{"Event":{"info":"OSINT - BR banker sample Bankerflux","Tag":[{"colour":"#002642","exportable":true,"name":"osint:source-type=\"microblog-post\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"}],"publish_timestamp":"0","timestamp":"1557734323","Object":[{"comment":"","template_uuid":"8ec8c911-ddbe-4f5b-895b-fbff70c42a60","uuid":"5cd91962-0644-411a-8bf1-56a6950d210f","sharing_group_id":"0","timestamp":"1557731682","description":"Microblog post like a Twitter tweet or a post on a Facebook wall.","template_version":"5","Attribute":[{"comment":"","category":"Other","uuid":"5cd91962-60f0-4baf-9ea2-56a6950d210f","timestamp":"1557731682","to_ids":false,"value":"Interesting BR #banker sample, #bankerflux found by @malwrhunterteam drops a few binaries via @googledrive c2's: test.discoverthings[.]pw port2010kmjutre.camdvr[.]org hash f363206183d838911458139b45d0ac6d on @mal_share","disable_correlation":false,"object_relation":"post","type":"text"},{"comment":"","category":"Other","uuid":"5cd91962-305c-43b1-a44e-56a6950d210f","timestamp":"1557731682","to_ids":false,"value":"Twitter","disable_correlation":true,"object_relation":"type","type":"text"},{"comment":"","category":"Network activity","uuid":"5cd91962-904c-42cd-b5c6-56a6950d210f","timestamp":"1557731682","to_ids":true,"value":"https://twitter.com/James_inthe_box/status/1107613603144712192","disable_correlation":false,"object_relation":"url","type":"url"},{"comment":"","category":"Other","uuid":"5cd91962-36e8-47e1-bafb-56a6950d210f","timestamp":"1557731682","to_ids":false,"value":"@malwrhunterteam","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Other","uuid":"5cd91962-e624-4d47-83ae-56a6950d210f","timestamp":"1557731682","to_ids":false,"value":"@googledrive","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Other","uuid":"5cd91962-3a54-4001-93d2-56a6950d210f","timestamp":"1557731682","to_ids":false,"value":"@mal_share","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Other","uuid":"5cd91962-e0f0-4bb8-ad21-56a6950d210f","timestamp":"1557731682","to_ids":false,"value":"18 Mar 2019 5:03 AM","disable_correlation":false,"object_relation":"creation-date","type":"datetime"},{"comment":"","category":"Other","uuid":"5cd91962-99a8-41dd-93af-56a6950d210f","timestamp":"1557731682","to_ids":false,"value":"James_inthe_box","disable_correlation":false,"object_relation":"username","type":"text"}],"distribution":"5","meta-category":"misc","name":"microblog"},{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5cd923a2-d3dc-47c9-9404-47eb950d210f","sharing_group_id":"0","timestamp":"1557734306","description":"File object describing a file with meta-information","template_version":"17","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5cd923a3-d25c-4832-8e8f-4954950d210f","timestamp":"1557734307","to_ids":true,"value":"f363206183d838911458139b45d0ac6d","disable_correlation":false,"object_relation":"md5","type":"md5"},{"comment":"","category":"Other","uuid":"5cd923a3-f898-4111-a931-41e1950d210f","timestamp":"1557734307","to_ids":false,"value":"Malicious","disable_correlation":true,"object_relation":"state","type":"text"}],"distribution":"5","meta-category":"file","name":"file"}],"analysis":"0","Attribute":[{"comment":"C2","category":"Network activity","uuid":"5cd91978-e20c-4db1-aa46-5c80950d210f","timestamp":"1557731704","to_ids":true,"value":"test.discoverthings.pw","disable_correlation":false,"object_relation":null,"type":"hostname"},{"comment":"C2","category":"Network activity","uuid":"5cd91978-db5c-4411-9e7b-5c80950d210f","timestamp":"1557731704","to_ids":true,"value":"port2010kmjutre.camdvr.org","disable
