adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/589046d9-01ac-40d2-b47d-e592950d210f.json

2385 lines
No EOL
91 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "0",
"date": "2017-01-31",
"extends_uuid": "",
"info": "OSINT - Flokibot Invades PoS: Trouble in Brazil",
"publish_timestamp": "1485852207",
"published": true,
"threat_level_id": "3",
"timestamp": "1485852189",
"uuid": "589046d9-01ac-40d2-b47d-e592950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:tool=\"Flokibot\"",
"relationship_type": ""
},
{
"colour": "#00809c",
"local": false,
"name": "veris:asset:variety=\"U - POS terminal\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485850356",
"to_ids": false,
"type": "text",
"uuid": "589046f4-2314-4b63-9bda-e596950d210f",
"value": "Threat actors salivate at the thought of an increased volume of credit and debit card transactions flowing through endpoints they have compromised with card-stealing malware. While there are many distinct malware families that scrape unencrypted process memory to obtain cards, some of these malware capabilities overlap with generic information stealing trojans such as Flokibot that obtain and exfiltrate HTTPS GET and POST data and other materials from compromised machines.\r\n\r\nRather than focusing on the Flokibot malware itself, which has already been profiled by ASERT [https://www.arbornetworks.com/blog/asert/flokibot-flock-bots/] and others [http://blog.talosintel.com/2016/12/flokibot-collab.html], we have profiled selected elements of three Flokibot compromises in order to provide increased awareness of risk factors and actor TTP\u00e2\u20ac\u2122s. The first compromise profiled is particularly interesting because it likely involves a threat actor participating in a card trafficking operation."
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851180",
"to_ids": true,
"type": "md5",
"uuid": "58904a2c-bfc4-4007-a6da-e596950d210f",
"value": "6db1f428becc2870517ae50fd892fc67"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851180",
"to_ids": true,
"type": "md5",
"uuid": "58904a2c-83d8-4762-81ff-e596950d210f",
"value": "6dcc9ef9258dea343e1fdb1aaa5c7e56"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851181",
"to_ids": true,
"type": "md5",
"uuid": "58904a2d-ad00-47cc-bc71-e596950d210f",
"value": "70f6abfb433327a7b3c394246cc37ea2"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851182",
"to_ids": true,
"type": "md5",
"uuid": "58904a2e-d5d0-4112-a648-e596950d210f",
"value": "7b7675705908d34432e2309880f5538e"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851182",
"to_ids": true,
"type": "md5",
"uuid": "58904a2e-71e4-4c48-8b42-e596950d210f",
"value": "7b8f8a999367f28b3ac42fc4d2b9439d"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851183",
"to_ids": true,
"type": "md5",
"uuid": "58904a2f-2d5c-4b6c-b8ff-e596950d210f",
"value": "7d17de98ce24a0c3e156efcc0e1ca565"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851184",
"to_ids": true,
"type": "md5",
"uuid": "58904a30-9fd0-4c5e-b844-e596950d210f",
"value": "92316769af9e7cc204a81789c0dab9c0"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851185",
"to_ids": true,
"type": "md5",
"uuid": "58904a31-88f8-4927-9be5-e596950d210f",
"value": "93c07b57a51e3eee44134caa39057e8d"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851185",
"to_ids": true,
"type": "md5",
"uuid": "58904a31-fbc0-46ad-8196-e596950d210f",
"value": "992e9518d69039c3ebae4191e1f8b8b6"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851186",
"to_ids": true,
"type": "md5",
"uuid": "58904a32-51d0-4851-8ab1-e596950d210f",
"value": "99e9f5a4563f56e61f3806be39efce62"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851187",
"to_ids": true,
"type": "md5",
"uuid": "58904a33-bd3c-4a20-970b-e596950d210f",
"value": "a11b982bde341475e28d3a2fa96f982a"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851188",
"to_ids": true,
"type": "md5",
"uuid": "58904a34-7fc8-4551-b6ab-e596950d210f",
"value": "a1bd290317b03ade7941dedd4a4e903b"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851188",
"to_ids": true,
"type": "md5",
"uuid": "58904a34-f270-43c3-8784-e596950d210f",
"value": "a50e2d3419a9de9be87eb04f52f2245f"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851189",
"to_ids": true,
"type": "md5",
"uuid": "58904a35-bfd8-46a3-bd01-e596950d210f",
"value": "a53d38e93698ccf1843f15ebbd89a380"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851190",
"to_ids": true,
"type": "md5",
"uuid": "58904a36-3ae0-4dda-aff8-e596950d210f",
"value": "c149ef34c57e6f7e970063679de01342"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851191",
"to_ids": true,
"type": "md5",
"uuid": "58904a37-53c4-4d25-b51c-e596950d210f",
"value": "c6faf2a51122cad086370674a3c9ad1a"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851191",
"to_ids": true,
"type": "md5",
"uuid": "58904a37-98c8-4e46-a5b0-e596950d210f",
"value": "cb8d57c149330e7bd1798d62e5da5404"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851192",
"to_ids": true,
"type": "md5",
"uuid": "58904a38-7e24-46f5-be1f-e596950d210f",
"value": "cc38fd598cbef1a3816bb64f2990e9b6"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851193",
"to_ids": true,
"type": "md5",
"uuid": "58904a39-63c0-48be-a0ef-e596950d210f",
"value": "cdb0762becd67b893d73cda594cd1c3e"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851193",
"to_ids": true,
"type": "md5",
"uuid": "58904a39-ef10-4b4e-8ea6-e596950d210f",
"value": "d4c5384da41fd391d16eff60abc21405"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851194",
"to_ids": true,
"type": "md5",
"uuid": "58904a3a-8084-4462-9842-e596950d210f",
"value": "d840ecdd9c8b32af83131dab66ec0f44"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851195",
"to_ids": true,
"type": "md5",
"uuid": "58904a3b-2034-4060-acfe-e596950d210f",
"value": "e54d28a24c976348c438f45281d68c54"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851196",
"to_ids": true,
"type": "md5",
"uuid": "58904a3c-9418-4409-b165-e596950d210f",
"value": "e83d79fb671cf2335025022bebbb0bdd"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851196",
"to_ids": true,
"type": "md5",
"uuid": "58904a3c-a448-4d93-9a7d-e596950d210f",
"value": "ebbf3f2385157240e8a45a9dd00ddaef"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851197",
"to_ids": true,
"type": "md5",
"uuid": "58904a3d-647c-4277-a452-e596950d210f",
"value": "f33808ea5100648108c7d0d6a0d5eb61"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851198",
"to_ids": true,
"type": "md5",
"uuid": "58904a3e-bab0-41cc-b0da-e596950d210f",
"value": "f5f698c6c0660d14ce19fd36a4e94b9c"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851198",
"to_ids": true,
"type": "md5",
"uuid": "58904a3e-f058-404d-beec-e596950d210f",
"value": "f79035227cace85f01ee4ae63ad7c511"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851199",
"to_ids": true,
"type": "md5",
"uuid": "58904a3f-fed8-4590-a773-e596950d210f",
"value": "fdca6464b694739178b5a46d3d9b0f5c"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851270",
"to_ids": false,
"type": "link",
"uuid": "58904a73-70a4-403a-93d1-e27e950d210f",
"value": "https://www.arbornetworks.com/blog/asert/flokibot-invades-pos-trouble-brazil/",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#075200",
"local": false,
"name": "admiralty-scale:source-reliability=\"b\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851529",
"to_ids": true,
"type": "md5",
"uuid": "58904b89-e114-4294-91cb-e590950d210f",
"value": "4ada3fabb0e2cd0c90b16ec79e8147d8"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851530",
