{ "Event": { "analysis": "2", "date": "2017-04-04", "extends_uuid": "", "info": "OSINT - High-Volume Dridex Campaigns Return, First to Hit Millions Since June 2016", "publish_timestamp": "1491560139", "published": true, "threat_level_id": "3", "timestamp": "1491560019", "uuid": "58e73aab-3530-44d8-94b7-4cbf950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#0da700", "local": false, "name": "misp-galaxy:tool=\"Dridex\"", "relationship_type": "" }, { "colour": "#00223b", "local": false, "name": "osint:source-type=\"blog-post\"", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" } ], "Attribute": [ { "category": "Payload delivery", "comment": "VBS Downloader Example", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "sha256", "uuid": "58e73b5f-bd3c-4749-b338-4683950d210f", "value": "84c9028a1d25e5f171c170179f2f1ea3e1eab9514812ab9e4b617de822b46e69" }, { "category": "Payload delivery", "comment": "Macro Document", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "sha256", "uuid": "58e73b60-9508-41a5-b5d4-4076950d210f", "value": "1ac8931791374c156c8e619b4ca66fdcbd31a56203fa3a429d981e20955099c8" }, { "category": "Payload delivery", "comment": "Macro Document", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "sha256", "uuid": "58e73b61-5820-4259-bf31-47ad950d210f", "value": "743f6538c1dc1b224e443356f9bf3ae3954f2dea2c3b6e7986a5bc410b8dda20" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1491559995", "to_ids": false, "type": "link", "uuid": "58e73b73-775c-4c97-a655-4120950d210f", "value": "https://www.proofpoint.com/us/threat-insight/post/high-volume-dridex-campaigns-return", "Tag": [ { "colour": "#00223b", "local": false, "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Document Payload", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73cbd-d934-4c4f-9673-4aed950d210f", "value": "http://meyermuehltal.de/0h656jk" }, { "category": "Network activity", "comment": "Document Payload", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73cbe-0a68-4d90-9596-450a950d210f", "value": "http://technologyservice.eu/0h656jk" }, { "category": "Network activity", "comment": "Document Payload", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73cbf-c770-4e6d-97b8-4004950d210f", "value": "http://tspars.com/0h656jk" }, { "category": "Network activity", "comment": "Document Payload", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73cc0-08cc-4ade-84b3-44fa950d210f", "value": "http://thaipowertools.com/0h656jk" }, { "category": "Network activity", "comment": "Document Payload", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73cc1-ce74-4efe-b509-483d950d210f", "value": "http://www.movimentodiesel.gr/0h656jk" }, { "category": "Network activity", "comment": "Document Payload", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73cc2-0044-43f2-8a9f-4cd3950d210f", "value": "http://lhgarden.org/0h656jk" }, { "category": "Network activity", "comment": "Document Payload", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73cc3-5ad8-48e1-ae5e-4e5f950d210f", "value": "http://www.soulcube.com/0h656jk" }, { "category": "Network activity", "comment": "VBS Payload", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73d58-13c4-4a30-8f9b-4072950d210f", "value": "http://roylgrafix.com/76gbce?" }, { "category": "Network activity", "comment": "VBS Payload", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73d59-2f14-4f5d-8b44-4275950d210f", "value": "http://signwaves.net/76gbce?" }, { "category": "Network activity", "comment": "VBS Payload", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73d5a-3b5c-4902-a0c9-4608950d210f", "value": "http://testsite.prosun.com/76gbce?" }, { "category": "Network activity", "comment": "VBS Payload", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73d5b-aab0-4ab1-85b4-4007950d210f", "value": "http://omurongen.com/76gbce?" }, { "category": "Network