{"Event":{"info":"OSINT - TA505 once again launched an offensive","Tag":[{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:threat-actor=\"TA505\""},{"colour":"#3b0020","exportable":true,"name":"workflow:todo=\"expansion\""},{"colour":"#002642","exportable":true,"name":"osint:source-type=\"microblog-post\""},{"colour":"#004646","exportable":true,"name":"type:OSINT"},{"colour":"#0071c3","exportable":true,"name":"osint:lifetime=\"perpetual\""},{"colour":"#0087e8","exportable":true,"name":"osint:certainty=\"50\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"}],"publish_timestamp":"0","timestamp":"1560411463","Object":[{"comment":"","template_uuid":"8ec8c911-ddbe-4f5b-895b-fbff70c42a60","uuid":"5d01f635-5f40-4b48-8510-4009950d210f","sharing_group_id":"0","timestamp":"1560410194","description":"Microblog post like a Twitter tweet or a post on a Facebook wall.","template_version":"6","ObjectReference":[{"comment":"","object_uuid":"5d01f635-5f40-4b48-8510-4009950d210f","uuid":"5d01f852-3880-4216-ad00-4605950d210f","timestamp":"1560410194","referenced_uuid":"5d01f830-fcd4-4cec-9d3d-4158950d210f","relationship_type":"contains"}],"Attribute":[{"comment":"","category":"Other","uuid":"5d01f635-a958-4d5a-8a9d-40b8950d210f","timestamp":"1560409653","to_ids":false,"value":"#TA505 once again launched an offensive. This time, the bill-themed email was launched for Chinese users. This time, the Excel 4.0 macro and the back door of the same family are still used.\r\n\r\n(link: https://www.virustotal.com/gui/file/d538b3aa5da1d0e506b531fb5c1ef514f7251e7f922857b21167767b11c57ce6/detection) virustotal.com/gui/file/d538b\u2026","disable_correlation":false,"object_relation":"post","type":"text"},{"comment":"","category":"Other","uuid":"5d01f635-b3ac-49cd-adc1-45d9950d210f","timestamp":"1560409653","to_ids":false,"value":"Twitter","disable_correlation":true,"object_relation":"type","type":"text"},{"comment":"","category":"Network activity","uuid":"5d01f635-dc30-49c2-b45c-4383950d210f","timestamp":"1560409653","to_ids":true,"value":"https://mobile.twitter.com/RedDrip7/status/1138764217123655680","disable_correlation":false,"object_relation":"url","type":"url"},{"comment":"","category":"Network activity","uuid":"5d01f635-be8c-4f63-a126-4117950d210f","timestamp":"1560409653","to_ids":true,"value":"https://t.co/2RTo3djsqt?amp=1","disable_correlation":false,"object_relation":"link","type":"url"},{"comment":"","category":"Network activity","uuid":"5d01f635-82e4-48a6-a760-41f8950d210f","timestamp":"1560409653","to_ids":true,"value":"https://www.virustotal.com/gui/file/d538b3aa5da1d0e506b531fb5c1ef514f7251e7f922857b21167767b11c57ce6/detection","disable_correlation":false,"object_relation":"link","type":"url"},{"comment":"","category":"Other","uuid":"5d01f635-03e8-475f-b619-49a9950d210f","timestamp":"1560409653","to_ids":false,"value":"RedDrip7","disable_correlation":false,"object_relation":"username","type":"text"},{"comment":"","category":"Other","uuid":"5d01f635-a488-49c7-81ce-4ad1950d210f","timestamp":"1560409653","to_ids":false,"value":"Informative","disable_correlation":true,"object_relation":"state","type":"text"},{"comment":"","category":"Other","uuid":"5d01f635-225c-4350-b0df-4984950d210f","timestamp":"1560409653","to_ids":false,"value":"Jun 12, 2019 1:05 PM","disable_correlation":false,"object_relation":"creation-date","type":"datetime"}],"distribution":"5","meta-category":"misc","name":"microblog"},{"comment":"","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5d01f7ef-5530-4732-abf6-4795950d210f","sharing_group_id":"0","timestamp":"1560410095","description":"File object describing a file with meta-information","template_version":"17","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5d01f7ef-90e4-4f7c-9ca1-4575950d210f","timestamp":"1560410095","to
