{"Event":{"info":"OSINT - Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks","Tag":[{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:malpedia=\"OilRig\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"OilRig\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"OilRig - G0049\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-intrusion-set=\"OilRig\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-intrusion-set=\"OilRig - G0049\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:threat-actor=\"CHRYSENE\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:threat-actor=\"OilRig\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT34\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:threat-actor=\"APT34\""},{"colour":"#72003d","exportable":true,"name":"workflow:todo=\"add-missing-misp-galaxy-cluster-values\""},{"colour":"#3b0020","exportable":true,"name":"workflow:todo=\"expansion\""},{"colour":"#004646","exportable":true,"name":"type:OSINT"},{"colour":"#0071c3","exportable":true,"name":"osint:lifetime=\"perpetual\""},{"colour":"#0087e8","exportable":true,"name":"osint:certainty=\"50\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"}],"publish_timestamp":"0","timestamp":"1568986366","Object":[{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5d84c63f-ad44-40aa-85f6-41fa950d210f","sharing_group_id":"0","timestamp":"1568982591","description":"File object describing a file with meta-information","template_version":"17","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5d84c63f-5df8-471b-8375-4aae950d210f","timestamp":"1568982591","to_ids":true,"value":"%Windir%\\temp\\rconfig.xml","disable_correlation":true,"object_relation":"filename","type":"filename"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5d84ca7f-8904-4b83-aa2d-4efd950d210f","sharing_group_id":"0","timestamp":"1568983679","description":"File object describing a file with meta-information","template_version":"17","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5d84ca80-5a7c-4ac8-b7e5-4cca950d210f","timestamp":"1568983680","to_ids":true,"value":"d9ac9c950e5495c9005b04843a40f01fa49d5fd49226cb5b03a055232ffc36f3","disable_correlation":false,"object_relation":"sha256","type":"sha256"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":" Backdoor.Syskit ","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5d84d359-b914-4b54-8a37-42cb950d210f","sharing_group_id":"0","timestamp":"1568985945","description":"File object describing a file with meta-information","template_version":"17","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5d84d359-24e0-4711-b112-4784950d210f","timestamp":"1568985945","to_ids":true,"value":"f71732f997c53fa45eef5c988697eb4aa62c8655d8f0be3268636fc23addd193","disable_correlation":false,"object_relation":"sha256","type":"sha256"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":" Backdoor.Syskit ","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5d84d370-6c2c-4918-80bd-4a01950d210f","sharing_group_id":"0","timestamp":"1568985968","description":"File object describing a file with meta-information","template_version":"17","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5d84d370-3be8-4941-ac15-44ec950d210f","timestamp":"1568985968","to_ids":true,"value":"02a3296238a3d127a2e517f4949d31914c15d96726fb4902322c065153b364b2","disable_correlation":false,"object_relation":"sha256","type":"sha256"}],"distrib
