{"Event":{"info":"OSINT - #APT #Bitter","Tag":[{"colour":"#e7007d","exportable":true,"name":"workflow:state=\"incomplete\""},{"colour":"#004646","exportable":true,"name":"type:OSINT"},{"colour":"#0071c3","exportable":true,"name":"osint:lifetime=\"perpetual\""},{"colour":"#0087e8","exportable":true,"name":"osint:certainty=\"50\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"}],"publish_timestamp":"0","timestamp":"1573199847","Object":[{"comment":"","template_uuid":"8ec8c911-ddbe-4f5b-895b-fbff70c42a60","uuid":"5dc432ca-bb14-48e1-85f1-4ba9950d210f","sharing_group_id":"0","timestamp":"1573139146","description":"Microblog post like a Twitter tweet or a post on a Facebook wall.","template_version":"8","Attribute":[{"comment":"","category":"Other","uuid":"5dc432ca-6a3c-43c0-bc72-4e56950d210f","timestamp":"1573139146","to_ids":false,"value":"#APT #Bitter\r\n7d2cc57e27e849fb0617a3a73d68d302c6efc6d849c05fcb0776b82a74d4de9c\r\nWN: E-passport record.docx\r\nNC: http://comglobal[.]com[.]pk/wp-content/g\r\nhttp://nim[.]gov[.]pk/img/g.txt\r\nC2: tvnservereventlog[.]net\r\nAC: TemplateInjection->CVE-2017-11882->EXE","disable_correlation":false,"object_relation":"post","type":"text"},{"comment":"","category":"External analysis","uuid":"5dc432ca-a900-4186-92bf-44b7950d210f","timestamp":"1573139146","to_ids":false,"value":"https://mobile.twitter.com/ccxsaber/status/1192326844529422337","disable_correlation":false,"object_relation":"link","type":"link"},{"comment":"","category":"Other","uuid":"5dc432ca-2b74-46e5-9fcd-4da3950d210f","timestamp":"1573139146","to_ids":false,"value":"Twitter","disable_correlation":true,"object_relation":"type","type":"text"},{"comment":"","category":"Other","uuid":"5dc432ca-8464-4074-91bb-4834950d210f","timestamp":"1573139146","to_ids":false,"value":"#APT","disable_correlation":false,"object_relation":"hashtag","type":"text"},{"comment":"","category":"Other","uuid":"5dc432ca-0038-4424-b855-4737950d210f","timestamp":"1573139146","to_ids":false,"value":"#Bitter","disable_correlation":false,"object_relation":"hashtag","type":"text"},{"comment":"","category":"Other","uuid":"5dc432ca-6750-4c32-9c75-41f7950d210f","timestamp":"1573139146","to_ids":false,"value":"ccxsaber","disable_correlation":false,"object_relation":"username","type":"text"},{"comment":"","category":"Other","uuid":"5dc432ca-08a4-4cf1-98ff-4d46950d210f","timestamp":"1573139146","to_ids":false,"value":"Informative","disable_correlation":true,"object_relation":"state","type":"text"},{"comment":"","category":"Other","uuid":"5dc432ca-0200-43ce-b9bd-470f950d210f","timestamp":"1573139146","to_ids":false,"value":"Nov 7, 2019 7:24 AM","disable_correlation":false,"object_relation":"creation-date","type":"datetime"}],"distribution":"5","meta-category":"misc","name":"microblog"},{"comment":"","template_uuid":"81650945-f186-437b-8945-9f31715d32da","uuid":"5dc433d5-6b28-4a6f-a24d-4417950d210f","sharing_group_id":"0","timestamp":"1573139413","description":"Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.","template_version":"5","Attribute":[{"comment":"","category":"Other","uuid":"5dc433d5-7f68-42d3-9b25-418f950d210f","timestamp":"1573139413","to_ids":false,"value":"CVE-2017-11882","disable_correlation":false,"object_relation":"id","type":"text"}],"distribution":"5","meta-category":"vulnerability","name":"vulnerability"},{"comment":"","template_uuid":"8ec8c911-ddbe-4f5b-895b-fbff70c42a60","uuid":"5dc43482-808c-494b-a2ca-cb10950d210f","sharing_group_id":"0","timestamp":"1573139586","description":"Microblog post like a Twitter tweet or a post on a Facebook wall.","template_version":"8","Attribute":[{"comment":"","category":"Other","uuid":"5dc43482-0f30-4961-af0b
