misp-circl-feed/feeds/circl/misp/5770f374-7cc4-40d6-9d1f-46f8950d210f.json

581 lines
No EOL
25 KiB
JSON

{
"type": "bundle",
"id": "bundle--5770f374-7cc4-40d6-9d1f-46f8950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:40:58.000Z",
"modified": "2016-06-27T09:40:58.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5770f374-7cc4-40d6-9d1f-46f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:40:58.000Z",
"modified": "2016-06-27T09:40:58.000Z",
"name": "OSINT - Doh! New \"Bart\" Ransomware from Threat Actors Spreading Dridex and Locky",
"published": "2016-06-27T09:43:43Z",
"object_refs": [
"observed-data--5770f38c-1824-4bb7-b138-461a950d210f",
"url--5770f38c-1824-4bb7-b138-461a950d210f",
"x-misp-attribute--5770f39f-083c-402d-983a-443e950d210f",
"indicator--5770f3e3-9a60-40d1-b67d-46fe950d210f",
"indicator--5770f3e4-5d3c-49b9-9751-44de950d210f",
"indicator--5770f3e4-89ec-4e84-8a65-49b6950d210f",
"indicator--5770f3e5-747c-4544-8ef5-4cbf950d210f",
"indicator--5770f3e5-3fd8-46d0-8db2-4062950d210f",
"indicator--5770f3fa-9888-452b-99ca-4afc950d210f",
"indicator--5770f42c-7760-4e9b-bd75-3123950d210f",
"indicator--5770f42d-90cc-4a11-a948-3123950d210f",
"indicator--5770f4aa-bc0c-4416-9044-42e102de0b81",
"indicator--5770f4ab-4e1c-42ff-a419-4ea802de0b81",
"observed-data--5770f4ab-8ff4-4327-8fac-4ff002de0b81",
"url--5770f4ab-8ff4-4327-8fac-4ff002de0b81",
"indicator--5770f4ac-c42c-4a7e-bd79-4b3402de0b81",
"indicator--5770f4ac-3c28-4572-b1f0-44e702de0b81",
"observed-data--5770f4ad-d7e0-4ed6-a52f-426502de0b81",
"url--5770f4ad-d7e0-4ed6-a52f-426502de0b81",
"indicator--5770f4ad-1500-4ca1-a628-4c5902de0b81",
"indicator--5770f4ad-0968-41cc-80ee-404802de0b81",
"observed-data--5770f4ae-7678-403c-9b07-4bb102de0b81",
"url--5770f4ae-7678-403c-9b07-4bb102de0b81",
"indicator--5770f4ae-d228-48f7-b9f8-402002de0b81",
"indicator--5770f4af-ed3c-4a99-8a7b-4e8902de0b81",
"observed-data--5770f4af-9f58-4ffe-a278-4cdc02de0b81",
"url--5770f4af-9f58-4ffe-a278-4cdc02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"circl:incident-classification=\"malware\"",
"malware_classification:malware-category=\"Ransomware\"",
"ecsirt:malicious-code=\"ransomware\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5770f38c-1824-4bb7-b138-461a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:36:12.000Z",
"modified": "2016-06-27T09:36:12.000Z",
"first_observed": "2016-06-27T09:36:12Z",
"last_observed": "2016-06-27T09:36:12Z",
"number_observed": 1,
"object_refs": [
"url--5770f38c-1824-4bb7-b138-461a950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5770f38c-1824-4bb7-b138-461a950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/New-Bart-Ransomware-from-Threat-Actors-Spreading-Dridex-and-Locky"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5770f39f-083c-402d-983a-443e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:36:31.000Z",
"modified": "2016-06-27T09:36:31.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Overview\r\n\r\nThe actors behind Dridex 220 and Locky Affid=3 have introduced a new ransomware called \u00e2\u20ac\u0153Bart\u00e2\u20ac\u009d. They are using the RockLoader malware to download Bart over HTTPS. Bart has a payment screen like Locky but encrypts files without first connecting to a command and control (C&C) server.\r\n\r\nAnalysis\r\n\r\nOn June 24, Proofpoint researchers detected a large campaign with .zip attachments containing JavaScript code. If opened, these attachments download and install the intermediary loader RockLoader (previously discovered by Proofpoint and used with Locky), which in turn downloads the new ransomware called \u00e2\u20ac\u0153Bart\u00e2\u20ac\u009d. The messages in this campaign had the subjects \"Photos\u00e2\u20ac\u009d with the attachment \"photos.zip\", \"image.zip\", \"Photos.zip\", \"photo.zip\", \"Photo.zip\", or \"picture.zip.\" The zip files contained JavaScript file such as \"PDF_123456789.js.\""
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f3e3-9a60-40d1-b67d-46fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:37:39.000Z",
"modified": "2016-06-27T09:37:39.000Z",
