{"Event":{"info":"OSINT - Quick analysis of malware created with NSIS","Tag":[{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"New Service - T1050\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Graphical User Interface - T1061\""}],"publish_timestamp":"1527485859","timestamp":"1527586314","Object":[{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"fc475196-feb0-44d2-b2ff-26a25af3b097","sharing_group_id":"0","timestamp":"1527432086","description":"File object describing a file with meta-information","template_version":"11","ObjectReference":[{"comment":"","object_uuid":"fc475196-feb0-44d2-b2ff-26a25af3b097","uuid":"5b0ac396-e9b4-47d4-b744-489202de0b81","timestamp":"1527432086","referenced_uuid":"0763e12d-1607-4189-9b4e-6eaed50651bf","relationship_type":"analysed-with"}],"Attribute":[],"distribution":"5","meta-category":"file","name":"file"},{"comment":"","template_uuid":"d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4","uuid":"0763e12d-1607-4189-9b4e-6eaed50651bf","sharing_group_id":"0","timestamp":"1527432085","description":"VirusTotal report","template_version":"2","Attribute":[],"distribution":"5","meta-category":"misc","name":"virustotal-report"}],"analysis":"2","Attribute":[{"comment":"","category":"External analysis","uuid":"5b0ac34d-8934-4831-8f0a-484102de0b81","timestamp":"1527432013","to_ids":false,"value":"https://isc.sans.edu/diary/23703","disable_correlation":false,"object_relation":null,"type":"link"},{"comment":"","category":"Payload installation","uuid":"5b0ac35e-e074-437d-85b3-885202de0b81","timestamp":"1527432030","to_ids":true,"value":"905a5167b248647ce31d57d241aacd63","Tag":[{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Graphical User Interface - T1061\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"New Service - T1050\""}],"disable_correlation":false,"object_relation":null,"type":"md5"},{"comment":"","category":"Network activity","uuid":"5b0ac3c6-79f8-4d8d-9a71-4e8402de0b81","timestamp":"1527432134","to_ids":true,"value":"http://hs-fileserver.info/","disable_correlation":false,"object_relation":null,"type":"url"},{"comment":"","category":"Network activity","uuid":"5b0ac3d6-8b68-4203-98cb-885202de0b81","timestamp":"1527432150","to_ids":true,"value":"92.53.96.179","disable_correlation":false,"object_relation":null,"type":"ip-dst"},{"comment":"","category":"Artifacts dropped","uuid":"5b0ac5c1-4ba8-4d35-93a5-469b02de0b81","timestamp":"1527432641","to_ids":true,"value":"AdobeFlashPlayerHash","Tag":[{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"New Service - T1050\""}],"disable_correlation":false,"object_relation":null,"type":"windows-service-name"},{"comment":"","category":"Network activity","uuid":"5b0ac6e2-51cc-4d4d-b21b-886302de0b81","timestamp":"1527432930","to_ids":true,"value":"http://hs-fileserver.info/token.key","disable_correlation":false,"object_relation":null,"type":"url"}],"extends_uuid":"","published":false,"date":"2018-05-27","Orgc":{"uuid":"55f6ea5e-2c60-40e5-964f-47a8950d210f","name":"CIRCL"},"threat_level_id":"3","uuid":"5b0ac341-a6cc-4407-8ef0-448202de0b81"}}
