{"Event":{"info":"OSINT - Threat Analysis: Recent Attack Technique Leveraging cmd.exe and PowerShell Demonstrates How Attackers Are Using Trusted Microsoft Applications for Malicious Behavior","Tag":[{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""}],"publish_timestamp":"0","timestamp":"1535704898","Object":[{"comment":" Execute.bat variant","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5b88e098-e068-4c2f-b6c0-4bd3950d210f","sharing_group_id":"0","timestamp":"1535697048","description":"File object describing a file with meta-information","template_version":"11","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5b88e098-4b5c-4b4b-ba02-49e0950d210f","timestamp":"1535697048","to_ids":true,"value":"e03c0ac69a78dfc9920a88a5aac5f843","disable_correlation":false,"object_relation":"md5","type":"md5"},{"comment":"","category":"Payload delivery","uuid":"5b88e099-8678-436d-8176-4c11950d210f","timestamp":"1535697049","to_ids":true,"value":"e952b9e53974c194794a36491af46c4a08ecebb08aed005eeab9d3b336e384a9","disable_correlation":false,"object_relation":"sha256","type":"sha256"},{"comment":"","category":"Other","uuid":"5b88e099-981c-4651-8b0d-4e35950d210f","timestamp":"1535697049","to_ids":false,"value":"Malicious","disable_correlation":true,"object_relation":"state","type":"text"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"4613f07b-584f-484f-b1cd-f9fa7af0bac7","sharing_group_id":"0","timestamp":"1535702983","description":"File object describing a file with meta-information","template_version":"11","ObjectReference":[{"comment":"","object_uuid":"4613f07b-584f-484f-b1cd-f9fa7af0bac7","uuid":"5b88f7c7-da64-4632-b475-413202de0b81","timestamp":"1535702983","referenced_uuid":"636acedc-64bd-4491-8889-24c878af025f","relationship_type":"analysed-with"}],"Attribute":[{"comment":"","category":"Payload delivery","uuid":"1e40bd9d-c35e-4a7d-97b0-ea58800a8e19","timestamp":"1535702980","to_ids":true,"value":"e03c0ac69a78dfc9920a88a5aac5f843","disable_correlation":false,"object_relation":"md5","type":"md5"},{"comment":"","category":"Payload delivery","uuid":"03a46250-7615-4a1c-bc82-a5ad437d6af0","timestamp":"1535702981","to_ids":true,"value":"42d5135642fbab5ba4d833b1b4534f3497acf0e1","disable_correlation":false,"object_relation":"sha1","type":"sha1"},{"comment":"","category":"Payload delivery","uuid":"e2fdd428-7b73-4137-8990-2cde173e5143","timestamp":"1535702981","to_ids":true,"value":"e952b9e53974c194794a36491af46c4a08ecebb08aed005eeab9d3b336e384a9","disable_correlation":false,"object_relation":"sha256","type":"sha256"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"","template_uuid":"d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4","uuid":"636acedc-64bd-4491-8889-24c878af025f","sharing_group_id":"0","timestamp":"1535702981","description":"VirusTotal report","template_version":"2","Attribute":[{"comment":"","category":"Other","uuid":"49175c59-f9fc-43d0-8568-d1ef024b8fd7","timestamp":"1535702982","to_ids":false,"value":"2018-07-19 23:13:18","disable_correlation":false,"object_relation":"last-submission","type":"datetime"},{"comment":"","category":"External analysis","uuid":"0d4e90a9-2c72-434e-b03f-3383f8bbc6af","timestamp":"1535702982","to_ids":false,"value":"https://www.virustotal.com/file/e952b9e53974c194794a36491af46c4a08ecebb08aed005eeab9d3b336e384a9/analysis/1532041998/","disable_correlation":false,"object_relation":"permalink","type":"link"},{"comment":"","category":"Other","uuid":"59d408a9-43c7-4c8a-b6ef-d12d0e409c05","timestamp":"1535702982","to_ids":false,"value":"8/59","disable_correlation":true,"object_relation":"detection-ratio","type":"text"}],"distribution":"5","meta-
