87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d48-07b4-4331-8503-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:36.000Z",
"modified": "2017-01-31T08:39:36.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: a50e2d3419a9de9be87eb04f52f2245f",
"pattern": "[file:hashes.SHA1 = '9a78a5343135e126ec91629e1aca2e6aa6f03e1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d49-d6a4-4876-91ac-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:37.000Z",
"modified": "2017-01-31T08:39:37.000Z",
"first_observed": "2017-01-31T08:39:37Z",
"last_observed": "2017-01-31T08:39:37Z",
"number_observed": 1,
"object_refs": [
"url--58904d49-d6a4-4876-91ac-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d49-d6a4-4876-91ac-e25202de0b81",
"value": "https://www.virustotal.com/file/29108419f575464fd2a6a4569b45acbf939455bbee1af8e35b0e058c3c762d87/analysis/1476826573/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d4a-0890-4fb0-a5b0-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:38.000Z",
"modified": "2017-01-31T08:39:38.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: a1bd290317b03ade7941dedd4a4e903b",
"pattern": "[file:hashes.SHA256 = '1f2e1b1ca63fd91d1db36765ef4a4a48891fb48e8c1c4c455d7807ce5ca089e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d4b-48d4-4cb1-bb50-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:39.000Z",
"modified": "2017-01-31T08:39:39.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: a1bd290317b03ade7941dedd4a4e903b",
"pattern": "[file:hashes.SHA1 = '5578f3b6709311db555f33be01a42feda6dfc743']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d4b-9cf4-496d-a831-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:39.000Z",
"modified": "2017-01-31T08:39:39.000Z",
"first_observed": "2017-01-31T08:39:39Z",
"last_observed": "2017-01-31T08:39:39Z",
"number_observed": 1,
"object_refs": [
"url--58904d4b-9cf4-496d-a831-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d4b-9cf4-496d-a831-e25202de0b81",
"value": "https://www.virustotal.com/file/1f2e1b1ca63fd91d1db36765ef4a4a48891fb48e8c1c4c455d7807ce5ca089e3/analysis/1482325662/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d4c-5c24-4f48-b2ac-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:40.000Z",
"modified": "2017-01-31T08:39:40.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: a11b982bde341475e28d3a2fa96f982a",
"pattern": "[file:hashes.SHA256 = 'e43ee2ab62f9dbeb6c3c43c91778308b450f5192c0abb0242bfddb8a65ab883a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d4d-2a60-4259-b4b2-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:41.000Z",
"modified": "2017-01-31T08:39:41.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: a11b982bde341475e28d3a2fa96f982a",
"pattern": "[file:hashes.SHA1 = '181fe69fa5f931251771814d2afc7bcd85c6468a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d4d-9778-46a3-8b4f-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:41.000Z",
"modified": "2017-01-31T08:39:41.000Z",
"first_observed": "2017-01-31T08:39:41Z",
"last_observed": "2017-01-31T08:39:41Z",
"number_observed": 1,
"object_refs": [
"url--58904d4d-9778-46a3-8b4f-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d4d-9778-46a3-8b4f-e25202de0b81",
"value": "https://www.virustotal.com/file/e43ee2ab62f9dbeb6c3c43c91778308b450f5192c0abb0242bfddb8a65ab883a/analysis/1479238484/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d4e-e000-420e-86a2-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:42.000Z",
"modified": "2017-01-31T08:39:42.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 99e9f5a4563f56e61f3806be39efce62",
"pattern": "[file:hashes.SHA256 = 'e205a0f5688810599b1af8f65e8fd111e0e8fa2dc61fe979df76a0e4401c2784']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d4f-6db4-4f22-b128-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:43.000Z",
"modified": "2017-01-31T08:39:43.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 99e9f5a4563f56e61f3806be39efce62",
"pattern": "[file:hashes.SHA1 = '44f723a16feb3d6a4d90353ded6a7757afc11510']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d50-f99c-4c32-856f-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:44.000Z",
"modified": "2017-01-31T08:39:44.000Z",
"first_observed": "2017-01-31T08:39:44Z",
"last_observed": "2017-01-31T08:39:44Z",
"number_observed": 1,
"object_refs": [
"url--58904d50-f99c-4c32-856f-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d50-f99c-4c32-856f-e25202de0b81",
"value": "https://www.virustotal.com/file/e205a0f5688810599b1af8f65e8fd111e0e8fa2dc61fe979df76a0e4401c2784/analysis/1481801135/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d50-857c-4c3e-b63a-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:44.000Z",
"modified": "2017-01-31T08:39:44.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 992e9518d69039c3ebae4191e1f8b8b6",
"pattern": "[file:hashes.SHA256 = '5668f2f784befed20b52f3d30aa3a9ab374b35a1a853d908ff9ac5c82ddea749']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d51-1054-467e-9065-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:45.000Z",
"modified": "2017-01-31T08:39:45.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 992e9518d69039c3ebae4191e1f8b8b6",
"pattern": "[file:hashes.SHA1 = '3c93cd0ef4c38e4055b88c22bb398dd45a66fb4f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d52-b470-4bbc-b15f-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:46.000Z",
