{"Event":{"info":"OSINT - Possible Bankerflux Malware UPX -> Au3 Resource","Tag":[{"colour":"#366c00","exportable":true,"name":"circl:incident-classification=\"malware\""},{"colour":"#002642","exportable":true,"name":"osint:source-type=\"microblog-post\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#3b0020","exportable":true,"name":"workflow:todo=\"expansion\""}],"publish_timestamp":"0","timestamp":"1557839654","Object":[{"comment":"","template_uuid":"8ec8c911-ddbe-4f5b-895b-fbff70c42a60","uuid":"5cdab648-e084-4390-8b61-4c24950d210f","sharing_group_id":"0","timestamp":"1557837384","description":"Microblog post like a Twitter tweet or a post on a Facebook wall.","template_version":"5","Attribute":[{"comment":"","category":"Other","uuid":"5cdab648-9494-4c2c-bd4f-4c73950d210f","timestamp":"1557837384","to_ids":false,"value":"2019-05-16: Possible #Bankerflux #Malware\r\nUPX -> Au3 Resource\r\n\ud83e\uddf0\r\n\r\nh/t @malwrhunterteam\r\n \r\ncc/ @James_inthe_box\r\n\r\ndebuglog(\"Server is visible right now\") | \"Decrypting datastorage\"\r\n\ud83d\uded1\r\n\r\nConfig Extractor | \"ba3x\"\r\nExtracted & shared raw Au3 from this malware on Git ->\r\n(link: https://github.com/k-vitali/Malware-Misc-RE/blob/master/2019-05-15-possible-bankerflux-vk.au3) github.com/k-vitali/Malwa\u2026","disable_correlation":false,"object_relation":"post","type":"text"},{"comment":"","category":"Other","uuid":"5cdab648-4070-4510-a3d5-4746950d210f","timestamp":"1557837384","to_ids":false,"value":"Twitter","disable_correlation":true,"object_relation":"type","type":"text"},{"comment":"","category":"Network activity","uuid":"5cdab648-d624-47b0-a65c-4204950d210f","timestamp":"1557837384","to_ids":true,"value":"https://twitter.com/VK_Intel/status/1128194176103931904","disable_correlation":false,"object_relation":"url","type":"url"},{"comment":"","category":"Other","uuid":"5cdab648-7460-4075-ac9c-4631950d210f","timestamp":"1557837384","to_ids":false,"value":"@malwrhunterteam","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Other","uuid":"5cdab648-321c-4b44-b90a-4b1e950d210f","timestamp":"1557837384","to_ids":false,"value":"cc/ @James_inthe_box","disable_correlation":false,"object_relation":"username-quoted","type":"text"},{"comment":"","category":"Network activity","uuid":"5cdab648-ed88-44f4-afa0-417a950d210f","timestamp":"1557837384","to_ids":true,"value":"https://t.co/ePoyIfJ4iw?amp=1","disable_correlation":false,"object_relation":"link","type":"url"},{"comment":"","category":"Network activity","uuid":"5cdab648-0bc8-4341-bec8-45f3950d210f","timestamp":"1557837384","to_ids":true,"value":"https://github.com/k-vitali/Malware-Misc-RE/blob/master/2019-05-15-possible-bankerflux-vk.au3","disable_correlation":false,"object_relation":"link","type":"url"},{"comment":"","category":"Other","uuid":"5cdab648-35e4-4fba-94b9-49e1950d210f","timestamp":"1557837384","to_ids":false,"value":"2019-05-14 9:03 AM","disable_correlation":false,"object_relation":"creation-date","type":"datetime"},{"comment":"","category":"Other","uuid":"5cdab648-e9c0-44e4-a0e3-4856950d210f","timestamp":"1557837384","to_ids":false,"value":"VK_Intel","disable_correlation":false,"object_relation":"username","type":"text"}],"distribution":"5","meta-category":"misc","name":"microblog"},{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5cdabcd4-e104-4158-947e-487a950d210f","sharing_group_id":"0","timestamp":"1557839060","description":"File object describing a file with meta-information","template_version":"17","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5cdabcd4-ca44-47ab-8f6c-49dc950d210f","timestamp":"1557839060","to_ids":true,"value":"f363206183d838911458139b45d0ac6d","disable_correlation":false,"object_relation":"md5","type":
