{"Event": {"info": "OSINT - Quick analysis of malware created with NSIS", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"New Service - T1050\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Graphical User Interface - T1061\""}], "publish_timestamp": "1527485859", "timestamp": "1527586314", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "fc475196-feb0-44d2-b2ff-26a25af3b097", "sharing_group_id": "0", "timestamp": "1527432086", "description": "File object describing a file with meta-information", "template_version": "11", "ObjectReference": [{"comment": "", "object_uuid": "fc475196-feb0-44d2-b2ff-26a25af3b097", "uuid": "5b0ac396-e9b4-47d4-b744-489202de0b81", "timestamp": "1527432086", "referenced_uuid": "0763e12d-1607-4189-9b4e-6eaed50651bf", "relationship_type": "analysed-with"}], "Attribute": [], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "0763e12d-1607-4189-9b4e-6eaed50651bf", "sharing_group_id": "0", "timestamp": "1527432085", "description": "VirusTotal report", "template_version": "2", "Attribute": [], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}], "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5b0ac34d-8934-4831-8f0a-484102de0b81", "timestamp": "1527432013", "to_ids": false, "value": "https://isc.sans.edu/diary/23703", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "Payload installation", "uuid": "5b0ac35e-e074-437d-85b3-885202de0b81", "timestamp": "1527432030", "to_ids": true, "value": "905a5167b248647ce31d57d241aacd63", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Graphical User Interface - T1061\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"New Service - T1050\""}], "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Network activity", "uuid": "5b0ac3c6-79f8-4d8d-9a71-4e8402de0b81", "timestamp": "1527432134", "to_ids": true, "value": "http://hs-fileserver.info/", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5b0ac3d6-8b68-4203-98cb-885202de0b81", "timestamp": "1527432150", "to_ids": true, "value": "92.53.96.179", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Artifacts dropped", "uuid": "5b0ac5c1-4ba8-4d35-93a5-469b02de0b81", "timestamp": "1527432641", "to_ids": true, "value": "AdobeFlashPlayerHash", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"New Service - T1050\""}], "disable_correlation": false, "object_relation": null, "type": "windows-service-name"}, {"comment": "", "category": "Network activity", "uuid": "5b0ac6e2-51cc-4d4d-b21b-886302de0b81", "timestamp": "1527432930", "to_ids": true, "value": "http://hs-fileserver.info/token.key", "disable_correlation": false, "object_relation": null, "type": "url"}], "extends_uuid": "", "published": false, "date": "2018-05-27", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5b0ac341-a6cc-4407-8ef0-448202de0b81"}}