"modified": "2017-01-31T08:39:46.000Z",
"first_observed": "2017-01-31T08:39:46Z",
"last_observed": "2017-01-31T08:39:46Z",
"number_observed": 1,
"object_refs": [
"url--58904d52-b470-4bbc-b15f-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d52-b470-4bbc-b15f-e25202de0b81",
"value": "https://www.virustotal.com/file/5668f2f784befed20b52f3d30aa3a9ab374b35a1a853d908ff9ac5c82ddea749/analysis/1479397561/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d53-8e34-41a0-8ce0-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:47.000Z",
"modified": "2017-01-31T08:39:47.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 93c07b57a51e3eee44134caa39057e8d",
"pattern": "[file:hashes.SHA256 = '7bc06cbf4a522a20eefe0e027af3623c987c80f6d0a8cf888c9209ab6f85ff66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d53-a1f8-420c-b4e8-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:47.000Z",
"modified": "2017-01-31T08:39:47.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 93c07b57a51e3eee44134caa39057e8d",
"pattern": "[file:hashes.SHA1 = '4d74dd452a54aca9099aa3ec0e4485b141a0995a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d54-5360-482c-bc3f-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:48.000Z",
"modified": "2017-01-31T08:39:48.000Z",
"first_observed": "2017-01-31T08:39:48Z",
"last_observed": "2017-01-31T08:39:48Z",
"number_observed": 1,
"object_refs": [
"url--58904d54-5360-482c-bc3f-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d54-5360-482c-bc3f-e25202de0b81",
"value": "https://www.virustotal.com/file/7bc06cbf4a522a20eefe0e027af3623c987c80f6d0a8cf888c9209ab6f85ff66/analysis/1480950931/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d55-9828-4438-84c0-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:49.000Z",
"modified": "2017-01-31T08:39:49.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 92316769af9e7cc204a81789c0dab9c0",
"pattern": "[file:hashes.SHA256 = '8c4e73647cb234384bf2f31504a49a245d897257f8b5e84098f0263d195cda7c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d55-be6c-40bf-88f9-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:49.000Z",
"modified": "2017-01-31T08:39:49.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 92316769af9e7cc204a81789c0dab9c0",
"pattern": "[file:hashes.SHA1 = 'c3480609ac5ed1a10d0bd1ef7b8b2e292cd51955']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d56-f6a0-4682-917d-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:50.000Z",
"modified": "2017-01-31T08:39:50.000Z",
"first_observed": "2017-01-31T08:39:50Z",
"last_observed": "2017-01-31T08:39:50Z",
"number_observed": 1,
"object_refs": [
"url--58904d56-f6a0-4682-917d-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d56-f6a0-4682-917d-e25202de0b81",
"value": "https://www.virustotal.com/file/8c4e73647cb234384bf2f31504a49a245d897257f8b5e84098f0263d195cda7c/analysis/1482325664/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d57-ccf8-45dc-b6f6-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:51.000Z",
"modified": "2017-01-31T08:39:51.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 7d17de98ce24a0c3e156efcc0e1ca565",
"pattern": "[file:hashes.SHA256 = 'f9e75d18efcd8d07a8e8981e9ad0d881225f85b875c77279cb329014c3d30a54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d58-ba58-4272-9ce9-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:52.000Z",
"modified": "2017-01-31T08:39:52.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 7d17de98ce24a0c3e156efcc0e1ca565",
"pattern": "[file:hashes.SHA1 = '641147b438129274d0189f19fa70046a379d6cf1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d58-ee98-41f6-a950-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:52.000Z",
"modified": "2017-01-31T08:39:52.000Z",
"first_observed": "2017-01-31T08:39:52Z",
"last_observed": "2017-01-31T08:39:52Z",
"number_observed": 1,
"object_refs": [
"url--58904d58-ee98-41f6-a950-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d58-ee98-41f6-a950-e25202de0b81",
"value": "https://www.virustotal.com/file/f9e75d18efcd8d07a8e8981e9ad0d881225f85b875c77279cb329014c3d30a54/analysis/1484568182/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d59-db28-4b62-9b14-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:53.000Z",
"modified": "2017-01-31T08:39:53.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 7b8f8a999367f28b3ac42fc4d2b9439d",
"pattern": "[file:hashes.SHA256 = '5fdc148bffbe0b27aed2269030bc9b21fa9e122880c94d8cf597db17c85212ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d5a-90e4-41c3-8565-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:54.000Z",
"modified": "2017-01-31T08:39:54.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 7b8f8a999367f28b3ac42fc4d2b9439d",
"pattern": "[file:hashes.SHA1 = '4bc25f2fff09a00de45ddadc1d95e62c74cb46c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d5a-45b0-4260-9ae7-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:54.000Z",
"modified": "2017-01-31T08:39:54.000Z",
"first_observed": "2017-01-31T08:39:54Z",
"last_observed": "2017-01-31T08:39:54Z",
"number_observed": 1,
"object_refs": [
"url--58904d5a-45b0-4260-9ae7-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d5a-45b0-4260-9ae7-e25202de0b81",
