{"Event":{"info":"OSINT - THE SHADOWS OF GHOSTS INSIDE THE RESPONSE OF A UNIQUE CARBANAK INTRUSION","Tag":[{"colour":"#e7007d","exportable":true,"name":"workflow:state=\"incomplete\""},{"colour":"#620035","exportable":true,"name":"workflow:todo=\"review-for-false-positive\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-intrusion-set=\"Carbanak\""},{"colour":"#004646","exportable":true,"name":"type:OSINT"},{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:tool=\"SSHDoor\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:malpedia=\"SSHDoor\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:malpedia=\"MimiKatz\""},{"colour":"#064800","exportable":true,"name":"misp-galaxy:tool=\"Mimikatz\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz - S0002\""}],"publish_timestamp":"0","timestamp":"1540548671","Object":[{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5a2f8bf2-f160-4b0f-9e7a-493e950d210f","sharing_group_id":"0","timestamp":"1513065458","description":"File object describing a file with meta-information","template_version":"7","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5a2f8bf2-1674-4a13-b3e3-4128950d210f","timestamp":"1513065458","to_ids":true,"value":"ssh","disable_correlation":false,"object_relation":"filename","type":"filename"},{"comment":"","category":"Payload delivery","uuid":"5a2f8bf2-1100-432c-acd1-4b14950d210f","timestamp":"1513065458","to_ids":true,"value":"ba2f90f85cada4be24d925cbff0c2efea6e7f3a8","disable_correlation":false,"object_relation":"sha1","type":"sha1"},{"comment":"","category":"Payload delivery","uuid":"5a2f8bf3-0b00-4286-87fd-4c04950d210f","timestamp":"1513065459","to_ids":true,"value":"a365fd9076af4d841c84accd58287801","disable_correlation":false,"object_relation":"md5","type":"md5"},{"comment":"","category":"Other","uuid":"5a2f8bf4-5f10-48bc-bd2d-42ba950d210f","timestamp":"1513065460","to_ids":false,"value":"1180521","disable_correlation":false,"object_relation":"size-in-bytes","type":"size-in-bytes"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5a2f8c82-07a8-45b4-9457-4200950d210f","sharing_group_id":"0","timestamp":"1513065602","description":"File object describing a file with meta-information","template_version":"7","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5a2f8c83-87c4-4b10-ba75-4949950d210f","timestamp":"1513065603","to_ids":true,"value":"sshd","disable_correlation":false,"object_relation":"filename","type":"filename"},{"comment":"","category":"Payload delivery","uuid":"5a2f8c83-5a94-47e7-b07d-4b40950d210f","timestamp":"1513065603","to_ids":true,"value":"96e56c39f38b4ef5ac4196ca12742127f286c6fa","disable_correlation":false,"object_relation":"sha1","type":"sha1"},{"comment":"","category":"Payload delivery","uuid":"5a2f8c84-228c-4e77-89a3-4297950d210f","timestamp":"1513065604","to_ids":true,"value":"9e2e4df27698615df92822646dc9e16b","disable_correlation":false,"object_relation":"md5","type":"md5"},{"comment":"","category":"Other","uuid":"5a2f8c86-145c-4d87-8501-4df8950d210f","timestamp":"1513065606","to_ids":false,"value":"1614437","disable_correlation":false,"object_relation":"size-in-bytes","type":"size-in-bytes"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5a2f8d2a-dec0-4067-b077-4e7d950d210f","sharing_group_id":"0","timestamp":"1540548455","description":"File object describing a file with meta-information","template_version":"7","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5a2f8d2a-9e14-417a-
