{"Event":{"info":"OSINT - HIDDEN COBRA \u2013 North Korean Remote Administration Tool: FALLCHILL","Tag":[{"colour":"#004646","exportable":true,"name":"type:OSINT"},{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#002b4a","exportable":true,"name":"osint:source-type=\"technical-report\""},{"colour":"#13eb00","exportable":true,"name":"misp-galaxy:threat-actor=\"Lazarus Group\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:rat=\"FALLCHILL\""}],"publish_timestamp":"0","timestamp":"1511183733","Object":[{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5a0d68b2-c4d0-4721-936b-77bb950d210f","sharing_group_id":"0","timestamp":"1510828210","description":"File object describing a file with meta-information","template_version":"4","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5a0d68b3-9de8-4b28-ab58-77bb950d210f","timestamp":"1510828211","to_ids":true,"value":"e48fe20eb1f5a5887f2ac631fed9ed63","disable_correlation":false,"object_relation":"md5","type":"md5"},{"comment":"","category":"Other","uuid":"5a0d68b3-f5ec-470e-8e6f-77bb950d210f","timestamp":"1510828211","to_ids":false,"value":"5.49321665686","disable_correlation":false,"object_relation":"entropy","type":"float"},{"comment":"","category":"Payload delivery","uuid":"5a0d68b3-6da0-4ced-8233-77bb950d210f","timestamp":"1510828211","to_ids":true,"value":"E48FE20EB1F5A5887F2AC631FED9ED63","disable_correlation":false,"object_relation":"filename","type":"filename"},{"comment":"","category":"Payload delivery","uuid":"5a0d68b3-2600-4859-a347-77bb950d210f","timestamp":"1510828211","to_ids":true,"value":"f83f30bd284074d1daaf2e262a280ca780791f2c","disable_correlation":false,"object_relation":"sha1","type":"sha1"},{"comment":"","category":"Payload delivery","uuid":"5a0d68b3-6138-4c7f-987c-77bb950d210f","timestamp":"1510828211","to_ids":true,"value":"1536:qJhDLw1yDhhzoN/e/C/O/C/a/D/I26251K06Zk/XrqqitM4NvL:qvfw1ahEVOS+Sq7IN251ikzq5tM4NvL","disable_correlation":false,"object_relation":"ssdeep","type":"ssdeep"},{"comment":"","category":"Other","uuid":"5a0d68b3-c3f0-4fe1-9479-77bb950d210f","timestamp":"1510828211","to_ids":false,"value":"94208","disable_correlation":false,"object_relation":"size-in-bytes","type":"size-in-bytes"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"","template_uuid":"9f8cea74-16fe-4968-a2b4-026676949ac6","uuid":"5a0d6aa6-a230-4f7b-8ab3-469a950d210f","sharing_group_id":"0","timestamp":"1510828710","description":"An IP address and a port seen as a tuple (or as a triple) in a specific time frame.","template_version":"4","Attribute":[{"comment":"","category":"Network activity","uuid":"5a0d6aa6-4254-40d9-8d15-407e950d210f","timestamp":"1510828710","to_ids":false,"value":"443","disable_correlation":false,"object_relation":"dst-port","type":"port"},{"comment":"","category":"Network activity","uuid":"5a0d6aa6-ab7c-45af-a562-45d4950d210f","timestamp":"1510828710","to_ids":true,"value":"125.212.132.222","disable_correlation":false,"object_relation":"ip","type":"ip-dst"}],"distribution":"5","meta-category":"network","name":"ip-port"},{"comment":"","template_uuid":"9f8cea74-16fe-4968-a2b4-026676949ac6","uuid":"5a0d6abb-4910-4c4c-9004-7753950d210f","sharing_group_id":"0","timestamp":"1510828731","description":"An IP address and a port seen as a tuple (or as a triple) in a specific time frame.","template_version":"4","Attribute":[{"comment":"","category":"Network activity","uuid":"5a0d6abb-6300-44e7-82fb-7753950d210f","timestamp":"1510828731","to_ids":false,"value":"443","disable_correlation":false,"object_relation":"dst-port","type":"port"},{"comment":"","category":"Network activity","uuid":"5a0d6abb-d8d0-414c-89bb-7753950d210f","timestamp":"1510828731","to_ids":true,"value":"175.100.189.174","disable_correlation"
