{"Event":{"info":"OSINT - Ursnif malspam campaign","Tag":[{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:banker=\"Gozi\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:malpedia=\"Gozi\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:malpedia=\"Snifula\""},{"colour":"#0b8c00","exportable":true,"name":"misp-galaxy:tool=\"Snifula\""},{"colour":"#004646","exportable":true,"name":"type:OSINT"},{"colour":"#0071c3","exportable":true,"name":"osint:lifetime=\"perpetual\""},{"colour":"#0087e8","exportable":true,"name":"osint:certainty=\"50\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"}],"publish_timestamp":"0","timestamp":"1560242502","Object":[{"comment":"","template_uuid":"8ec8c911-ddbe-4f5b-895b-fbff70c42a60","uuid":"5cf910f8-b968-406e-8e57-4530950d210f","sharing_group_id":"0","timestamp":"1559829649","description":"Microblog post like a Twitter tweet or a post on a Facebook wall.","template_version":"6","Attribute":[{"comment":"","category":"Other","uuid":"5cf910f8-4fbc-473e-b78d-4041950d210f","timestamp":"1559829649","to_ids":false,"value":"#Signed #Ursnif malspam campaign, targets Italy IOC (link: https://pastebin.com/T0r3j92f) pastebin.com/T0r3j92f @JAMESWT_MHT\r\n @James_inthe_box\r\n @DissectMalware\r\n @executemalware\r\n @JayTHL\r\n @NelsonSecurity\r\n @HazMalware\r\n @dvk01uk\r\n @malwrhunterteam\r\n @DynamicAnalysis\r\n @JRoosen\r\n @bad_packets\r\n @thlnk3r\r\n @luc4m","disable_correlation":false,"object_relation":"post","type":"text"},{"comment":"","category":"Network activity","uuid":"5cf910f8-99a4-46b4-a3b2-4e29950d210f","timestamp":"1559829649","to_ids":true,"value":"https://mobile.twitter.com/Mesiagh/status/1136355140523266048","disable_correlation":false,"object_relation":"url","type":"url"},{"comment":"","category":"Other","uuid":"5cf910f9-bc78-4d18-af35-46bd950d210f","timestamp":"1559829649","to_ids":false,"value":"@JAMESWT_MHT","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Other","uuid":"5cf910f9-1278-4e8e-ab47-43b1950d210f","timestamp":"1559829649","to_ids":false,"value":"@James_inthe_box","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Other","uuid":"5cf910f9-962c-4e2a-8c47-4bd2950d210f","timestamp":"1559829649","to_ids":false,"value":"@DissectMalware","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Other","uuid":"5cf910f9-5008-4e2f-b262-4bb8950d210f","timestamp":"1559829649","to_ids":false,"value":"@executemalware","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Other","uuid":"5cf910f9-7cf4-44d3-8a2b-4b6c950d210f","timestamp":"1559829649","to_ids":false,"value":"@JayTHL","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Other","uuid":"5cf910f9-4314-45d1-b90a-4e3e950d210f","timestamp":"1559829649","to_ids":false,"value":"@NelsonSecurity","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Other","uuid":"5cf910f9-df40-4d68-b42a-458f950d210f","timestamp":"1559829649","to_ids":false,"value":"@HazMalware","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Other","uuid":"5cf910f9-48c8-4c02-a5ac-43ae950d210f","timestamp":"1559829649","to_ids":false,"value":"@dvk01uk","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Other","uuid":"5cf910f9-8ca4-4d14-9977-49af950d210f","timestamp":"1559829649","to_ids":false,"value":"@malwrhunterteam","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Other","uuid":