"value": "https://www.virustotal.com/file/5fdc148bffbe0b27aed2269030bc9b21fa9e122880c94d8cf597db17c85212ef/analysis/1483968314/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d5b-adc4-4055-b81e-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:55.000Z",
"modified": "2017-01-31T08:39:55.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 7b7675705908d34432e2309880f5538e",
"pattern": "[file:hashes.SHA256 = '2414b7709a44cedc3a55b927898251ca369f0589923e4cc688c72c11ede788bb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d5c-d394-4f99-bba3-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:56.000Z",
"modified": "2017-01-31T08:39:56.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 7b7675705908d34432e2309880f5538e",
"pattern": "[file:hashes.SHA1 = '1be90534bb557904283f5447becdb7bf448b28e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d5d-02ac-4e8d-a412-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:57.000Z",
"modified": "2017-01-31T08:39:57.000Z",
"first_observed": "2017-01-31T08:39:57Z",
"last_observed": "2017-01-31T08:39:57Z",
"number_observed": 1,
"object_refs": [
"url--58904d5d-02ac-4e8d-a412-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d5d-02ac-4e8d-a412-e25202de0b81",
"value": "https://www.virustotal.com/file/2414b7709a44cedc3a55b927898251ca369f0589923e4cc688c72c11ede788bb/analysis/1481154655/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d5d-e0cc-42d4-b8ae-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:57.000Z",
"modified": "2017-01-31T08:39:57.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 70f6abfb433327a7b3c394246cc37ea2",
"pattern": "[file:hashes.SHA256 = '3c2c753dbb62920cc00e37a7cab64fe0e16952ff731d39db26573819eb715b67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d5e-6614-4c3d-9ec9-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:58.000Z",
"modified": "2017-01-31T08:39:58.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 70f6abfb433327a7b3c394246cc37ea2",
"pattern": "[file:hashes.SHA1 = 'd2d0a6c7b63d5032a37b791f1fd07246d3a98093']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d5f-e854-4655-9fdf-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:59.000Z",
"modified": "2017-01-31T08:39:59.000Z",
"first_observed": "2017-01-31T08:39:59Z",
"last_observed": "2017-01-31T08:39:59Z",
"number_observed": 1,
"object_refs": [
"url--58904d5f-e854-4655-9fdf-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d5f-e854-4655-9fdf-e25202de0b81",
"value": "https://www.virustotal.com/file/3c2c753dbb62920cc00e37a7cab64fe0e16952ff731d39db26573819eb715b67/analysis/1481535806/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d5f-f200-4057-ad49-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:39:59.000Z",
"modified": "2017-01-31T08:39:59.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 6dcc9ef9258dea343e1fdb1aaa5c7e56",
"pattern": "[file:hashes.SHA256 = '2658c39d9e14e463c8c6dc7cd7a53bee6016e641f5ab2e22be3a1f13f0070809']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:39:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d60-7640-4959-a207-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:40:00.000Z",
"modified": "2017-01-31T08:40:00.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 6dcc9ef9258dea343e1fdb1aaa5c7e56",
"pattern": "[file:hashes.SHA1 = '7644de519b46524346d99ae279a3624e99187b9d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:40:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d61-ef28-47ad-829a-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:40:01.000Z",
"modified": "2017-01-31T08:40:01.000Z",
"first_observed": "2017-01-31T08:40:01Z",
"last_observed": "2017-01-31T08:40:01Z",
"number_observed": 1,
"object_refs": [
"url--58904d61-ef28-47ad-829a-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d61-ef28-47ad-829a-e25202de0b81",
"value": "https://www.virustotal.com/file/2658c39d9e14e463c8c6dc7cd7a53bee6016e641f5ab2e22be3a1f13f0070809/analysis/1482248474/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d62-e0e0-4fed-ba88-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:40:02.000Z",
"modified": "2017-01-31T08:40:02.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 6db1f428becc2870517ae50fd892fc67",
"pattern": "[file:hashes.SHA256 = 'ad6fd5137fab3142b1216037ff0c1f6850bb810f0bd23e2feb374c9ddd03bacb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:40:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58904d62-3c34-4f56-8563-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:40:02.000Z",
"modified": "2017-01-31T08:40:02.000Z",
"description": "Flokibot Sample hashes - Xchecked via VT: 6db1f428becc2870517ae50fd892fc67",
"pattern": "[file:hashes.SHA1 = 'c4659b5e0b2703e192a683bf672b001888695699']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-31T08:40:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58904d63-f5dc-4b9f-99fd-e25202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-31T08:40:03.000Z",
"modified": "2017-01-31T08:40:03.000Z",
"first_observed": "2017-01-31T08:40:03Z",
"last_observed": "2017-01-31T08:40:03Z",
"number_observed": 1,
"object_refs": [
"url--58904d63-f5dc-4b9f-99fd-e25202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58904d63-f5dc-4b9f-99fd-e25202de0b81",
"value": "https://www.virustotal.com/file/ad6fd5137fab3142b1216037ff0c1f6850bb810f0bd23e2feb374c9ddd03bacb/analysis/1482185096/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink