{"Event":{"info":"OSINT - Sednit update: How Fancy Bear Spent the Year","Tag":[{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#e7007d","exportable":true,"name":"workflow:state=\"incomplete\""},{"colour":"#850048","exportable":true,"name":"workflow:todo=\"create-missing-misp-galaxy-cluster-values\""},{"colour":"#7a0042","exportable":true,"name":"workflow:todo=\"create-missing-misp-galaxy-cluster\""},{"colour":"#12e000","exportable":true,"name":"misp-galaxy:threat-actor=\"Sofacy\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:exploit-kit=\"Sednit EK\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:tool=\"GAMEFISH\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-malware=\"JHUHUGIT\""},{"colour":"#0c9900","exportable":true,"name":"misp-galaxy:tool=\"X-Tunnel\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-malware=\"XTunnel\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-malware=\"ADVSTORESHELL\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:tool=\"EVILTOSS\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-malware=\"USBStealer\""},{"colour":"#0c9800","exportable":true,"name":"misp-galaxy:tool=\"X-Agent\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-malware=\"XAgentOSX\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-malware=\"CHOPSTICK\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:exploit-kit=\"DealersChoice\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-malware=\"Downdelph\""}],"publish_timestamp":"0","timestamp":"1513948645","Object":[{"comment":"Win32/Sednit.AX","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5a3cd5b6-9568-4342-b2ab-4c62950d210f","sharing_group_id":"0","timestamp":"1513936310","description":"File object describing a file with meta-information","template_version":"8","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5a3cd5b6-2850-435f-bd0d-4c62950d210f","timestamp":"1513936310","to_ids":true,"value":"Bulletin.doc","disable_correlation":false,"object_relation":"filename","type":"filename"},{"comment":"","category":"Payload delivery","uuid":"5a3cd5b6-78a8-4e47-8333-4c62950d210f","timestamp":"1513936310","to_ids":true,"value":"68064fc152e23d56e541714af52651cb4ba81aaf","disable_correlation":false,"object_relation":"sha1","type":"sha1"},{"comment":"","category":"Other","uuid":"5a3cd5b6-23d8-43ba-8518-4c62950d210f","timestamp":"1513936310","to_ids":false,"value":"Malicious","disable_correlation":true,"object_relation":"state","type":"text"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"Win32/Exploit.CVE-2016-4117.A","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5a3cd604-e11c-4de5-bbbf-c170950d210f","sharing_group_id":"0","timestamp":"1513936388","description":"File object describing a file with meta-information","template_version":"8","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5a3cd604-748c-4fc0-88bf-c170950d210f","timestamp":"1513936388","to_ids":true,"value":"f3805382ae2e23ff1147301d131a06e00e4ff75f","disable_correlation":false,"object_relation":"sha1","type":"sha1"},{"comment":"","category":"Other","uuid":"5a3cd604-6668-4469-a1c0-c170950d210f","timestamp":"1513936388","to_ids":false,"value":"Malicious","disable_correlation":true,"object_relation":"state","type":"text"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"Win32/Exploit.Agent.NUB","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5a3cd693-fd9c-4fcf-b69a-439c950d210f","sharing_group_id":"0","timestamp":"1513936531","description":"File object describing a file with meta-information","template_version":"8","Attribute":[{"comment":"","category":"Payload