"to_ids": true,
"type": "md5",
"uuid": "58904b8a-d2cc-4756-ab3f-e590950d210f",
"value": "20816af7c443180cccc6aa962151af67"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851530",
"to_ids": true,
"type": "md5",
"uuid": "58904b8a-9878-495a-acfb-e590950d210f",
"value": "23de0ef14737b0398af94d9d9ec5d5b7"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851531",
"to_ids": true,
"type": "md5",
"uuid": "58904b8b-67a4-4710-af2a-e590950d210f",
"value": "2510953f05dcd2c758ad29160bbc3911"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851532",
"to_ids": true,
"type": "md5",
"uuid": "58904b8c-d91c-43b1-ba31-e590950d210f",
"value": "2bbd8aa8be75537bd60e68b124eafbff"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851532",
"to_ids": true,
"type": "md5",
"uuid": "58904b8c-2170-4f0e-9962-e590950d210f",
"value": "33252b2c9e054617ecb7172837ce7775"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851533",
"to_ids": true,
"type": "md5",
"uuid": "58904b8d-e6a4-47f1-ac59-e590950d210f",
"value": "37768af89b093b96ab7671456de894bc"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851534",
"to_ids": true,
"type": "md5",
"uuid": "58904b8e-7fb8-4829-a6e0-e590950d210f",
"value": "3bf85b3bf7393ec22426919d341715e7"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851535",
"to_ids": true,
"type": "md5",
"uuid": "58904b8f-9f6c-4698-9259-e590950d210f",
"value": "3ddf657800e60a57b884b87e1e8a987c"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851536",
"to_ids": true,
"type": "md5",
"uuid": "58904b90-0d78-4e48-92b6-e590950d210f",
"value": "4725f4b5eec09bdb29433cbea6e360b3"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851536",
"to_ids": true,
"type": "md5",
"uuid": "58904b90-dc38-4499-a4f0-e590950d210f",
"value": "52645badc17613f95a7962b07e2f063e"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851537",
"to_ids": true,
"type": "md5",
"uuid": "58904b91-d390-41d5-b7e4-e590950d210f",
"value": "53203a1b05c0e039d8e690bad4808b97"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851538",
"to_ids": true,
"type": "md5",
"uuid": "58904b92-80c8-46b8-9765-e590950d210f",
"value": "5649e7a200df2fb85ad1fb5a723bef22"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851539",
"to_ids": true,
"type": "md5",
"uuid": "58904b93-4070-46d2-b1dc-e590950d210f",
"value": "5d513187fc3357bc58d49c33f1c3e9c7"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851539",
"to_ids": true,
"type": "md5",
"uuid": "58904b93-ea2c-4a6c-8502-e590950d210f",
"value": "5d817395b4e6a828850e0010edeccc93"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851540",
"to_ids": true,
"type": "md5",
"uuid": "58904b94-f1c4-40c0-8cfc-e590950d210f",
"value": "5e5289bb2b5bb89bddbc2ec0a38a6c9b"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851541",
"to_ids": true,
"type": "md5",
"uuid": "58904b95-63bc-48dd-a55c-e590950d210f",
"value": "5fa30772b1f7a1f6dd33b84180f17add"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851542",
"to_ids": true,
"type": "md5",
"uuid": "58904b96-88c8-4614-8c6e-e590950d210f",
"value": "624f84a9d8979789c630327a6b08c7c6"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851542",
"to_ids": true,
"type": "md5",
"uuid": "58904b96-f9ac-4b3d-b50e-e590950d210f",
"value": "6255a9d71494381b8a4319fd139e9242"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851543",
"to_ids": true,
"type": "md5",
"uuid": "58904b97-ea28-4c94-be8c-e590950d210f",
"value": "64a23908ade4bbf2a7c4aa31be3cff24"
},
{
"category": "Network activity",
"comment": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851645",
"to_ids": true,
"type": "domain",
"uuid": "58904bfd-0f40-4c7d-a996-e250950d210f",
"value": "blackircd.net"
},
{
"category": "Network activity",
"comment": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851646",
"to_ids": true,
"type": "domain",
"uuid": "58904bfe-c01c-4ad2-a596-e250950d210f",
"value": "treasurehunter.at"
},
{
"category": "Network activity",
"comment": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851647",
"to_ids": true,
"type": "domain",
"uuid": "58904bff-83b8-4155-a932-e250950d210f",
"value": "4haters.ga"
},
{
"category": "Network activity",
"comment": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851647",
"to_ids": true,
"type": "domain",
"uuid": "58904bff-9434-4a37-830f-e250950d210f",
"value": "uspal.cf"
},
{
"category": "Network activity",
"comment": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851648",
"to_ids": true,
"type": "domain",
"uuid": "58904c00-bc58-4ea9-b342-e250950d210f",
"value": "duparseled.com"
},
{
"category": "Network activity",
"comment": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851649",
"to_ids": true,
"type": "hostname",
"uuid": "58904c01-6194-4327-90bb-e250950d210f",
"value": "web.netsworkupdates.com"
},
{
"category": "Network activity",
"comment": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851649",
"to_ids": true,
"type": "hostname",
"uuid": "58904c01-2f14-4305-b9b1-e250950d210f",
"value": "slalsaxxa1ma.cma.beehoney.co.nz"
},
{
"category": "Network activity",
"comment": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851650",
"to_ids": true,
"type": "domain",
"uuid": "58904c02-e4a4-4a9c-8a06-e250950d210f",
"value": "adultgirlmail.com"
},
{
"category": "Network activity",
"comment": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851651",
"to_ids": true,
"type": "domain",
"uuid": "58904c03-7448-4bb3-98a5-e250950d210f",
"value": "wowsupplier.ga"
},
{
"category": "Network activity",
"comment": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851652",
"to_ids": true,
"type": "domain",
"uuid": "58904c04-64a4-4560-ad9b-e250950d210f",
"value": "extensivee.bid"
},
{
"category": "Network activity",
"comment": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851652",
"to_ids": true,
"type": "hostname",
"uuid": "58904c04-5c6c-495b-b3e1-e250950d210f",
"value": "feed.networksupdates.com"
},
{
"category": "Network activity",
"comment": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851653",
"to_ids": true,
"type": "domain",
"uuid": "58904c05-9008-4b12-a4c5-e250950d210f",
"value": "springlovee.at"
},
{
"category": "Network activity",
"comment": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851654",
"to_ids": true,
"type": "domain",
"uuid": "58904c06-c070-4d5f-b634-e250950d210f",
"value": "vtraffic.su"
},
{
"category": "Network activity",
"comment": "Flokibot C2 servers These C2 are obtained from ASERT malware analysis insight. Note: these are any Flokibot C2\u00e2\u20ac\u2122s, not just those associated with the threat activity profiled previously.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851655",
"to_ids": true,
"type": "domain",
"uuid": "58904c07-7610-4b62-aad0-e250950d210f",
"value": "shhtunnel.at"
},
{
"category": "Network activity",
"comment": "Passive DNS Insight",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851679",
"to_ids": true,
"type": "ip-dst",
"uuid": "58904c1f-0a38-440d-ac22-e59a950d210f",
"value": "107.191.52.175"
},
{
"category": "Network activity",
"comment": "Passive DNS Insight",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851680",
"to_ids": true,
"type": "ip-dst",
"uuid": "58904c20-94b8-414a-b22e-e59a950d210f",
"value": "128.199.205.239"
},
{
"category": "Network activity",
"comment": "Passive DNS Insight",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851680",
"to_ids": true,
"type": "ip-dst",
"uuid": "58904c20-7898-492a-9f4b-e59a950d210f",
"value": "52.67.156.144"
},
{
"category": "Network activity",
"comment": "Passive DNS Insight",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851681",
