{"Event":{"info":"OSINT - TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers","Tag":[{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:tool=\"TRISIS\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:malpedia=\"win.triton\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""}],"publish_timestamp":"0","timestamp":"1540474156","analysis":"2","Attribute":[{"comment":"","category":"External analysis","uuid":"5bd1bc50-8144-4458-9bb1-4e57950d210f","timestamp":"1540472734","to_ids":false,"value":"In a previous blog post we detailed the TRITON intrusion that impacted industrial control systems (ICS) at a critical infrastructure facility. We now track this activity set as TEMP.Veles. In this blog post we provide additional information linking TEMP.Veles and their activity surrounding the TRITON intrusion to a Russian government-owned research institute.","Tag":[{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""}],"disable_correlation":false,"object_relation":null,"type":"text"},{"comment":"","category":"External analysis","uuid":"5bd1bc87-22ec-4319-a874-57f4950d210f","timestamp":"1540472750","to_ids":false,"value":"https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html","Tag":[{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""}],"disable_correlation":false,"object_relation":null,"type":"link"},{"comment":"","category":"Network activity","uuid":"5bd1beac-2d90-4e35-9b3d-951c950d210f","timestamp":"1540472492","to_ids":true,"value":"87.245.143.140","disable_correlation":false,"object_relation":null,"type":"ip-dst"}],"extends_uuid":"","published":false,"date":"2018-10-23","Orgc":{"uuid":"55f6ea5e-2c60-40e5-964f-47a8950d210f","name":"CIRCL"},"threat_level_id":"3","uuid":"5bd1ba76-6e4c-4228-af60-563a950d210f"}}