"description": "Photos.zip email attachment",
"pattern": "[file:hashes.SHA256 = '247e2c07e57030607de901a461719ae2bb2ac27a90623ea5fd69f7f036c4ea0d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:37:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f3e4-5d3c-49b9-9751-44de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:37:40.000Z",
"modified": "2016-06-27T09:37:40.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'Photos.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f3e4-89ec-4e84-8a65-49b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:37:40.000Z",
"modified": "2016-06-27T09:37:40.000Z",
"description": "FILE 21076073.js file inside Photos.zip",
"pattern": "[file:hashes.SHA256 = '7bb1e8e039d222a51a71599af75b56151a878cf8bbe1f9d3ad5be18200b2286b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f3e5-747c-4544-8ef5-4cbf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:37:41.000Z",
"modified": "2016-06-27T09:37:41.000Z",
"description": "RockLoader",
"pattern": "[file:hashes.SHA256 = '5d3e7c31f786bbdc149df632253fd538fb21cfc0aa364d0f03a79671bbaec62d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f3e5-3fd8-46d0-8db2-4062950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:37:41.000Z",
"modified": "2016-06-27T09:37:41.000Z",
"description": "6kuTU1.exe (Bart ransomware)",
"pattern": "[file:hashes.SHA256 = '51ff4a033018d9343049305061dcde77cb5f26f5ec48d1be42669f368b1f5705']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f3fa-9888-452b-99ca-4afc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:38:02.000Z",
"modified": "2016-06-27T09:38:02.000Z",
"description": "JavaScript Payload (RockLoader)",
"pattern": "[url:value = 'http://camera-test.hi2.ro/89ug6b7ui?voQeTqDw=RUYEzU']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:38:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f42c-7760-4e9b-bd75-3123950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:38:52.000Z",
"modified": "2016-06-27T09:38:52.000Z",
"description": "Rockloader C&C",
"pattern": "[url:value = 'https://summerr554fox.su/api/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:38:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f42d-90cc-4a11-a948-3123950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:38:53.000Z",
"modified": "2016-06-27T09:38:53.000Z",
"description": "RockLoader Payload",
"pattern": "[url:value = 'https://summerr554fox.su/files/6kuTU1.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:38:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4aa-bc0c-4416-9044-42e102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:40:58.000Z",
"modified": "2016-06-27T09:40:58.000Z",
"description": "6kuTU1.exe (Bart ransomware) - Xchecked via VT: 51ff4a033018d9343049305061dcde77cb5f26f5ec48d1be42669f368b1f5705",
"pattern": "[file:hashes.SHA1 = '158137d4835f7596ad0ef2a191d0e0d8976f0089']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:40:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4ab-4e1c-42ff-a419-4ea802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:40:59.000Z",
"modified": "2016-06-27T09:40:59.000Z",
"description": "6kuTU1.exe (Bart ransomware) - Xchecked via VT: 51ff4a033018d9343049305061dcde77cb5f26f5ec48d1be42669f368b1f5705",
"pattern": "[file:hashes.MD5 = '65535f2b1ecee54718233e40e3f333b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:40:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5770f4ab-8ff4-4327-8fac-4ff002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:40:59.000Z",
"modified": "2016-06-27T09:40:59.000Z",
"first_observed": "2016-06-27T09:40:59Z",
"last_observed": "2016-06-27T09:40:59Z",
"number_observed": 1,
"object_refs": [
"url--5770f4ab-8ff4-4327-8fac-4ff002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5770f4ab-8ff4-4327-8fac-4ff002de0b81",
"value": "https://www.virustotal.com/file/51ff4a033018d9343049305061dcde77cb5f26f5ec48d1be42669f368b1f5705/analysis/1466936803/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4ac-c42c-4a7e-bd79-4b3402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:00.000Z",
"modified": "2016-06-27T09:41:00.000Z",