"to_ids": true,
"type": "ip-dst",
"uuid": "58904c21-820c-4a61-8a3b-e59a950d210f",
"value": "213.252.246.108"
},
{
"category": "Network activity",
"comment": "Passive DNS Insight",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851682",
"to_ids": true,
"type": "ip-dst",
"uuid": "58904c22-44cc-4586-8c00-e59a950d210f",
"value": "162.243.164.43"
},
{
"category": "Network activity",
"comment": "Andromeda / downloader",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851707",
"to_ids": true,
"type": "domain",
"uuid": "58904c3b-efc8-4708-96d8-e24a950d210f",
"value": "sshtunnel02.xyz"
},
{
"category": "Network activity",
"comment": "Ransomware",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851708",
"to_ids": true,
"type": "domain",
"uuid": "58904c3c-5f70-488a-a4c9-e24a950d210f",
"value": "p0o9i8u7y9.xyz"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 64a23908ade4bbf2a7c4aa31be3cff24",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851901",
"to_ids": true,
"type": "sha256",
"uuid": "58904cfd-a950-492d-889a-e25202de0b81",
"value": "a4a810eebd2fae1d088ee62af725e39717ead68140c4c5104605465319203d5e"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 64a23908ade4bbf2a7c4aa31be3cff24",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851901",
"to_ids": true,
"type": "sha1",
"uuid": "58904cfd-6f1c-4fbd-9893-e25202de0b81",
"value": "2f87c2ce9ae1b741ac5477e9f8b786716b94afc5"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 64a23908ade4bbf2a7c4aa31be3cff24",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851902",
"to_ids": false,
"type": "link",
"uuid": "58904cfe-309c-4fc5-a399-e25202de0b81",
"value": "https://www.virustotal.com/file/a4a810eebd2fae1d088ee62af725e39717ead68140c4c5104605465319203d5e/analysis/1479614665/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 6255a9d71494381b8a4319fd139e9242",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851903",
"to_ids": true,
"type": "sha256",
"uuid": "58904cff-4ff8-4903-8dee-e25202de0b81",
"value": "d037964bd7ce1ea678c86aaf4326de665b39a76cd9e8664fb6faee79c585bd62"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 6255a9d71494381b8a4319fd139e9242",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851904",
"to_ids": true,
"type": "sha1",
"uuid": "58904d00-becc-4214-afb6-e25202de0b81",
"value": "93c2ed068a431e098191bd871992d0e45b8876cb"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 6255a9d71494381b8a4319fd139e9242",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851904",
"to_ids": false,
"type": "link",
"uuid": "58904d00-8cf8-4b67-8abe-e25202de0b81",
"value": "https://www.virustotal.com/file/d037964bd7ce1ea678c86aaf4326de665b39a76cd9e8664fb6faee79c585bd62/analysis/1480677470/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 624f84a9d8979789c630327a6b08c7c6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851905",
"to_ids": true,
"type": "sha256",
"uuid": "58904d01-5c78-4193-85c2-e25202de0b81",
"value": "a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 624f84a9d8979789c630327a6b08c7c6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851906",
"to_ids": true,
"type": "sha1",
"uuid": "58904d02-e95c-4206-a9fd-e25202de0b81",
"value": "f9484baf6f7194248a388d41dfd06543b3dc5d26"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 624f84a9d8979789c630327a6b08c7c6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851906",
"to_ids": false,
"type": "link",
"uuid": "58904d02-f8b8-47fa-b354-e25202de0b81",
"value": "https://www.virustotal.com/file/a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa/analysis/1483842081/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5fa30772b1f7a1f6dd33b84180f17add",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851907",
"to_ids": true,
"type": "sha256",
"uuid": "58904d03-e6d0-4714-ac82-e25202de0b81",
"value": "562f1b99f2ed4ef74a175f488b2744aee22d49a255be2110acd57465a05e5a2c"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5fa30772b1f7a1f6dd33b84180f17add",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851908",
"to_ids": true,
"type": "sha1",
"uuid": "58904d04-0b3c-4623-9724-e25202de0b81",
"value": "f0ff98a966ad2ddc38694a8002aed0c70a82b0f3"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5fa30772b1f7a1f6dd33b84180f17add",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851909",
"to_ids": false,
"type": "link",
"uuid": "58904d05-cd14-451e-b0da-e25202de0b81",
"value": "https://www.virustotal.com/file/562f1b99f2ed4ef74a175f488b2744aee22d49a255be2110acd57465a05e5a2c/analysis/1480172318/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5e5289bb2b5bb89bddbc2ec0a38a6c9b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851909",
"to_ids": true,
"type": "sha256",
"uuid": "58904d05-4670-420a-bd2d-e25202de0b81",
"value": "20567c4ff6178ac99f4584408dafc736c8504c8e3acf8db0b3015938e8483c02"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5e5289bb2b5bb89bddbc2ec0a38a6c9b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851910",
"to_ids": true,
"type": "sha1",
"uuid": "58904d06-8e08-4422-9f86-e25202de0b81",
"value": "b07cc350d879d906af4d6f203ab236cd18abe7b5"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5e5289bb2b5bb89bddbc2ec0a38a6c9b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851911",
"to_ids": false,
"type": "link",
"uuid": "58904d07-4e04-4b51-b66d-e25202de0b81",
"value": "https://www.virustotal.com/file/20567c4ff6178ac99f4584408dafc736c8504c8e3acf8db0b3015938e8483c02/analysis/1480624347/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5d817395b4e6a828850e0010edeccc93",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851912",
"to_ids": true,
"type": "sha256",
"uuid": "58904d08-c920-4f0a-b5d1-e25202de0b81",
"value": "b3d08fdd904e214ea5a9044b2ae4b7eaf2b35512f0956ed46237b962276de07e"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5d817395b4e6a828850e0010edeccc93",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851912",
"to_ids": true,
"type": "sha1",
"uuid": "58904d08-7b14-4612-a050-e25202de0b81",
"value": "26b75a8962310ab39283cdf28d63cf8f80c002bd"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5d817395b4e6a828850e0010edeccc93",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851913",
"to_ids": false,
"type": "link",
"uuid": "58904d09-3680-4ba2-9658-e25202de0b81",
"value": "https://www.virustotal.com/file/b3d08fdd904e214ea5a9044b2ae4b7eaf2b35512f0956ed46237b962276de07e/analysis/1479908511/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5d513187fc3357bc58d49c33f1c3e9c7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851914",
"to_ids": true,
"type": "sha256",
"uuid": "58904d0a-b16c-4dcf-9b24-e25202de0b81",
"value": "5c40ffd550c2a0849279270fab45968f27dd75d36f0338f2d4a014de477b318b"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5d513187fc3357bc58d49c33f1c3e9c7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851914",
"to_ids": true,
"type": "sha1",
"uuid": "58904d0a-8814-42e8-a211-e25202de0b81",
"value": "cce9e52f8c69a5dd1ce1c8e7df618ee7ff5a2994"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5d513187fc3357bc58d49c33f1c3e9c7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851915",
"to_ids": false,
"type": "link",
"uuid": "58904d0b-37ac-443c-a148-e25202de0b81",
"value": "https://www.virustotal.com/file/5c40ffd550c2a0849279270fab45968f27dd75d36f0338f2d4a014de477b318b/analysis/1480172229/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5649e7a200df2fb85ad1fb5a723bef22",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851916",
"to_ids": true,
"type": "sha256",