activity", "comment": "Smoke Loader Payload", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73da3-cf44-49cc-9c82-4fd1950d210f", "value": "http://pastasmolinero.es/76gf33" }, { "category": "Network activity", "comment": "Quant Loader Payload", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73da4-a844-4319-851a-491c950d210f", "value": "http://nzhat.net/9jgtyft6" }, { "category": "Payload delivery", "comment": "Dridex Botnet 7500 Loader", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "sha256", "uuid": "58e73de0-26d0-4e32-b380-47e4950d210f", "value": "dfd99e050505ec41bc41fbaf51fee908fcda8c17a1bc92623748d34915c5bc0a" }, { "category": "Payload delivery", "comment": "Dridex Botnet 7500 Loader", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "sha256", "uuid": "58e73de1-26f8-4352-862a-4204950d210f", "value": "20b61b6ce821f8011f2cb1a409e6221b7bc1ae3a0cde56d66b025d12d640ee81" }, { "category": "Payload delivery", "comment": "Smoke Loader", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "sha256", "uuid": "58e73de2-9c50-4fe6-99d3-431e950d210f", "value": "4d76f25637f4193457b124290f878a47b5b9361ff486b79dc48a2d5c3648de02" }, { "category": "Payload delivery", "comment": "Dridex Botnet 7200 Loader", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "sha256", "uuid": "58e73de3-cee8-4425-9217-43c2950d210f", "value": "379466fd81787399f7da3bfaab288c4b67ba3518c0225d1deabf9bc833dcaa22" }, { "category": "Payload delivery", "comment": "Dridex Botnet 7200 Loader", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "sha256", "uuid": "58e73de5-d9c8-48b4-91ce-40cf950d210f", "value": "6adda664e3ab2936a8dbe8e95e10d33e34d13fbe375123c69abf3ac5fbf52fcd" }, { "category": "Payload delivery", "comment": "Quant Loader", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "sha256", "uuid": "58e73de6-1c44-421f-b169-465c950d210f", "value": "ac4d02637e1e01b16062f368658275cb8400b21f6592819d3a09dbee31cb5cc1" }, { "category": "Payload delivery", "comment": "Dridex Botnet 7200 Loader", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": false, "type": "other", "uuid": "58e73e57-0c84-41fe-a209-491d950d210f", "value": "5054518c52e70f86a6e42641b094e9b64df96bd65C&C9ab0d21e810dcf14c87b5|SHA256|Dridex Botnet 7200 Loader" }, { "category": "Payload delivery", "comment": "Dridex Loader C&C", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "ip-dst|port", "uuid": "58e73fc0-6d00-4fcd-9200-4af8950d210f", "value": "8.8.247.36|443" }, { "category": "Payload delivery", "comment": "Dridex Loader C&C", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "ip-dst|port", "uuid": "58e73fc2-fbf8-4eb2-b55e-47f9950d210f", "value": "81.12.229.190|8043" }, { "category": "Payload delivery", "comment": "Dridex Loader C&C", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "ip-dst|port", "uuid": "58e73fc4-5f60-4ad3-b30c-42bf950d210f", "value": "107.170.0.14|8043" }, { "category": "Payload delivery", "comment": "Dridex Loader C&C", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "ip-dst|port", "uuid": "58e73fc6-f0a0-4574-89c8-4dee950d210f", "value": "37.120.172.171|4143" }, { "category": "Payload delivery", "comment": "Dridex Loader C&C", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "ip-dst|port", "uuid": "58e73fc8-4d50-453a-af40-4238950d210f", "value": "91.219.28.55|443" }, { "category": "Payload delivery", "comment": "Dridex Loader C&C", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "ip-dst|port", "uuid": "58e73fca-7608-49de-8ecf-4130950d210f", "value": "178.32.255.130|44343" }, { "category": "Payload delivery", "comment": "Dridex Loader C&C", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "ip-dst|port", "uuid": "58e73fcc-4910-4c8e-817e-4be1950d210f", "value": "217.197.39.1|8443" }, { "category": "Payload