2023-12-14 14:30:15 +00:00
|
|
|
{"Event": {"info": "COMpfun successor Reductor: compromise TLS traffic", "Tag": [{"colour": "#12e200", "exportable": true, "name": "misp-galaxy:threat-actor=\"Turla Group\""}, {"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#001cad", "exportable": true, "name": "estimative-language:likelihood-probability=\"very-likely\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"COMpfun\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"Reductor\""}], "publish_timestamp": "1570107780", "timestamp": "1570686944", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "9499eb17-e165-4ddd-96ff-6a04056a5197", "sharing_group_id": "0", "timestamp": "1570104428", "description": "File object describing a file with meta-information", "template_version": "17", "ObjectReference": [{"comment": "", "object_uuid": "9499eb17-e165-4ddd-96ff-6a04056a5197", "uuid": "5d95e46c-bb7c-4069-a077-44e0950d210f", "timestamp": "1570104428", "referenced_uuid": "2c492ff9-0eaf-47ec-882b-28395b2447c9", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "c16bfce1-a684-41d6-b741-692406f34d04", "timestamp": "1570104396", "to_ids": true, "value": "7911f8d717dc9d7a78d99e687a12d7ad", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "637fa6fe-6e9c-4341-b1b9-1a1eca224902", "timestamp": "1570104396", "to_ids": true, "value": "e49666f7882f299c2845c7e31e3d842a387ef10d", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "01612c16-9dd3-4fe3-86b9-44be6da865c8", "timestamp": "1570104396", "to_ids": true, "value": "4e2d038e9d72ee4d660755ba973a31471dda167d1a51bfdfe60abb2b3de78ba1", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "2c492ff9-0eaf-47ec-882b-28395b2447c9", "sharing_group_id": "0", "timestamp": "1570104428", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "6f1c02b3-7e03-4457-b0d2-bb57f4594085", "timestamp": "1570104396", "to_ids": false, "value": "2019-05-19 16:41:15", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "3b60de42-cdef-418e-97ce-93717a2412ce", "timestamp": "1570104396", "to_ids": false, "value": "https://www.virustotal.com/file/4e2d038e9d72ee4d660755ba973a31471dda167d1a51bfdfe60abb2b3de78ba1/analysis/1558284075/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "334ec304-ebb4-4527-badb-85b9d0ada237", "timestamp": "1570104396", "to_ids": false, "value": "26/68", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d1ab756a-26b5-4349-9f43-765630f0911c", "uuid": "5d95e5cb-de84-4411-9e52-4c52950d210f", "sharing_group_id": "0", "timestamp": "1570104779", "description": "x509 object describing a X.509 certificate", "template_version": "9", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5d95e5cc-69a8-4727-820a-4057950d210f", "timestamp": "1570104780", "to_ids": true, "value": "119b2be9c17d8c7c5ab0fa1a17aaf69082bab21d", "disable_correlation": false, "object_relation": "x509-fingerprint-sha1", "type": "x509-fingerprint-sha1"}, {"comment": "", "category": "Other", "uuid": "5d95e5cc-c198-46a8-9f6a-4b0a950d210f", "timestamp": "1
|