"uuid": "58904d0c-dfb8-4adb-9ad2-e25202de0b81",
"value": "5e1967db286d886b87d1ec655559b9af694fc6e002fea3a6c7fd3c6b0b49ea6e"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5649e7a200df2fb85ad1fb5a723bef22",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851916",
"to_ids": true,
"type": "sha1",
"uuid": "58904d0c-1aa4-44e0-8fd4-e25202de0b81",
"value": "b057d20122048001850afeca671fd31dbcdd1c76"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 5649e7a200df2fb85ad1fb5a723bef22",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851917",
"to_ids": false,
"type": "link",
"uuid": "58904d0d-7830-485e-8576-e25202de0b81",
"value": "https://www.virustotal.com/file/5e1967db286d886b87d1ec655559b9af694fc6e002fea3a6c7fd3c6b0b49ea6e/analysis/1484658535/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 53203a1b05c0e039d8e690bad4808b97",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851918",
"to_ids": true,
"type": "sha256",
"uuid": "58904d0e-9fb0-4cac-be87-e25202de0b81",
"value": "ce1c00243eb04d83151f41d6286abc22762bb3a307d187c947e54e71cca2d0bf"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 53203a1b05c0e039d8e690bad4808b97",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851919",
"to_ids": true,
"type": "sha1",
"uuid": "58904d0f-3da4-49c8-854c-e25202de0b81",
"value": "8a48a0a2e9b98a4c8e72663a04b7422c490823c3"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 53203a1b05c0e039d8e690bad4808b97",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851919",
"to_ids": false,
"type": "link",
"uuid": "58904d0f-1f48-4288-95f1-e25202de0b81",
"value": "https://www.virustotal.com/file/ce1c00243eb04d83151f41d6286abc22762bb3a307d187c947e54e71cca2d0bf/analysis/1482096582/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 52645badc17613f95a7962b07e2f063e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851920",
"to_ids": true,
"type": "sha256",
"uuid": "58904d10-3bd0-4404-821b-e25202de0b81",
"value": "54ec1c5c5e958d1177889b829e6fd0d2056586f6d3fcfb168a0a68700f634d77"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 52645badc17613f95a7962b07e2f063e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851921",
"to_ids": true,
"type": "sha1",
"uuid": "58904d11-1e24-4858-8c14-e25202de0b81",
"value": "9f47f08b72776c863890dcc24fa98fe52e564da3"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 52645badc17613f95a7962b07e2f063e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851921",
"to_ids": false,
"type": "link",
"uuid": "58904d11-8ccc-4007-aef3-e25202de0b81",
"value": "https://www.virustotal.com/file/54ec1c5c5e958d1177889b829e6fd0d2056586f6d3fcfb168a0a68700f634d77/analysis/1482751964/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 4725f4b5eec09bdb29433cbea6e360b3",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851922",
"to_ids": true,
"type": "sha256",
"uuid": "58904d12-b4fc-4616-943b-e25202de0b81",
"value": "3208f3849737d1ca815cd3f154a8165dd454273657cbd0b1450bddde628348dd"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 4725f4b5eec09bdb29433cbea6e360b3",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851923",
"to_ids": true,
"type": "sha1",
"uuid": "58904d13-66d4-43e9-b290-e25202de0b81",
"value": "b5a6a3aa9a994c0bc18f10418c44083951a5d63c"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 4725f4b5eec09bdb29433cbea6e360b3",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851924",
"to_ids": false,
"type": "link",
"uuid": "58904d14-1e48-4596-9d5e-e25202de0b81",
"value": "https://www.virustotal.com/file/3208f3849737d1ca815cd3f154a8165dd454273657cbd0b1450bddde628348dd/analysis/1481588732/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 3ddf657800e60a57b884b87e1e8a987c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851925",
"to_ids": true,
"type": "sha256",
"uuid": "58904d15-f088-4585-80dc-e25202de0b81",
"value": "9ed055548ed4439905225f24366927d7e8d045d69809cfec8af48a35f7ae636a"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 3ddf657800e60a57b884b87e1e8a987c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851925",
"to_ids": true,
"type": "sha1",
"uuid": "58904d15-8acc-441d-ac4c-e25202de0b81",
"value": "de090b7be6d5c2488ce0225c15048429d4cd1158"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 3ddf657800e60a57b884b87e1e8a987c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851926",
"to_ids": false,
"type": "link",
"uuid": "58904d16-d4e8-4466-93f7-e25202de0b81",
"value": "https://www.virustotal.com/file/9ed055548ed4439905225f24366927d7e8d045d69809cfec8af48a35f7ae636a/analysis/1483968394/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 37768af89b093b96ab7671456de894bc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851927",
"to_ids": true,
"type": "sha256",
"uuid": "58904d17-fea4-402e-98c3-e25202de0b81",
"value": "4bdd8bbdab3021d1d8cc23c388db83f1673bdab44288fccae932660eb11aec2a"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 37768af89b093b96ab7671456de894bc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851927",
"to_ids": true,
"type": "sha1",
"uuid": "58904d17-3828-479c-9699-e25202de0b81",
"value": "5ae4f380324ce93243504092592c7b275420a338"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 37768af89b093b96ab7671456de894bc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851928",
"to_ids": false,
"type": "link",
"uuid": "58904d18-b61c-4e84-96bc-e25202de0b81",
"value": "https://www.virustotal.com/file/4bdd8bbdab3021d1d8cc23c388db83f1673bdab44288fccae932660eb11aec2a/analysis/1484690283/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 33252b2c9e054617ecb7172837ce7775",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851929",
"to_ids": true,
"type": "sha256",
"uuid": "58904d19-dfd8-4d62-b953-e25202de0b81",
"value": "b7d3cc17b4a70b0fc35963a36369935b86a4c7a4396846582c04d674cf40aade"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 33252b2c9e054617ecb7172837ce7775",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851930",
"to_ids": true,
"type": "sha1",
"uuid": "58904d1a-96f8-429a-8bfa-e25202de0b81",
"value": "f994ac8328267dbe37ce9d1e47f105f2cea922d3"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 33252b2c9e054617ecb7172837ce7775",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851930",
"to_ids": false,
"type": "link",
"uuid": "58904d1a-a2e0-431d-8f75-e25202de0b81",
"value": "https://www.virustotal.com/file/b7d3cc17b4a70b0fc35963a36369935b86a4c7a4396846582c04d674cf40aade/analysis/1481664304/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 2bbd8aa8be75537bd60e68b124eafbff",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851931",
"to_ids": true,
"type": "sha256",
"uuid": "58904d1b-c048-4490-860c-e25202de0b81",
"value": "2b832ef36978f7852be42e6585e761c3e288cfbb53aef595c7289a3aef0d3c95"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 2bbd8aa8be75537bd60e68b124eafbff",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851932",
"to_ids": true,
"type": "sha1",
"uuid": "58904d1c-e958-41df-95b5-e25202de0b81",
"value": "f2d5ca7d009f01be4b21a269de4554c7bd891473"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 2bbd8aa8be75537bd60e68b124eafbff",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851932",
"to_ids": false,
"type": "link",
"uuid": "58904d1c-c35c-415e-8088-e25202de0b81",
"value": "https://www.virustotal.com/file/2b832ef36978f7852be42e6585e761c3e288cfbb53aef595c7289a3aef0d3c95/analysis/1481808375/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 2510953f05dcd2c758ad29160bbc3911",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851933",
"to_ids": true,
"type": "sha256",