delivery", "comment": "Dridex Loader C&C", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "ip-dst|port", "uuid": "58e73fce-f480-4d25-be75-4505950d210f", "value": "195.88.209.221|4413" }, { "category": "Network activity", "comment": "Smoke Loader C&C", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73ff3-8c9c-4cd0-b98b-4e5d950d210f", "value": "http://justjohnwilhertthet.ws/m/" }, { "category": "Network activity", "comment": "Quant Loader C&C", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73ff4-ecfc-48fd-9970-4075950d210f", "value": "http://jusevengwassresbet.ws/q/index.php" }, { "category": "Network activity", "comment": "Quant Loader C&C", "deleted": false, "disable_correlation": false, "timestamp": "1491559977", "to_ids": true, "type": "url", "uuid": "58e73ff5-1f6c-4567-bb07-4a94950d210f", "value": "http://sinmanarattot.ws/q/index.php" }, { "category": "Payload delivery", "comment": "Quant Loader - Xchecked via VT: ac4d02637e1e01b16062f368658275cb8400b21f6592819d3a09dbee31cb5cc1", "deleted": false, "disable_correlation": false, "timestamp": "1491560020", "to_ids": true, "type": "sha1", "uuid": "58e76654-0f90-4af3-9d77-499302de0b81", "value": "155863bcd4ea677986beb13b1e519f3f71cf2183" }, { "category": "Payload delivery", "comment": "Quant Loader - Xchecked via VT: ac4d02637e1e01b16062f368658275cb8400b21f6592819d3a09dbee31cb5cc1", "deleted": false, "disable_correlation": false, "timestamp": "1491560021", "to_ids": true, "type": "md5", "uuid": "58e76655-1eb0-46f4-b791-413602de0b81", "value": "3ede7214e1fe848aefd67e8d11beec00" }, { "category": "External analysis", "comment": "Quant Loader - Xchecked via VT: ac4d02637e1e01b16062f368658275cb8400b21f6592819d3a09dbee31cb5cc1", "deleted": false, "disable_correlation": false, "timestamp": "1491560022", "to_ids": false, "type": "link", "uuid": "58e76656-b394-4f3d-8498-40ac02de0b81", "value": "https://www.virustotal.com/file/ac4d02637e1e01b16062f368658275cb8400b21f6592819d3a09dbee31cb5cc1/analysis/1491538426/" }, { "category": "Payload delivery", "comment": "Dridex Botnet 7200 Loader - Xchecked via VT: 6adda664e3ab2936a8dbe8e95e10d33e34d13fbe375123c69abf3ac5fbf52fcd", "deleted": false, "disable_correlation": false, "timestamp": "1491560023", "to_ids": true, "type": "sha1", "uuid": "58e76657-0cf8-48f2-9e77-45eb02de0b81", "value": "694266450ffedf4008f0cf0e5573c63c56f2e5d0" }, { "category": "Payload delivery", "comment": "Dridex Botnet 7200 Loader - Xchecked via VT: 6adda664e3ab2936a8dbe8e95e10d33e34d13fbe375123c69abf3ac5fbf52fcd", "deleted": false, "disable_correlation": false, "timestamp": "1491560024", "to_ids": true, "type": "md5", "uuid": "58e76658-8684-4696-9e23-4c7402de0b81", "value": "f4e11acef79702561dea6070d4dbba45" }, { "category": "External analysis", "comment": "Dridex Botnet 7200 Loader - Xchecked via VT: 6adda664e3ab2936a8dbe8e95e10d33e34d13fbe375123c69abf3ac5fbf52fcd", "deleted": false, "disable_correlation": false, "timestamp": "1491560025", "to_ids": false, "type": "link", "uuid": "58e76659-b41c-4a12-afdf-41af02de0b81", "value": "https://www.virustotal.com/file/6adda664e3ab2936a8dbe8e95e10d33e34d13fbe375123c69abf3ac5fbf52fcd/analysis/1491294800/" }, { "category": "Payload delivery", "comment": "Dridex Botnet 7200 Loader - Xchecked via VT: 379466fd81787399f7da3bfaab288c4b67ba3518c0225d1deabf9bc833dcaa22", "deleted": false, "disable_correlation": false, "timestamp": "1491560026", "to_ids": true, "type": "sha1", "uuid": "58e7665a-89dc-48f5-a69e-4d3b02de0b81", "value": "44bbd62533c8b1257a02f11756b39ebca77eda78" }, { "category": "Payload delivery", "comment": "Dridex Botnet 7200 Loader - Xchecked via VT: 