{"Event":{"info":"OSINT - .sg domain used to host malware","Tag":[{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:banker=\"Geodo\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:malpedia=\"Emotet\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:malpedia=\"Geodo\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:mitre-malware=\"Emotet - S0367\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:tool=\"Emotet\""},{"colour":"#004646","exportable":true,"name":"type:OSINT"},{"colour":"#0071c3","exportable":true,"name":"osint:lifetime=\"perpetual\""},{"colour":"#366c00","exportable":true,"name":"circl:incident-classification=\"malware\""},{"colour":"#0087e8","exportable":true,"name":"osint:certainty=\"50\""},{"colour":"#006262","exportable":true,"name":"ecsirt:malicious-code=\"malware\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#d6f264","exportable":true,"name":"MALWARE"}],"publish_timestamp":"0","timestamp":"1563276762","Object":[{"comment":"","template_uuid":"8ec8c911-ddbe-4f5b-895b-fbff70c42a60","uuid":"5d2c2aa0-89a4-4db5-976f-4355950d210f","sharing_group_id":"0","timestamp":"1563175687","description":"Microblog post like a Twitter tweet or a post on a Facebook wall.","template_version":"6","ObjectReference":[{"comment":"","object_uuid":"5d2c2aa0-89a4-4db5-976f-4355950d210f","uuid":"5d2c2b07-a2e4-490d-85ab-4319950d210f","timestamp":"1563175687","referenced_uuid":"5d2c2adf-96a0-4b5a-8ebd-4c89950d210f","relationship_type":"contains"}],"Attribute":[{"comment":"","category":"Other","uuid":"5d2c2aa0-ba00-499a-9af6-47cf950d210f","timestamp":"1563175584","to_ids":false,"value":"I was curious to see how many .SG domains have been used recently to host #malware. Turns out, quite a few were used to host and spread the #emotet #banking #trojan. \r\nIOCs here - (link: https://github.com/vicky-ray/IOCs/blob/master/SG_domains_hosting_Emotet_malware) github.com/vicky-ray/IOCs\u2026\r\n@CSAsingapore\r\n @douglasmun","disable_correlation":false,"object_relation":"post","type":"text"},{"comment":"","category":"Other","uuid":"5d2c2aa0-9004-408e-8423-468e950d210f","timestamp":"1563175584","to_ids":false,"value":"Twitter","disable_correlation":true,"object_relation":"type","type":"text"},{"comment":"","category":"Network activity","uuid":"5d2c2aa0-83a4-474c-8262-401f950d210f","timestamp":"1563175584","to_ids":true,"value":"https://mobile.twitter.com/0xVK/status/1145602745560227841","disable_correlation":false,"object_relation":"url","type":"url"},{"comment":"","category":"Other","uuid":"5d2c2aa0-3898-4891-9c83-4c0a950d210f","timestamp":"1563175584","to_ids":false,"value":"@douglasmun","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Other","uuid":"5d2c2aa0-3b88-4577-a1b7-462a950d210f","timestamp":"1563175584","to_ids":false,"value":"@CSAsingapore","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Network activity","uuid":"5d2c2aa0-a0a8-4f5c-9bed-41f6950d210f","timestamp":"1563175584","to_ids":true,"value":"https://github.com/vicky-ray/IOCs/blob/master/SG_domains_hosting_Emotet_malware","disable_correlation":false,"object_relation":"link","type":"url"},{"comment":"","category":"Network activity","uuid":"5d2c2aa0-1678-4822-8407-4e08950d210f","timestamp":"1563175584","to_ids":true,"value":"https://t.co/WrQ5FobWem?amp=1","disable_correlation":false,"object_relation":"link","type":"url"},{"comment":"","category":"Other","uuid":"5d2c2aa0-18a8-465c-aabe-4104950d210f","timestamp":"1563175584","to_ids":false,"value":"0xVK","disable_correlation":false,"object_relation":"username","type":"text"},{"comment":"","category":"Other","uuid":"5d2c2aa0-65d8-4101-8805-482f950d210f","timestamp":"1563175584","to_ids"