"uuid": "58904d1d-e87c-489b-bb98-e25202de0b81",
"value": "fbf23b449db5ae1122c503756d9ad7f4d1c77ed367f0874ffe8dde5c578dd2c8"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 2510953f05dcd2c758ad29160bbc3911",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851934",
"to_ids": true,
"type": "sha1",
"uuid": "58904d1e-e9e0-4f80-aa5a-e25202de0b81",
"value": "9e0094cc8be1bbe494d7dac88a57a3db235f8a04"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 2510953f05dcd2c758ad29160bbc3911",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851935",
"to_ids": false,
"type": "link",
"uuid": "58904d1f-a454-4d66-afd2-e25202de0b81",
"value": "https://www.virustotal.com/file/fbf23b449db5ae1122c503756d9ad7f4d1c77ed367f0874ffe8dde5c578dd2c8/analysis/1477747774/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 23de0ef14737b0398af94d9d9ec5d5b7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851935",
"to_ids": true,
"type": "sha256",
"uuid": "58904d1f-9a08-44ac-a0fa-e25202de0b81",
"value": "9d9c0ada6891309c2e43f6bad7ffe55c724bb79a0983ea6a51bc1d5dc7dccf83"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 23de0ef14737b0398af94d9d9ec5d5b7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851936",
"to_ids": true,
"type": "sha1",
"uuid": "58904d20-1c1c-47a6-92fb-e25202de0b81",
"value": "38e37f1f3f89e76d390564e8ff37eebba8cada44"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 23de0ef14737b0398af94d9d9ec5d5b7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851937",
"to_ids": false,
"type": "link",
"uuid": "58904d21-0560-4b42-80c4-e25202de0b81",
"value": "https://www.virustotal.com/file/9d9c0ada6891309c2e43f6bad7ffe55c724bb79a0983ea6a51bc1d5dc7dccf83/analysis/1479905945/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 20816af7c443180cccc6aa962151af67",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851938",
"to_ids": true,
"type": "sha256",
"uuid": "58904d22-2a9c-4eb8-8e49-e25202de0b81",
"value": "94aec5548e1c51ba874b5723b445fad1c9bf3ac39d45b21d9ef5277ab4b1315b"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 20816af7c443180cccc6aa962151af67",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851938",
"to_ids": true,
"type": "sha1",
"uuid": "58904d22-83b0-4c6e-9e99-e25202de0b81",
"value": "7583d06da294a47ddcc48b2b19f19d6a5220c1fc"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 20816af7c443180cccc6aa962151af67",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851939",
"to_ids": false,
"type": "link",
"uuid": "58904d23-3de0-46eb-8cf8-e25202de0b81",
"value": "https://www.virustotal.com/file/94aec5548e1c51ba874b5723b445fad1c9bf3ac39d45b21d9ef5277ab4b1315b/analysis/1478620795/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 4ada3fabb0e2cd0c90b16ec79e8147d8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851940",
"to_ids": true,
"type": "sha256",
"uuid": "58904d24-34dc-46ea-92ef-e25202de0b81",
"value": "0aa1f07a2ebcdd42896d3d8fdb5e9a9fef0f4f894d2501b9cbbe4cbad673ec03"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 4ada3fabb0e2cd0c90b16ec79e8147d8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851940",
"to_ids": true,
"type": "sha1",
"uuid": "58904d24-ee5c-4c89-b27a-e25202de0b81",
"value": "44cea646146c11e85bbffbaf634e728b3aea16ea"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 4ada3fabb0e2cd0c90b16ec79e8147d8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851941",
"to_ids": false,
"type": "link",
"uuid": "58904d25-ec48-4dff-95e3-e25202de0b81",
"value": "https://www.virustotal.com/file/0aa1f07a2ebcdd42896d3d8fdb5e9a9fef0f4f894d2501b9cbbe4cbad673ec03/analysis/1481230392/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: fdca6464b694739178b5a46d3d9b0f5c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851942",
"to_ids": true,
"type": "sha256",
"uuid": "58904d26-6128-469d-ae2f-e25202de0b81",
"value": "df90aeedeceea03a7f996cddcb198a2dfe210c1e671d689e257d248f6808e001"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: fdca6464b694739178b5a46d3d9b0f5c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851943",
"to_ids": true,
"type": "sha1",
"uuid": "58904d27-c534-495a-a440-e25202de0b81",
"value": "b40dcfb36187f8e50046d58b1d42c984bad3405d"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: fdca6464b694739178b5a46d3d9b0f5c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851943",
"to_ids": false,
"type": "link",
"uuid": "58904d27-e8e0-47c1-a6da-e25202de0b81",
"value": "https://www.virustotal.com/file/df90aeedeceea03a7f996cddcb198a2dfe210c1e671d689e257d248f6808e001/analysis/1481386862/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: f79035227cace85f01ee4ae63ad7c511",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851944",
"to_ids": true,
"type": "sha256",
"uuid": "58904d28-0644-4238-a0b6-e25202de0b81",
"value": "60151ba2f1f43ce900eeb76f3c9f2bcc166740e014ab6654a96216ddbf3ed227"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: f79035227cace85f01ee4ae63ad7c511",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851945",
"to_ids": true,
"type": "sha1",
"uuid": "58904d29-df88-4503-b865-e25202de0b81",
"value": "e53a2b657c7f71d4b86f42f549fc61299922f291"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: f79035227cace85f01ee4ae63ad7c511",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851945",
"to_ids": false,
"type": "link",
"uuid": "58904d29-a578-44b0-84e7-e25202de0b81",
"value": "https://www.virustotal.com/file/60151ba2f1f43ce900eeb76f3c9f2bcc166740e014ab6654a96216ddbf3ed227/analysis/1480677608/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: f5f698c6c0660d14ce19fd36a4e94b9c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851946",
"to_ids": true,
"type": "sha256",
"uuid": "58904d2a-1850-41c0-bb2b-e25202de0b81",
"value": "09032a7bf6eef650007c5e57e74f1abb2b7a0c2c97d7c5975ab348cf5419ccd8"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: f5f698c6c0660d14ce19fd36a4e94b9c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851947",
"to_ids": true,
"type": "sha1",
"uuid": "58904d2b-1320-4671-a651-e25202de0b81",
"value": "b0c7415b762186a316b96b976087c3bc66de599e"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: f5f698c6c0660d14ce19fd36a4e94b9c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851948",
"to_ids": false,
"type": "link",
"uuid": "58904d2c-afb0-4a44-b418-e25202de0b81",
"value": "https://www.virustotal.com/file/09032a7bf6eef650007c5e57e74f1abb2b7a0c2c97d7c5975ab348cf5419ccd8/analysis/1483081815/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: f33808ea5100648108c7d0d6a0d5eb61",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851948",
"to_ids": true,
"type": "sha256",
"uuid": "58904d2c-0878-48ad-af07-e25202de0b81",
"value": "7bd22e3147122eb4438f02356e8927f36866efa0cc07cc604f1bff03d76222a6"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: f33808ea5100648108c7d0d6a0d5eb61",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851949",
"to_ids": true,
"type": "sha1",
"uuid": "58904d2d-8018-4e44-bd72-e25202de0b81",
"value": "79908f60571d837924118bd697e5b267a1c5fafa"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: f33808ea5100648108c7d0d6a0d5eb61",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851950",
"to_ids": false,
"type": "link",
"uuid": "58904d2e-6c00-4a7f-a5d0-e25202de0b81",
"value": "https://www.virustotal.com/file/7bd22e3147122eb4438f02356e8927f36866efa0cc07cc604f1bff03d76222a6/analysis/1480568783/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: ebbf3f2385157240e8a45a9dd00ddaef",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851950",
"to_ids": true,
"type": "sha256",