379466fd81787399f7da3bfaab288c4b67ba3518c0225d1deabf9bc833dcaa22", "deleted": false, "disable_correlation": false, "timestamp": "1491560027", "to_ids": true, "type": "md5", "uuid": "58e7665b-d364-4005-b2c2-406902de0b81", "value": "0243c9bb903d6f89d7eeadae882cf591" }, { "category": "External analysis", "comment": "Dridex Botnet 7200 Loader - Xchecked via VT: 379466fd81787399f7da3bfaab288c4b67ba3518c0225d1deabf9bc833dcaa22", "deleted": false, "disable_correlation": false, "timestamp": "1491560028", "to_ids": false, "type": "link", "uuid": "58e7665c-5394-4250-9d8c-49f302de0b81", "value": "https://www.virustotal.com/file/379466fd81787399f7da3bfaab288c4b67ba3518c0225d1deabf9bc833dcaa22/analysis/1491192423/" }, { "category": "Payload delivery", "comment": "Smoke Loader - Xchecked via VT: 4d76f25637f4193457b124290f878a47b5b9361ff486b79dc48a2d5c3648de02", "deleted": false, "disable_correlation": false, "timestamp": "1491560029", "to_ids": true, "type": "sha1", "uuid": "58e7665d-3844-4f1f-9fa8-40e202de0b81", "value": "a6cc5c3aedf9eba6ff3f18b76430e3f8efb90f57" }, { "category": "Payload delivery", "comment": "Smoke Loader - Xchecked via VT: 4d76f25637f4193457b124290f878a47b5b9361ff486b79dc48a2d5c3648de02", "deleted": false, "disable_correlation": false, "timestamp": "1491560030", "to_ids": true, "type": "md5", "uuid": "58e7665e-9778-483d-9712-4e2202de0b81", "value": "c738746c751e3f4465cdf20959ed7115" }, { "category": "External analysis", "comment": "Smoke Loader - Xchecked via VT: 4d76f25637f4193457b124290f878a47b5b9361ff486b79dc48a2d5c3648de02", "deleted": false, "disable_correlation": false, "timestamp": "1491560031", "to_ids": false, "type": "link", "uuid": "58e7665f-c77c-4b35-acd9-4f0302de0b81", "value": "https://www.virustotal.com/file/4d76f25637f4193457b124290f878a47b5b9361ff486b79dc48a2d5c3648de02/analysis/1491540064/" }, { "category": "Payload delivery", "comment": "Dridex Botnet 7500 Loader - Xchecked via VT: 20b61b6ce821f8011f2cb1a409e6221b7bc1ae3a0cde56d66b025d12d640ee81", "deleted": false, "disable_correlation": false, "timestamp": "1491560032", "to_ids": true, "type": "sha1", "uuid": "58e76660-f4ec-4ac7-96c6-4e9202de0b81", "value": "6812c5b94ea2452b794e8e735428eddd415e1bb6" }, { "category": "Payload delivery", "comment": "Dridex Botnet 7500 Loader - Xchecked via VT: 20b61b6ce821f8011f2cb1a409e6221b7bc1ae3a0cde56d66b025d12d640ee81", "deleted": false, "disable_correlation": false, "timestamp": "1491560032", "to_ids": true, "type": "md5", "uuid": "58e76660-28a0-4837-b925-405202de0b81", "value": "e50522bf1817a8f5698b740e5225c34f" }, { "category": "External analysis", "comment": "Dridex Botnet 7500 Loader - Xchecked via VT: 20b61b6ce821f8011f2cb1a409e6221b7bc1ae3a0cde56d66b025d12d640ee81", "deleted": false, "disable_correlation": false, "timestamp": "1491560033", "to_ids": false, "type": "link", "uuid": "58e76661-edf0-4e21-945d-4df102de0b81", "value": "https://www.virustotal.com/file/20b61b6ce821f8011f2cb1a409e6221b7bc1ae3a0cde56d66b025d12d640ee81/analysis/1491282981/" }, { "category": "Payload delivery", "comment": "Dridex Botnet 7500 Loader - Xchecked via VT: dfd99e050505ec41bc41fbaf51fee908fcda8c17a1bc92623748d34915c5bc0a", "deleted": false, "disable_correlation": false, "timestamp": "1491560034", "to_ids": true, "type": "sha1", "uuid": "58e76662-6f30-4eeb-987b-441602de0b81", "value": "7eb1ab6a19b3ab9fc8dd96f73e5a696571a72400" }, { "category": "Payload delivery", "comment": "Dridex Botnet 7500 Loader - Xchecked via VT: dfd99e050505ec41bc41fbaf51fee908fcda8c17a1bc92623748d34915c5bc0a", "deleted": false, "disable_correlation": false, "timestamp": "1491560035", "to_ids": true, "type": "md5", "uuid": "58e76663-b798-454f-887a-460502de0b81", "value": "41a5b1d50947452adb663abcb6ecb829" }, { "category": "External analysis", "comment": "Dridex Botnet 7500 Loader - Xchecked via VT: