{"Event":{"info":"OSINT - Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks","Tag":[{"colour":"#004646","exportable":true,"name":"type:OSINT"},{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:tool=\"Emotet\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:banker=\"Qakbot\""}],"publish_timestamp":"0","timestamp":"1511184352","Object":[{"comment":"","template_uuid":"9f8cea74-16fe-4968-a2b4-026676949ac6","uuid":"5a0acc3f-e330-4e19-b44c-4182950d210f","sharing_group_id":"0","timestamp":"1510657087","description":"An IP address and a port seen as a tuple (or as a triple) in a specific time frame.","template_version":"4","Attribute":[{"comment":"","category":"Network activity","uuid":"5a0acc3f-cc94-4758-b472-4f0d950d210f","timestamp":"1510657087","to_ids":false,"value":"995","disable_correlation":false,"object_relation":"dst-port","type":"port"},{"comment":"","category":"Network activity","uuid":"5a0acc3f-9d2c-4cb7-86b7-4f26950d210f","timestamp":"1510657087","to_ids":true,"value":"64.183.173.170","disable_correlation":false,"object_relation":"ip","type":"ip-dst"}],"distribution":"5","meta-category":"network","name":"ip-port"},{"comment":"","template_uuid":"9f8cea74-16fe-4968-a2b4-026676949ac6","uuid":"5a0acc5a-879c-469b-b4d6-4e68950d210f","sharing_group_id":"0","timestamp":"1510657114","description":"An IP address and a port seen as a tuple (or as a triple) in a specific time frame.","template_version":"4","Attribute":[{"comment":"","category":"Network activity","uuid":"5a0acc5a-d424-4572-965f-4399950d210f","timestamp":"1510657114","to_ids":false,"value":"993","disable_correlation":false,"object_relation":"dst-port","type":"port"},{"comment":"","category":"Network activity","uuid":"5a0acc5a-b168-42f0-b18f-4d2f950d210f","timestamp":"1510657114","to_ids":true,"value":"67.213.243.228","disable_correlation":false,"object_relation":"ip","type":"ip-dst"}],"distribution":"5","meta-category":"network","name":"ip-port"},{"comment":"","template_uuid":"9f8cea74-16fe-4968-a2b4-026676949ac6","uuid":"5a0accd4-f164-4638-8503-080d950d210f","sharing_group_id":"0","timestamp":"1510657236","description":"An IP address and a port seen as a tuple (or as a triple) in a specific time frame.","template_version":"4","Attribute":[{"comment":"","category":"Network activity","uuid":"5a0accd4-b2d0-4396-ad98-080d950d210f","timestamp":"1510657236","to_ids":false,"value":"443","disable_correlation":false,"object_relation":"dst-port","type":"port"},{"comment":"","category":"Network activity","uuid":"5a0accd4-b2b8-48f3-830c-080d950d210f","timestamp":"1510657236","to_ids":true,"value":"96.67.244.225","disable_correlation":false,"object_relation":"ip","type":"ip-dst"}],"distribution":"5","meta-category":"network","name":"ip-port"},{"comment":"","template_uuid":"9f8cea74-16fe-4968-a2b4-026676949ac6","uuid":"5a0acced-4fe4-4b29-9407-4db2950d210f","sharing_group_id":"0","timestamp":"1510657261","description":"An IP address and a port seen as a tuple (or as a triple) in a specific time frame.","template_version":"4","Attribute":[{"comment":"","category":"Network activity","uuid":"5a0acced-c8f8-43ff-b64d-4ac0950d210f","timestamp":"1510657261","to_ids":false,"value":"443","disable_correlation":false,"object_relation":"dst-port","type":"port"},{"comment":"","category":"Network activity","uuid":"5a0acced-5fe4-4217-b75a-42d9950d210f","timestamp":"1510657261","to_ids":true,"value":"173.25.234.18","disable_correlation":false,"object_relation":"ip","type":"ip-dst"}],"distribution":"5","meta-category":"network","name":"ip-port"},{"comment":"","template_uuid":"9f8cea74-16fe-4968-a2b4-026676949ac6","uuid":"5a0acd03-9880-4d9b