"uuid": "58904d2e-a1a4-4a5f-a7f8-e25202de0b81",
"value": "ea2b311cabaa6e43d858d1c29089189e7da7fdd2774d2651fffa6dda2bb9985f"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: ebbf3f2385157240e8a45a9dd00ddaef",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851951",
"to_ids": true,
"type": "sha1",
"uuid": "58904d2f-4288-4eea-9761-e25202de0b81",
"value": "6b33da8f57ae42e0f5b63ec6c83a88d7b14b7217"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: ebbf3f2385157240e8a45a9dd00ddaef",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851952",
"to_ids": false,
"type": "link",
"uuid": "58904d30-3540-454d-be48-e25202de0b81",
"value": "https://www.virustotal.com/file/ea2b311cabaa6e43d858d1c29089189e7da7fdd2774d2651fffa6dda2bb9985f/analysis/1481664072/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: e83d79fb671cf2335025022bebbb0bdd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851953",
"to_ids": true,
"type": "sha256",
"uuid": "58904d31-ce04-4d0d-bb7f-e25202de0b81",
"value": "fbfecdfae811afadab5bddeef7f45202a0f891cea2b05e82abaa460fde151312"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: e83d79fb671cf2335025022bebbb0bdd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851953",
"to_ids": true,
"type": "sha1",
"uuid": "58904d31-e1d8-4e3b-8a9d-e25202de0b81",
"value": "737e61bcd3a4d2a0deaa061cdfa059d641380073"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: e83d79fb671cf2335025022bebbb0bdd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851954",
"to_ids": false,
"type": "link",
"uuid": "58904d32-004c-4efc-ae84-e25202de0b81",
"value": "https://www.virustotal.com/file/fbfecdfae811afadab5bddeef7f45202a0f891cea2b05e82abaa460fde151312/analysis/1483447618/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: e54d28a24c976348c438f45281d68c54",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851955",
"to_ids": true,
"type": "sha256",
"uuid": "58904d33-ca1c-4a89-9fe6-e25202de0b81",
"value": "5d2ee0440314f7229a126baa152e43473d771591e818f8317275c175fd888f23"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: e54d28a24c976348c438f45281d68c54",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851956",
"to_ids": true,
"type": "sha1",
"uuid": "58904d34-9370-4f17-b899-e25202de0b81",
"value": "3cd014e2ebdb8dd679deb70cd1005b0a2b8283e7"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: e54d28a24c976348c438f45281d68c54",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851956",
"to_ids": false,
"type": "link",
"uuid": "58904d34-952c-4b2f-bd6a-e25202de0b81",
"value": "https://www.virustotal.com/file/5d2ee0440314f7229a126baa152e43473d771591e818f8317275c175fd888f23/analysis/1478618090/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: d840ecdd9c8b32af83131dab66ec0f44",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851957",
"to_ids": true,
"type": "sha256",
"uuid": "58904d35-02f0-4d28-bbf4-e25202de0b81",
"value": "77a4c8babcc18e0d42a9338d132ec6e44b55f4479efb836f699c0d7984898db1"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: d840ecdd9c8b32af83131dab66ec0f44",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851958",
"to_ids": true,
"type": "sha1",
"uuid": "58904d36-88cc-48a5-af41-e25202de0b81",
"value": "cdeba8c395be1f4b61d30dac1d32dd3567264262"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: d840ecdd9c8b32af83131dab66ec0f44",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851959",
"to_ids": false,
"type": "link",
"uuid": "58904d37-97c0-494d-aeed-e25202de0b81",
"value": "https://www.virustotal.com/file/77a4c8babcc18e0d42a9338d132ec6e44b55f4479efb836f699c0d7984898db1/analysis/1483968372/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: d4c5384da41fd391d16eff60abc21405",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851960",
"to_ids": true,
"type": "sha256",
"uuid": "58904d38-c8a8-4161-8d37-e25202de0b81",
"value": "0522bfea61ab0db154cde9c1217c90547bd46ba1be0fc6a17bfb4b52e8241a63"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: d4c5384da41fd391d16eff60abc21405",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851960",
"to_ids": true,
"type": "sha1",
"uuid": "58904d38-dd8c-43d0-93b3-e25202de0b81",
"value": "75f47640299fc2b33492c3640128d58ac2dc1463"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: d4c5384da41fd391d16eff60abc21405",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851961",
"to_ids": false,
"type": "link",
"uuid": "58904d39-0758-476a-b425-e25202de0b81",
"value": "https://www.virustotal.com/file/0522bfea61ab0db154cde9c1217c90547bd46ba1be0fc6a17bfb4b52e8241a63/analysis/1480068801/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: cdb0762becd67b893d73cda594cd1c3e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851962",
"to_ids": true,
"type": "sha256",
"uuid": "58904d3a-6490-4f5d-b113-e25202de0b81",
"value": "08e132f3889ee73357b6bb38e752a749f40dd7e9fb168c6f66be3575dbbbc63d"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: cdb0762becd67b893d73cda594cd1c3e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851963",
"to_ids": true,
"type": "sha1",
"uuid": "58904d3b-5ef0-45e8-9767-e25202de0b81",
"value": "4bf3a98d542e173fdcdba19cec79f177dc8a65ab"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: cdb0762becd67b893d73cda594cd1c3e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851963",
"to_ids": false,
"type": "link",
"uuid": "58904d3b-7ed0-44da-942d-e25202de0b81",
"value": "https://www.virustotal.com/file/08e132f3889ee73357b6bb38e752a749f40dd7e9fb168c6f66be3575dbbbc63d/analysis/1478522618/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: cc38fd598cbef1a3816bb64f2990e9b6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851964",
"to_ids": true,
"type": "sha256",
"uuid": "58904d3c-dd18-4e85-87c6-e25202de0b81",
"value": "e0b599f73d0c46a5130396f81daf5ba9f31639589035b49686bf3ef5f164f009"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: cc38fd598cbef1a3816bb64f2990e9b6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851965",
"to_ids": true,
"type": "sha1",
"uuid": "58904d3d-50e0-4f9b-8a1f-e25202de0b81",
"value": "5ac80df4f80d466e616d13e8d35be3fe9da5a45e"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: cc38fd598cbef1a3816bb64f2990e9b6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851965",
"to_ids": false,
"type": "link",
"uuid": "58904d3d-acd0-4a51-be86-e25202de0b81",
"value": "https://www.virustotal.com/file/e0b599f73d0c46a5130396f81daf5ba9f31639589035b49686bf3ef5f164f009/analysis/1481230393/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: cb8d57c149330e7bd1798d62e5da5404",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851966",
"to_ids": true,
"type": "sha256",
"uuid": "58904d3e-9750-4944-9759-e25202de0b81",
"value": "d1d851326a00c1c14fc8ae77480a2150c398e4ef058c316ea32b191fd0e603c0"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: cb8d57c149330e7bd1798d62e5da5404",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851967",
"to_ids": true,
"type": "sha1",
"uuid": "58904d3f-c734-49a6-9eb5-e25202de0b81",
"value": "7f23a5b87402928e02175e3a5942aee596cdc91f"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: cb8d57c149330e7bd1798d62e5da5404",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851968",
"to_ids": false,
"type": "link",
"uuid": "58904d40-6c2c-4db6-866c-e25202de0b81",
"value": "https://www.virustotal.com/file/d1d851326a00c1c14fc8ae77480a2150c398e4ef058c316ea32b191fd0e603c0/analysis/1478188503/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: c6faf2a51122cad086370674a3c9ad1a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851968",
"to_ids": true,