dfd99e050505ec41bc41fbaf51fee908fcda8c17a1bc92623748d34915c5bc0a", "deleted": false, "disable_correlation": false, "timestamp": "1491560036", "to_ids": false, "type": "link", "uuid": "58e76664-e204-4ed7-8ab0-439c02de0b81", "value": "https://www.virustotal.com/file/dfd99e050505ec41bc41fbaf51fee908fcda8c17a1bc92623748d34915c5bc0a/analysis/1491188391/" }, { "category": "Payload delivery", "comment": "Macro Document - Xchecked via VT: 743f6538c1dc1b224e443356f9bf3ae3954f2dea2c3b6e7986a5bc410b8dda20", "deleted": false, "disable_correlation": false, "timestamp": "1491560037", "to_ids": true, "type": "sha1", "uuid": "58e76665-f120-4ccd-a42c-4e7502de0b81", "value": "f40791fd456f4e9429cbcc231e5550bfe8fcb906" }, { "category": "Payload delivery", "comment": "Macro Document - Xchecked via VT: 743f6538c1dc1b224e443356f9bf3ae3954f2dea2c3b6e7986a5bc410b8dda20", "deleted": false, "disable_correlation": false, "timestamp": "1491560038", "to_ids": true, "type": "md5", "uuid": "58e76666-87b4-420b-92f6-433c02de0b81", "value": "130b76fcf04f44433fa075c3cc596d03" }, { "category": "External analysis", "comment": "Macro Document - Xchecked via VT: 743f6538c1dc1b224e443356f9bf3ae3954f2dea2c3b6e7986a5bc410b8dda20", "deleted": false, "disable_correlation": false, "timestamp": "1491560039", "to_ids": false, "type": "link", "uuid": "58e76667-b1b0-43d3-bacd-413102de0b81", "value": "https://www.virustotal.com/file/743f6538c1dc1b224e443356f9bf3ae3954f2dea2c3b6e7986a5bc410b8dda20/analysis/1491287540/" }, { "category": "Payload delivery", "comment": "Macro Document - Xchecked via VT: 1ac8931791374c156c8e619b4ca66fdcbd31a56203fa3a429d981e20955099c8", "deleted": false, "disable_correlation": false, "timestamp": "1491560040", "to_ids": true, "type": "sha1", "uuid": "58e76668-dbac-41b1-84c0-41fc02de0b81", "value": "49858617e73d5a56894140d90f0d75fe59496b1e" }, { "category": "Payload delivery", "comment": "Macro Document - Xchecked via VT: 1ac8931791374c156c8e619b4ca66fdcbd31a56203fa3a429d981e20955099c8", "deleted": false, "disable_correlation": false, "timestamp": "1491560041", "to_ids": true, "type": "md5", "uuid": "58e76669-a3c0-454b-8635-43ea02de0b81", "value": "6c8104146ba1bb6e1a4c3b8b6f6a1fa9" }, { "category": "External analysis", "comment": "Macro Document - Xchecked via VT: 1ac8931791374c156c8e619b4ca66fdcbd31a56203fa3a429d981e20955099c8", "deleted": false, "disable_correlation": false, "timestamp": "1491560042", "to_ids": false, "type": "link", "uuid": "58e7666a-9bb8-40ac-a37a-4e9402de0b81", "value": "https://www.virustotal.com/file/1ac8931791374c156c8e619b4ca66fdcbd31a56203fa3a429d981e20955099c8/analysis/1491436931/" }, { "category": "Payload delivery", "comment": "VBS Downloader Example - Xchecked via VT: 84c9028a1d25e5f171c170179f2f1ea3e1eab9514812ab9e4b617de822b46e69", "deleted": false, "disable_correlation": false, "timestamp": "1491560043", "to_ids": true, "type": "sha1", "uuid": "58e7666b-5a48-4cf6-a3f5-4cb502de0b81", "value": "71792564c59392c6f875c18bb62b7f501ba48a5d" }, { "category": "Payload delivery", "comment": "VBS Downloader Example - Xchecked via VT: 84c9028a1d25e5f171c170179f2f1ea3e1eab9514812ab9e4b617de822b46e69", "deleted": false, "disable_correlation": false, "timestamp": "1491560044", "to_ids": true, "type": "md5", "uuid": "58e7666c-7810-4fa4-9361-4e4d02de0b81", "value": "1cdecc032262cc06375296dd7d907968" }, { "category": "External analysis", "comment": "VBS Downloader Example - Xchecked via VT: 84c9028a1d25e5f171c170179f2f1ea3e1eab9514812ab9e4b617de822b46e69", "deleted": false, "disable_correlation": false, "timestamp": "1491560045", "to_ids": false, "type": "link", "uuid": "58e7666d-4628-4053-a1a9-4bb602de0b81", "value": "https://www.virustotal.com/file/84c9028a1d25e5f171c170179f2f1ea3e1eab9514812ab9e4b617de822b46e69/analysis/1491200234/" } ] } }