{"Event":{"info":"OSINT - OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government","Tag":[{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\""},{"colour":"#284800","exportable":true,"name":"malware_classification:malware-category=\"Trojan\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#72003d","exportable":true,"name":"workflow:todo=\"add-missing-misp-galaxy-cluster-values\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:threat-actor=\"OilRig\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"OilRig\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"OilRig - G0049\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-intrusion-set=\"OilRig\""}],"publish_timestamp":"0","timestamp":"1542637941","Object":[{"comment":"BONDUPDATER Dropper Docs\r\ncontains a macro that attempted to install a new version of the BONDUPDATER Trojan\r\n","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5bf29643-27dc-452c-91bc-4c4a950d210f","sharing_group_id":"0","timestamp":"1542634536","description":"File object describing a file with meta-information","template_version":"15","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5bf29643-0d80-4d47-a39b-40ed950d210f","timestamp":"1542634536","to_ids":true,"value":"N56.15.doc","disable_correlation":true,"object_relation":"filename","type":"filename"},{"comment":"","category":"Payload delivery","uuid":"5bf29643-7c10-4d53-9c91-4d52950d210f","timestamp":"1542634536","to_ids":true,"value":"7cbad6b3f505a199d6766a86b41ed23786bbb99dab9cae6c18936afdc2512f00","disable_correlation":false,"object_relation":"sha256","type":"sha256"},{"comment":"","category":"Other","uuid":"5bf29643-734c-4c17-ad10-477e950d210f","timestamp":"1542634536","to_ids":false,"value":"Malicious","disable_correlation":true,"object_relation":"state","type":"text"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"BONDUPDATER Dropper Docs","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5bf29a92-4e88-4432-a67c-4b84950d210f","sharing_group_id":"0","timestamp":"1542634558","description":"File object describing a file with meta-information","template_version":"15","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5bf29a92-1d6c-4a1c-b652-493f950d210f","timestamp":"1542634558","to_ids":true,"value":"AppPool.vbs","disable_correlation":true,"object_relation":"filename","type":"filename"},{"comment":"","category":"Payload delivery","uuid":"5bf29a92-9a88-480b-b42b-4f1c950d210f","timestamp":"1542634558","to_ids":true,"value":"c0018a2e36c7ef8aa15b81001a19c4127ad7cd21ae410c1f854e5dadfa98b322","disable_correlation":false,"object_relation":"sha256","type":"sha256"},{"comment":"","category":"Other","uuid":"5bf29a92-e11c-4c07-a579-41e5950d210f","timestamp":"1542634558","to_ids":false,"value":"Malicious","disable_correlation":true,"object_relation":"state","type":"text"},{"comment":"","category":"Other","uuid":"5bf29a92-036c-4b56-aaaa-4be2950d210f","timestamp":"1542634558","to_ids":false,"value":"%ALLUSERSPROFILE%\\WindowsAppPool\\AppPool.vbs","disable_correlation":false,"object_relation":"fullpath","type":"text"},{"comment":"","category":"Other","uuid":"5bf29a93-d104-42c0-8a6c-42aa950d210f","timestamp":"1542634558","to_ids":false,"value":"%ALLUSERSPROFILE%\\WindowsAppPool","disable_correlation":true,"object_relation":"path","type":"text"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"BONDUPDATER Dropper Docs","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5bf29c1e-4304-40db-bb46-46d3950d210f","sharing_group_id":"0","timestamp":"1542634588","descript
