{"Event":{"info":"OSINT - APT-C-27 (Goldmouse): Suspected Target Attack against the Middle East with WinRAR Exploit","Tag":[{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:malpedia=\"NjRAT\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:rat=\"NJRat\""},{"colour":"#054000","exportable":true,"name":"misp-galaxy:tool=\"njRAT\""},{"colour":"#004646","exportable":true,"name":"type:OSINT"},{"colour":"#0071c3","exportable":true,"name":"osint:lifetime=\"perpetual\""},{"colour":"#0087e8","exportable":true,"name":"osint:certainty=\"50\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#72003d","exportable":true,"name":"workflow:todo=\"add-missing-misp-galaxy-cluster-values\""}],"publish_timestamp":"0","timestamp":"1553093200","Object":[{"comment":"","template_uuid":"8ec8c911-ddbe-4f5b-895b-fbff70c42a60","uuid":"5c9233af-23c0-4016-b150-4f5e950d210f","sharing_group_id":"0","timestamp":"1553085359","description":"Microblog post like a Twitter tweet or a post on a Facebook wall.","template_version":"5","Attribute":[{"comment":"","category":"Other","uuid":"5c9233af-1768-4a7a-892a-441e950d210f","timestamp":"1553085359","to_ids":false,"value":"Analysis report of targeted attack against the Middle East with #WinRAR exploit (#CVE-2018-20250) that seems conducted by #APT-C-27 (#Goldmouse). #njRAT is extracted to the startup folder and we discovered multiple related #Android samples as well.\r\n\r\n(link: https://ti.360.net/blog/articles/apt-c-27-(goldmouse):-suspected-target-attack-against-the-middle-east-with-winrar-exploit-en/) ti.360.net/blog/articles/\u2026","disable_correlation":false,"object_relation":"post","type":"text"},{"comment":"","category":"Other","uuid":"5c9233af-9768-48dc-8e02-4a0d950d210f","timestamp":"1553085359","to_ids":false,"value":"Twitter","disable_correlation":true,"object_relation":"type","type":"text"},{"comment":"","category":"Network activity","uuid":"5c9233af-3b98-4300-bdfc-49cb950d210f","timestamp":"1553085359","to_ids":true,"value":"https://mobile.twitter.com/360TIC/status/1107981000573771776","disable_correlation":false,"object_relation":"url","type":"url"},{"comment":"","category":"Network activity","uuid":"5c9233af-9650-4a68-bc99-4982950d210f","timestamp":"1553085359","to_ids":true,"value":"https://ti.360.net/blog/articles/apt-c-27-(goldmouse):-suspected-target-attack-against-the-middle-east-with-winrar-exploit-en/","disable_correlation":false,"object_relation":"link","type":"url"},{"comment":"","category":"Other","uuid":"5c9233af-0238-4ecc-8225-49ff950d210f","timestamp":"1553085359","to_ids":false,"value":"Mar 19, 2019 1:23 PM","disable_correlation":false,"object_relation":"creation-date","type":"datetime"},{"comment":"","category":"Other","uuid":"5c9233af-f284-4cad-962c-428a950d210f","timestamp":"1553085359","to_ids":false,"value":"360TIC","disable_correlation":false,"object_relation":"username","type":"text"}],"distribution":"5","meta-category":"misc","name":"microblog"},{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5c9236bc-379c-45cf-9069-6f74950d210f","sharing_group_id":"0","timestamp":"1553086140","description":"File object describing a file with meta-information","template_version":"16","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5c9236bc-3c68-4d02-8c8c-6f74950d210f","timestamp":"1553086140","to_ids":true,"value":"314e8105f28530eb0bf54891b9b3ff69","disable_correlation":false,"object_relation":"md5","type":"md5"},{"comment":"","category":"Other","uuid":"5c9236bc-1054-4de8-ae2d-6f74950d210f","timestamp":"1553086140","to_ids":false,"value":"Adobe-Standard-Encoding","disable_correlation":true,"object_relation":"file-encoding","type":"text"},{"comment":"","category":"Other","uuid":"5c9236bc-95a8-4c3f-807b-6f74950d210f","timestamp":"1553086140","to_ids":false,"valu
