1 line
7.6 MiB
JSON
1 line
7.6 MiB
JSON
|
{"Event": {"info": "OSINT - APT-C-27 (Goldmouse): Suspected Target Attack against the Middle East with WinRAR Exploit", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"NjRAT\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:rat=\"NJRat\""}, {"colour": "#054000", "exportable": true, "name": "misp-galaxy:tool=\"njRAT\""}, {"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#72003d", "exportable": true, "name": "workflow:todo=\"add-missing-misp-galaxy-cluster-values\""}], "publish_timestamp": "0", "timestamp": "1553093200", "Object": [{"comment": "", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "uuid": "5c9233af-23c0-4016-b150-4f5e950d210f", "sharing_group_id": "0", "timestamp": "1553085359", "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "template_version": "5", "Attribute": [{"comment": "", "category": "Other", "uuid": "5c9233af-1768-4a7a-892a-441e950d210f", "timestamp": "1553085359", "to_ids": false, "value": "Analysis report of targeted attack against the Middle East with #WinRAR exploit (#CVE-2018-20250) that seems conducted by #APT-C-27 (#Goldmouse). #njRAT is extracted to the startup folder and we discovered multiple related #Android samples as well.\r\n\r\n(link: https://ti.360.net/blog/articles/apt-c-27-(goldmouse):-suspected-target-attack-against-the-middle-east-with-winrar-exploit-en/) ti.360.net/blog/articles/\u2026", "disable_correlation": false, "object_relation": "post", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9233af-9768-48dc-8e02-4a0d950d210f", "timestamp": "1553085359", "to_ids": false, "value": "Twitter", "disable_correlation": true, "object_relation": "type", "type": "text"}, {"comment": "", "category": "Network activity", "uuid": "5c9233af-3b98-4300-bdfc-49cb950d210f", "timestamp": "1553085359", "to_ids": true, "value": "https://mobile.twitter.com/360TIC/status/1107981000573771776", "disable_correlation": false, "object_relation": "url", "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5c9233af-9650-4a68-bc99-4982950d210f", "timestamp": "1553085359", "to_ids": true, "value": "https://ti.360.net/blog/articles/apt-c-27-(goldmouse):-suspected-target-attack-against-the-middle-east-with-winrar-exploit-en/", "disable_correlation": false, "object_relation": "link", "type": "url"}, {"comment": "", "category": "Other", "uuid": "5c9233af-0238-4ecc-8225-49ff950d210f", "timestamp": "1553085359", "to_ids": false, "value": "Mar 19, 2019 1:23 PM", "disable_correlation": false, "object_relation": "creation-date", "type": "datetime"}, {"comment": "", "category": "Other", "uuid": "5c9233af-f284-4cad-962c-428a950d210f", "timestamp": "1553085359", "to_ids": false, "value": "360TIC", "disable_correlation": false, "object_relation": "username", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "microblog"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9236bc-379c-45cf-9069-6f74950d210f", "sharing_group_id": "0", "timestamp": "1553086140", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9236bc-3c68-4d02-8c8c-6f74950d210f", "timestamp": "1553086140", "to_ids": true, "value": "314e8105f28530eb0bf54891b9b3ff69", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Other", "uuid": "5c9236bc-1054-4de8-ae2d-6f74950d210f", "timestamp": "1553086140", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9236bc-95a8-4c3f-807b-6f74950d210f", "timestamp": "1553086140", "to_ids": false, "valu
|