"type": "sha256",
"uuid": "58904d40-ad8c-47aa-bdd8-e25202de0b81",
"value": "af9f98fd77f38090f382334178004ca1a687460c78d9342337d3ace5643dcacf"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: c6faf2a51122cad086370674a3c9ad1a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851969",
"to_ids": true,
"type": "sha1",
"uuid": "58904d41-d698-4725-bc82-e25202de0b81",
"value": "2eccaac35aa3b351b2a5d367fb8dd478cea1a3f6"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: c6faf2a51122cad086370674a3c9ad1a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851970",
"to_ids": false,
"type": "link",
"uuid": "58904d42-f9a4-4e80-b4f2-e25202de0b81",
"value": "https://www.virustotal.com/file/af9f98fd77f38090f382334178004ca1a687460c78d9342337d3ace5643dcacf/analysis/1483333415/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: c149ef34c57e6f7e970063679de01342",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851971",
"to_ids": true,
"type": "sha256",
"uuid": "58904d43-18b4-4c42-aaf9-e25202de0b81",
"value": "5028124ce748b23e709f1540a7c58310f8481e179aff7986d5cfd693c9af94da"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: c149ef34c57e6f7e970063679de01342",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851972",
"to_ids": true,
"type": "sha1",
"uuid": "58904d44-42dc-43d1-b398-e25202de0b81",
"value": "855388d354f19322a722c6f9d01e574c9bbf19ae"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: c149ef34c57e6f7e970063679de01342",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851973",
"to_ids": false,
"type": "link",
"uuid": "58904d45-5af0-4298-8639-e25202de0b81",
"value": "https://www.virustotal.com/file/5028124ce748b23e709f1540a7c58310f8481e179aff7986d5cfd693c9af94da/analysis/1481230392/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: a53d38e93698ccf1843f15ebbd89a380",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851973",
"to_ids": true,
"type": "sha256",
"uuid": "58904d45-b4a8-4017-9e0d-e25202de0b81",
"value": "1e4fb4dbb8e93d952e531f13d3a53505facec348cc2dee574eba3d50494b77ab"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: a53d38e93698ccf1843f15ebbd89a380",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851974",
"to_ids": true,
"type": "sha1",
"uuid": "58904d46-9214-4b98-8075-e25202de0b81",
"value": "de1257676011d476580c8a6070a39ab46bb5662d"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: a53d38e93698ccf1843f15ebbd89a380",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851975",
"to_ids": false,
"type": "link",
"uuid": "58904d47-a580-45eb-9480-e25202de0b81",
"value": "https://www.virustotal.com/file/1e4fb4dbb8e93d952e531f13d3a53505facec348cc2dee574eba3d50494b77ab/analysis/1481895204/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: a50e2d3419a9de9be87eb04f52f2245f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851976",
"to_ids": true,
"type": "sha256",
"uuid": "58904d48-f258-4f34-8189-e25202de0b81",
"value": "29108419f575464fd2a6a4569b45acbf939455bbee1af8e35b0e058c3c762d87"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: a50e2d3419a9de9be87eb04f52f2245f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851976",
"to_ids": true,
"type": "sha1",
"uuid": "58904d48-07b4-4331-8503-e25202de0b81",
"value": "9a78a5343135e126ec91629e1aca2e6aa6f03e1a"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: a50e2d3419a9de9be87eb04f52f2245f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851977",
"to_ids": false,
"type": "link",
"uuid": "58904d49-d6a4-4876-91ac-e25202de0b81",
"value": "https://www.virustotal.com/file/29108419f575464fd2a6a4569b45acbf939455bbee1af8e35b0e058c3c762d87/analysis/1476826573/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: a1bd290317b03ade7941dedd4a4e903b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851978",
"to_ids": true,
"type": "sha256",
"uuid": "58904d4a-0890-4fb0-a5b0-e25202de0b81",
"value": "1f2e1b1ca63fd91d1db36765ef4a4a48891fb48e8c1c4c455d7807ce5ca089e3"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: a1bd290317b03ade7941dedd4a4e903b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851979",
"to_ids": true,
"type": "sha1",
"uuid": "58904d4b-48d4-4cb1-bb50-e25202de0b81",
"value": "5578f3b6709311db555f33be01a42feda6dfc743"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: a1bd290317b03ade7941dedd4a4e903b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851979",
"to_ids": false,
"type": "link",
"uuid": "58904d4b-9cf4-496d-a831-e25202de0b81",
"value": "https://www.virustotal.com/file/1f2e1b1ca63fd91d1db36765ef4a4a48891fb48e8c1c4c455d7807ce5ca089e3/analysis/1482325662/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: a11b982bde341475e28d3a2fa96f982a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851980",
"to_ids": true,
"type": "sha256",
"uuid": "58904d4c-5c24-4f48-b2ac-e25202de0b81",
"value": "e43ee2ab62f9dbeb6c3c43c91778308b450f5192c0abb0242bfddb8a65ab883a"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: a11b982bde341475e28d3a2fa96f982a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851981",
"to_ids": true,
"type": "sha1",
"uuid": "58904d4d-2a60-4259-b4b2-e25202de0b81",
"value": "181fe69fa5f931251771814d2afc7bcd85c6468a"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: a11b982bde341475e28d3a2fa96f982a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851981",
"to_ids": false,
"type": "link",
"uuid": "58904d4d-9778-46a3-8b4f-e25202de0b81",
"value": "https://www.virustotal.com/file/e43ee2ab62f9dbeb6c3c43c91778308b450f5192c0abb0242bfddb8a65ab883a/analysis/1479238484/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 99e9f5a4563f56e61f3806be39efce62",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851982",
"to_ids": true,
"type": "sha256",
"uuid": "58904d4e-e000-420e-86a2-e25202de0b81",
"value": "e205a0f5688810599b1af8f65e8fd111e0e8fa2dc61fe979df76a0e4401c2784"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 99e9f5a4563f56e61f3806be39efce62",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851983",
"to_ids": true,
"type": "sha1",
"uuid": "58904d4f-6db4-4f22-b128-e25202de0b81",
"value": "44f723a16feb3d6a4d90353ded6a7757afc11510"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 99e9f5a4563f56e61f3806be39efce62",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851984",
"to_ids": false,
"type": "link",
"uuid": "58904d50-f99c-4c32-856f-e25202de0b81",
"value": "https://www.virustotal.com/file/e205a0f5688810599b1af8f65e8fd111e0e8fa2dc61fe979df76a0e4401c2784/analysis/1481801135/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 992e9518d69039c3ebae4191e1f8b8b6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851984",
"to_ids": true,
"type": "sha256",
"uuid": "58904d50-857c-4c3e-b63a-e25202de0b81",
"value": "5668f2f784befed20b52f3d30aa3a9ab374b35a1a853d908ff9ac5c82ddea749"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 992e9518d69039c3ebae4191e1f8b8b6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851985",
"to_ids": true,
"type": "sha1",
"uuid": "58904d51-1054-467e-9065-e25202de0b81",
"value": "3c93cd0ef4c38e4055b88c22bb398dd45a66fb4f"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 992e9518d69039c3ebae4191e1f8b8b6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851986",
"to_ids": false,
"type": "link",
"uuid": "58904d52-b470-4bbc-b15f-e25202de0b81",
"value": "https://www.virustotal.com/file/5668f2f784befed20b52f3d30aa3a9ab374b35a1a853d908ff9ac5c82ddea749/analysis/1479397561/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 93c07b57a51e3eee44134caa39057e8d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851987",