"description": "RockLoader - Xchecked via VT: 5d3e7c31f786bbdc149df632253fd538fb21cfc0aa364d0f03a79671bbaec62d",
"pattern": "[file:hashes.SHA1 = '960ec30ad5e94a35991a30b36411a4144b97b0d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:41:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4ac-3c28-4572-b1f0-44e702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:00.000Z",
"modified": "2016-06-27T09:41:00.000Z",
"description": "RockLoader - Xchecked via VT: 5d3e7c31f786bbdc149df632253fd538fb21cfc0aa364d0f03a79671bbaec62d",
"pattern": "[file:hashes.MD5 = '846171e2629b712429a903811d19c12b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:41:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5770f4ad-d7e0-4ed6-a52f-426502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:01.000Z",
"modified": "2016-06-27T09:41:01.000Z",
"first_observed": "2016-06-27T09:41:01Z",
"last_observed": "2016-06-27T09:41:01Z",
"number_observed": 1,
"object_refs": [
"url--5770f4ad-d7e0-4ed6-a52f-426502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5770f4ad-d7e0-4ed6-a52f-426502de0b81",
"value": "https://www.virustotal.com/file/5d3e7c31f786bbdc149df632253fd538fb21cfc0aa364d0f03a79671bbaec62d/analysis/1466991759/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4ad-1500-4ca1-a628-4c5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:01.000Z",
"modified": "2016-06-27T09:41:01.000Z",
"description": "FILE 21076073.js file inside Photos.zip - Xchecked via VT: 7bb1e8e039d222a51a71599af75b56151a878cf8bbe1f9d3ad5be18200b2286b",
"pattern": "[file:hashes.SHA1 = '387e6c2936af749d34690a8090127d75eb0970ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:41:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4ad-0968-41cc-80ee-404802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:01.000Z",
"modified": "2016-06-27T09:41:01.000Z",
"description": "FILE 21076073.js file inside Photos.zip - Xchecked via VT: 7bb1e8e039d222a51a71599af75b56151a878cf8bbe1f9d3ad5be18200b2286b",
"pattern": "[file:hashes.MD5 = '2808adab51f43b747ce61034a96ab9de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:41:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5770f4ae-7678-403c-9b07-4bb102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:02.000Z",
"modified": "2016-06-27T09:41:02.000Z",
"first_observed": "2016-06-27T09:41:02Z",
"last_observed": "2016-06-27T09:41:02Z",
"number_observed": 1,
"object_refs": [
"url--5770f4ae-7678-403c-9b07-4bb102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5770f4ae-7678-403c-9b07-4bb102de0b81",
"value": "https://www.virustotal.com/file/7bb1e8e039d222a51a71599af75b56151a878cf8bbe1f9d3ad5be18200b2286b/analysis/1467016185/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4ae-d228-48f7-b9f8-402002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:02.000Z",
"modified": "2016-06-27T09:41:02.000Z",
"description": "Photos.zip email attachment - Xchecked via VT: 247e2c07e57030607de901a461719ae2bb2ac27a90623ea5fd69f7f036c4ea0d",
"pattern": "[file:hashes.SHA1 = '929b26eb040c5976af32be4f19e059d016df2273']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:41:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5770f4af-ed3c-4a99-8a7b-4e8902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:03.000Z",
"modified": "2016-06-27T09:41:03.000Z",
"description": "Photos.zip email attachment - Xchecked via VT: 247e2c07e57030607de901a461719ae2bb2ac27a90623ea5fd69f7f036c4ea0d",
"pattern": "[file:hashes.MD5 = 'c9c69655db4a45686f9dcef0108b49b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-27T09:41:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5770f4af-9f58-4ffe-a278-4cdc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-27T09:41:03.000Z",
"modified": "2016-06-27T09:41:03.000Z",
"first_observed": "2016-06-27T09:41:03Z",
"last_observed": "2016-06-27T09:41:03Z",
"number_observed": 1,
"object_refs": [
"url--5770f4af-9f58-4ffe-a278-4cdc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5770f4af-9f58-4ffe-a278-4cdc02de0b81",
"value": "https://www.virustotal.com/file/247e2c07e57030607de901a461719ae2bb2ac27a90623ea5fd69f7f036c4ea0d/analysis/1467017028/"
}
]
}