{"Event":{"info":"OSINT - BitterRAT PATCHWORK","Tag":[{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork - G0040\""},{"colour":"#004646","exportable":true,"name":"type:OSINT"},{"colour":"#0071c3","exportable":true,"name":"osint:lifetime=\"perpetual\""},{"colour":"#0087e8","exportable":true,"name":"osint:certainty=\"50\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#14f400","exportable":true,"name":"misp-galaxy:threat-actor=\"Dropping Elephant\""}],"publish_timestamp":"1547983827","timestamp":"1551345508","Object":[{"comment":"","template_uuid":"8ec8c911-ddbe-4f5b-895b-fbff70c42a60","uuid":"5c445998-17e4-4411-ac90-4c8902de0b81","sharing_group_id":"0","timestamp":"1547983256","description":"Microblog post like a Twitter tweet or a post on a Facebook wall.","template_version":"5","Attribute":[{"comment":"","category":"Other","uuid":"5c445998-bcb8-4f80-8d60-437002de0b81","timestamp":"1547983291","to_ids":false,"value":"While digging into a sample that @thor_scanner fired for #BitterRAT #PATCHWORK on @virustotal I confirmed that the following samples are from the same group. Hashes: 7845d817e021db8cde06a8437693b3b2 d34fc3a5df544d90ed1933b79deb1868 59ca69647eeceab0193d88b8b72e3d60","Tag":[{"colour":"#002642","exportable":true,"name":"osint:source-type=\"microblog-post\""},{"colour":"#007ed9","exportable":true,"name":"osint:certainty=\"93\""}],"disable_correlation":false,"object_relation":"post","type":"text"},{"comment":"","category":"Other","uuid":"5c445998-e110-4f97-917a-4f0802de0b81","timestamp":"1547983292","to_ids":false,"value":"Twitter","Tag":[{"colour":"#002642","exportable":true,"name":"osint:source-type=\"microblog-post\""},{"colour":"#007ed9","exportable":true,"name":"osint:certainty=\"93\""}],"disable_correlation":true,"object_relation":"type","type":"text"},{"comment":"","category":"Network activity","uuid":"5c445998-ea68-4dae-a03e-492f02de0b81","timestamp":"1547983293","to_ids":true,"value":"https://twitter.com/shotgunner101/status/1086792700114948096","Tag":[{"colour":"#002642","exportable":true,"name":"osint:source-type=\"microblog-post\""},{"colour":"#007ed9","exportable":true,"name":"osint:certainty=\"93\""}],"disable_correlation":false,"object_relation":"url","type":"url"},{"comment":"","category":"Other","uuid":"5c445999-3450-4150-8196-459102de0b81","timestamp":"1547983294","to_ids":false,"value":"shotgunner101","Tag":[{"colour":"#002642","exportable":true,"name":"osint:source-type=\"microblog-post\""},{"colour":"#007ed9","exportable":true,"name":"osint:certainty=\"93\""}],"disable_correlation":false,"object_relation":"username","type":"text"}],"distribution":"5","meta-category":"misc","name":"microblog"},{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"8cb15f0f-006b-4400-8fd1-e4ac9586b92e","sharing_group_id":"0","timestamp":"1547983352","description":"File object describing a file with meta-information","template_version":"11","ObjectReference":[{"comment":"","object_uuid":"8cb15f0f-006b-4400-8fd1-e4ac9586b92e","uuid":"5c445a01-9c40-418e-a92c-996e02de0b81","timestamp":"1547983361","referenced_uuid":"b29e2cdc-6709-40b3-b08b-227aacd7503c","relationship_type":"analysed-with"}],"Attribute":[{"comment":"","category":"Payload delivery","uuid":"a3949817-5786-4c6a-95fb-2f9054df8b39","timestamp":"1547983352","to_ids":true,"value":"d34fc3a5df544d90ed1933b79deb1868","disable_correlation":false,"object_relation":"md5","type":"md5"},{"comment":"","category":"Payload delivery","uuid":"cdb431c8-e0a8-4eaf-8857-10e936bc5ac9","timestamp":"1547983353","to_ids":true,"value":"6c5d2012f58ee390500c515506f67e43e491818f","disable_correlation":false,"object_rel