"to_ids": true,
"type": "sha256",
"uuid": "58904d53-8e34-41a0-8ce0-e25202de0b81",
"value": "7bc06cbf4a522a20eefe0e027af3623c987c80f6d0a8cf888c9209ab6f85ff66"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 93c07b57a51e3eee44134caa39057e8d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851987",
"to_ids": true,
"type": "sha1",
"uuid": "58904d53-a1f8-420c-b4e8-e25202de0b81",
"value": "4d74dd452a54aca9099aa3ec0e4485b141a0995a"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 93c07b57a51e3eee44134caa39057e8d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851988",
"to_ids": false,
"type": "link",
"uuid": "58904d54-5360-482c-bc3f-e25202de0b81",
"value": "https://www.virustotal.com/file/7bc06cbf4a522a20eefe0e027af3623c987c80f6d0a8cf888c9209ab6f85ff66/analysis/1480950931/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 92316769af9e7cc204a81789c0dab9c0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851989",
"to_ids": true,
"type": "sha256",
"uuid": "58904d55-9828-4438-84c0-e25202de0b81",
"value": "8c4e73647cb234384bf2f31504a49a245d897257f8b5e84098f0263d195cda7c"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 92316769af9e7cc204a81789c0dab9c0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851989",
"to_ids": true,
"type": "sha1",
"uuid": "58904d55-be6c-40bf-88f9-e25202de0b81",
"value": "c3480609ac5ed1a10d0bd1ef7b8b2e292cd51955"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 92316769af9e7cc204a81789c0dab9c0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851990",
"to_ids": false,
"type": "link",
"uuid": "58904d56-f6a0-4682-917d-e25202de0b81",
"value": "https://www.virustotal.com/file/8c4e73647cb234384bf2f31504a49a245d897257f8b5e84098f0263d195cda7c/analysis/1482325664/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 7d17de98ce24a0c3e156efcc0e1ca565",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851991",
"to_ids": true,
"type": "sha256",
"uuid": "58904d57-ccf8-45dc-b6f6-e25202de0b81",
"value": "f9e75d18efcd8d07a8e8981e9ad0d881225f85b875c77279cb329014c3d30a54"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 7d17de98ce24a0c3e156efcc0e1ca565",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851992",
"to_ids": true,
"type": "sha1",
"uuid": "58904d58-ba58-4272-9ce9-e25202de0b81",
"value": "641147b438129274d0189f19fa70046a379d6cf1"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 7d17de98ce24a0c3e156efcc0e1ca565",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851992",
"to_ids": false,
"type": "link",
"uuid": "58904d58-ee98-41f6-a950-e25202de0b81",
"value": "https://www.virustotal.com/file/f9e75d18efcd8d07a8e8981e9ad0d881225f85b875c77279cb329014c3d30a54/analysis/1484568182/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 7b8f8a999367f28b3ac42fc4d2b9439d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851993",
"to_ids": true,
"type": "sha256",
"uuid": "58904d59-db28-4b62-9b14-e25202de0b81",
"value": "5fdc148bffbe0b27aed2269030bc9b21fa9e122880c94d8cf597db17c85212ef"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 7b8f8a999367f28b3ac42fc4d2b9439d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851994",
"to_ids": true,
"type": "sha1",
"uuid": "58904d5a-90e4-41c3-8565-e25202de0b81",
"value": "4bc25f2fff09a00de45ddadc1d95e62c74cb46c2"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 7b8f8a999367f28b3ac42fc4d2b9439d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851994",
"to_ids": false,
"type": "link",
"uuid": "58904d5a-45b0-4260-9ae7-e25202de0b81",
"value": "https://www.virustotal.com/file/5fdc148bffbe0b27aed2269030bc9b21fa9e122880c94d8cf597db17c85212ef/analysis/1483968314/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 7b7675705908d34432e2309880f5538e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851995",
"to_ids": true,
"type": "sha256",
"uuid": "58904d5b-adc4-4055-b81e-e25202de0b81",
"value": "2414b7709a44cedc3a55b927898251ca369f0589923e4cc688c72c11ede788bb"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 7b7675705908d34432e2309880f5538e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851996",
"to_ids": true,
"type": "sha1",
"uuid": "58904d5c-d394-4f99-bba3-e25202de0b81",
"value": "1be90534bb557904283f5447becdb7bf448b28e1"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 7b7675705908d34432e2309880f5538e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851997",
"to_ids": false,
"type": "link",
"uuid": "58904d5d-02ac-4e8d-a412-e25202de0b81",
"value": "https://www.virustotal.com/file/2414b7709a44cedc3a55b927898251ca369f0589923e4cc688c72c11ede788bb/analysis/1481154655/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 70f6abfb433327a7b3c394246cc37ea2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851997",
"to_ids": true,
"type": "sha256",
"uuid": "58904d5d-e0cc-42d4-b8ae-e25202de0b81",
"value": "3c2c753dbb62920cc00e37a7cab64fe0e16952ff731d39db26573819eb715b67"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 70f6abfb433327a7b3c394246cc37ea2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851998",
"to_ids": true,
"type": "sha1",
"uuid": "58904d5e-6614-4c3d-9ec9-e25202de0b81",
"value": "d2d0a6c7b63d5032a37b791f1fd07246d3a98093"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 70f6abfb433327a7b3c394246cc37ea2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851999",
"to_ids": false,
"type": "link",
"uuid": "58904d5f-e854-4655-9fdf-e25202de0b81",
"value": "https://www.virustotal.com/file/3c2c753dbb62920cc00e37a7cab64fe0e16952ff731d39db26573819eb715b67/analysis/1481535806/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 6dcc9ef9258dea343e1fdb1aaa5c7e56",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485851999",
"to_ids": true,
"type": "sha256",
"uuid": "58904d5f-f200-4057-ad49-e25202de0b81",
"value": "2658c39d9e14e463c8c6dc7cd7a53bee6016e641f5ab2e22be3a1f13f0070809"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 6dcc9ef9258dea343e1fdb1aaa5c7e56",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485852000",
"to_ids": true,
"type": "sha1",
"uuid": "58904d60-7640-4959-a207-e25202de0b81",
"value": "7644de519b46524346d99ae279a3624e99187b9d"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 6dcc9ef9258dea343e1fdb1aaa5c7e56",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485852001",
"to_ids": false,
"type": "link",
"uuid": "58904d61-ef28-47ad-829a-e25202de0b81",
"value": "https://www.virustotal.com/file/2658c39d9e14e463c8c6dc7cd7a53bee6016e641f5ab2e22be3a1f13f0070809/analysis/1482248474/"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 6db1f428becc2870517ae50fd892fc67",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485852002",
"to_ids": true,
"type": "sha256",
"uuid": "58904d62-e0e0-4fed-ba88-e25202de0b81",
"value": "ad6fd5137fab3142b1216037ff0c1f6850bb810f0bd23e2feb374c9ddd03bacb"
},
{
"category": "Payload delivery",
"comment": "Flokibot Sample hashes - Xchecked via VT: 6db1f428becc2870517ae50fd892fc67",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485852002",
"to_ids": true,
"type": "sha1",
"uuid": "58904d62-3c34-4f56-8563-e25202de0b81",
"value": "c4659b5e0b2703e192a683bf672b001888695699"
},
{
"category": "External analysis",
"comment": "Flokibot Sample hashes - Xchecked via VT: 6db1f428becc2870517ae50fd892fc67",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485852003",
"to_ids": false,
"type": "link",
"uuid": "58904d63-f5dc-4b9f-99fd-e25202de0b81",
"value": "https://www.virustotal.com/file/ad6fd5137fab3142b1216037ff0c1f6850bb810f0bd23e2feb374c9ddd03bacb/analysis/1482185096/"
}
]
}
}
Reference in a new issue View git blame Copy permalink