{"Event":{"info":"OSINT - GZipDe: An Encrypted Downloader Serving Metasploit","Tag":[{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#366c00","exportable":true,"name":"circl:incident-classification=\"malware\""},{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""},{"colour":"#72003d","exportable":true,"name":"workflow:todo=\"add-missing-misp-galaxy-cluster-values\""},{"colour":"#3b0020","exportable":true,"name":"workflow:todo=\"expansion\""}],"publish_timestamp":"0","timestamp":"1529934229","Object":[{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5b2cce26-9a8c-4a25-b350-43e2950d210f","sharing_group_id":"0","timestamp":"1529663014","description":"File object describing a file with meta-information","template_version":"11","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5b2cce27-5ca8-4244-a47d-44ca950d210f","timestamp":"1529663015","to_ids":true,"value":"951d9f3320da660593930d3425a9271b","disable_correlation":false,"object_relation":"md5","type":"md5"},{"comment":"","category":"Payload delivery","uuid":"5b2cce27-d890-4faf-80ce-4012950d210f","timestamp":"1529663015","to_ids":true,"value":"6bd48d65d8e32d37a509080be53643791a5dcbbe","disable_correlation":false,"object_relation":"sha1","type":"sha1"},{"comment":"","category":"Payload delivery","uuid":"5b2cce27-af74-4bca-a6c8-40a6950d210f","timestamp":"1529663015","to_ids":true,"value":"faf003c38758cf70b12bc4899714833e4713096c8f66163e753b3f0e70f2ba28","disable_correlation":false,"object_relation":"sha256","type":"sha256"},{"comment":"","category":"Other","uuid":"5b2cce28-1d40-45e2-9638-4393950d210f","timestamp":"1529663016","to_ids":false,"value":"Malicious","disable_correlation":true,"object_relation":"state","type":"text"},{"comment":"","category":"Other","uuid":"5b2cce28-a2e4-4cc1-b8ab-467e950d210f","timestamp":"1529663016","to_ids":false,"value":"60416","disable_correlation":true,"object_relation":"size-in-bytes","type":"size-in-bytes"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"","template_uuid":"cf7adecc-d4f0-4e88-9d90-f978ee151a07","uuid":"5b2ce98e-aa64-4a50-ad47-f54e950d210f","sharing_group_id":"0","timestamp":"1529671370","description":"Object describing a Portable Executable","template_version":"3","ObjectReference":[{"comment":"","object_uuid":"5b2ce98e-aa64-4a50-ad47-f54e950d210f","uuid":"5b2ceec6-6d1c-4dd1-afb3-4af4950d210f","timestamp":"1529671366","referenced_uuid":"5b2cee98-5da0-4606-882d-44e1950d210f","relationship_type":"related-to"}],"Attribute":[{"comment":"","category":"Other","uuid":"5b2ce98e-a1f4-4869-8050-f54e950d210f","timestamp":"1529670030","to_ids":false,"value":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows","disable_correlation":true,"object_relation":"text","type":"text"},{"comment":"","category":"Other","uuid":"5b2ce98e-b1bc-4bd6-9d0a-f54e950d210f","timestamp":"1529670030","to_ids":false,"value":"exe","disable_correlation":true,"object_relation":"type","type":"text"},{"comment":"","category":"Payload delivery","uuid":"5b2ce98e-d520-4ba9-adc5-f54e950d210f","timestamp":"1529670030","to_ids":true,"value":"f34d5f2d4577ed6d9ceec516c1f5a744","disable_correlation":false,"object_relation":"imphash","type":"imphash"},{"comment":"","category":"Payload delivery","uuid":"5b2ce98f-d870-4f07-85b7-f54e950d210f","timestamp":"1529670031","to_ids":true,"value":"aad3abd1afba000356bbc35a20351b2ab466bc8c","disable_correlation":false,"object_relation":"pehash","type":"pehash"}],"distribution":"5","meta-category":"file","name":"pe"},{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5b2cee98-5da0-4606-882d-44e1950d210f","sharing_group_id":"0","timestamp":"1529673746","description":"File object describing a file with meta-information","tem
