{ "Event": { "analysis": "0", "date": "2023-12-05", "extends_uuid": "", "info": "AA23-335A: IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities", "publish_timestamp": "1701766166", "published": true, "threat_level_id": "3", "timestamp": "1701762854", "uuid": "c578cb44-e440-486d-80a4-8cf6256c1d53", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#2e2c61", "local": "0", "name": "misp-galaxy:stix-2.1-attack-pattern=\"9a280255-c770-4d42-ae50-aff1896ebded\"", "relationship_type": "" }, { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": "0", "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:clear", "relationship_type": "" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2023-09-13T00:00:00+00:00", "timestamp": "1701722284", "to_ids": true, "type": "sha256", "uuid": "b4097d04-408a-4279-aac4-40ae3dd0710f", "value": "440b5385d3838e3f6bc21220caa83b65cd5f3618daea676f271c3671650ce9a3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2023-09-13T00:00:00+00:00", "timestamp": "1701722284", "to_ids": true, "type": "sha1", "uuid": "95a83932-6e7a-4024-b3f5-d878d78fd1d0", "value": "66ae21571faee1e258549078144325dc9dd60303" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2023-09-13T00:00:00+00:00", "timestamp": "1701722284", "to_ids": true, "type": "ip-dst", "uuid": "eb825787-5cf3-423a-aec9-42d611cc61e1", "value": "178.162.227.180" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2023-09-13T00:00:00+00:00", "timestamp": "1701722284", "to_ids": true, "type": "md5", "uuid": "695afe84-7eb6-4004-a7e1-2ad80bfa5131", "value": "ba284a4b508a7abd8070a427386e93e0" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-05-14T00:00:00+00:00", "timestamp": "1701722284", "to_ids": true, "type": "ip-dst", "uuid": "b74311f5-0fc4-4fda-a6c3-3a13cf1d3069", "value": "185.162.235.206" } ], "Object": [ { "comment": "", "deleted": false, "description": "Object describing the original file used to import data in MISP.", "meta-category": "file", "name": "original-imported-file", "template_uuid": "4cd560e9-2cfe-40a1-9964-7b2e797ecac5", "template_version": "2", "timestamp": "1701762533", "uuid": "0025bc8f-1af0-48a6-9534-e82af80ee21c", "Attribute": [ { "category": "External analysis", "comment": "", "data": "ewogICAgInR5cGUiOiAiYnVuZGxlIiwKICAgICJpZCI6ICJidW5kbGUtLTk0MDVhYWFlLWNmMDAtNDAzMC1hMzI2LTcwYjk2ZWE2YmJiNSIsCiAgICAib2JqZWN0cyI6IFsKICAgICAgICB7CiAgICAgICAgICAgICJpZCI6ICJsb2NhdGlvbi0tZTJjODg5YWEtYjBiMS00ZjA1LWI5MGMtYTBhMWExNTVkYzYyIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAidHlwZSI6ICJsb2NhdGlvbiIsCiAgICAgICAgICAgICJjb3VudHJ5IjogIlVTIiwKICAgICAgICAgICAgImFkbWluaXN0cmF0aXZlX2FyZWEiOiAiVVMtREMiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgImNyZWF0ZWRfYnlfcmVmIjogImlkZW50aXR5LS1iM2JjYTNjMi0xZjNkLTRiNTQtYjQ0Zi1kYWM0MmMzYThmMDEiLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAibWFya2luZy1kZWZpbml0aW9uIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAiaWQiOiAibWFya2luZy1kZWZpbml0aW9uLS00NzkwODFjOC0zYTYwLTRlYjgtYjQxMC05NmEzMGYzOTVkZWYiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTAzLTAyVDE2OjQ4OjU3Ljk1OVoiLAogICAgICAgICAgICAiZXh0ZW5zaW9ucyI6IHsKICAgICAgICAgICAgICAgICJleHRlbnNpb24tZGVmaW5pdGlvbi0tM2E2NTg4NGQtMDA1YS00MjkwLTgzMzUtY2IyZDc3OGE4M2NlIjogewogICAgICAgICAgICAgICAgICAgICJleHRlbnNpb25fdHlwZSI6ICJwcm9wZXJ0eS1leHRlbnNpb24iLAogICAgICAgICAgICAgICAgICAgICJpZGVudGlmaWVyIjogImlzYTpndWlkZS4xOTAwMS5BQ1MzLTllMGNkNTBlLTZlZmMtNDViMy04YTNkLWI2Mzc2NTQxYzljNSIsCiAgICAgICAgICAgICAgICAgICAgImNyZWF0ZV9kYXRlX3RpbWUiOiAiMjAyMy0wMy0wMlQxNjo0ODo1Ny45NTlaIiwKICAgICAgICAgICAgICAgICAgICAicmVzcG9uc2libGVfZW50aXR5X2N1c3RvZGlhbiI6ICJVU0EuREhTLk5DQ0lDIiwKICAgICAgICAgICAgICAgICAgICAicmVzcG9uc2libGVfZW50aXR5X29yaWdpbmF0b3IiOiAiVVNBLkRIUy5OQ0NJQyIsCiAgICAgICAgICAgICAgICAgICAgInBvbGljeV9yZWZlcmVuY2UiOiAidXJuOmlzYTpwb2xpY3k6YWNzOm5zOnYzLjA/cHJpdmRlZmF1bHQ9ZGVueSZzaGFyZWRlZmF1bHQ9cGVybWl0IiwKICAgICAgICAgICAgICAgICAgICAiY29udHJvbF9zZXQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJjbGFzc2lmaWNhdGlvbiI6ICJVIiwKICAgICAgICAgICAgICAgICAgICAgICAgImZvcm1hbF9kZXRlcm1pbmF0aW9uIjogWwogICAgICAgICAgICAgICAgICAgICAgICAgICAgIklORk9STUFUSU9OLURJUkVDVExZLVJFTEFURUQtVE8tQ1lCRVJTRUNVUklUWS1USFJFQVQiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIlBVQlJFTCIKICAgICAgICAgICAgICAgICAgICAgICAgXQogICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgImF1dGhvcml0eV9yZWZlcmVuY2UiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICJ1cm46aXNhOmF1dGhvcml0eTphaXMiCiAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAiYWNjZXNzX3ByaXZpbGVnZSI6IFsKICAgICAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInByaXZpbGVnZV9hY3Rpb24iOiAiQ0lTQVVTRVMiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgInJ1bGVfZWZmZWN0IjogInBlcm1pdCIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAicHJpdmlsZWdlX3Njb3BlIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJlbnRpdHkiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJBTEwiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAicGVybWl0dGVkX25hdGlvbmFsaXRpZXMiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJBTEwiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAicGVybWl0dGVkX29yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJBTEwiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAic2hhcmVhYmlsaXR5IjogWwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiQUxMIgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIF0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgIF0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgICAiaWQiOiAiYXR0YWNrLXBhdHRlcm4tLTlhMjgwMjU1LWM3NzAtNGQ0Mi1hZTUwLWFmZjE4OTZlYmRlZCIsCiAgICAgICAgICAgICJ0eXBlIjogImF0dGFjay1wYXR0ZXJuIiwKICAgICAgICAgICAgImNyZWF0ZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm1vZGlmaWVkIjogIjIwMjMtMTItMDRUMjA6Mzg6MDQuMDAwWiIsCiAgICAgICAgICAgICJzcGVjX3ZlcnNpb24iOiAiMi4xIiwKICAgICAgICAgICAgImNyZWF0ZWRfYnlfcmVmIjogImlkZW50aXR5LS1iM2JjYTNjMi0xZjNkLTRiNTQtYjQ0Zi1kYWM0MmMzYThmMDEiLAogICAgICAgICAgICAibmFtZSI6ICJDcmVkZW50aWFsIEFjY2VzcyAtIEJydXRlIEZvcmNlIFtUMTExMF0iLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgImlkIjogImluZGljYXRvci0tYjQwOTdkMDQtNDA4YS00Mjc5LWFhYzQtNDBhZTNkZDA3MTBmIiwKICAgICAgICAgICAgInR5cGUiOiAiaW5kaWNhdG9yIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAicGF0dGVybl90eXBlIjogInN0aXgiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm9iamVjdF9tYXJraW5nX3JlZnMiOiBbCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS00NzkwODFjOC0zYTYwLTRlYjgtYjQxMC05NmEzMGYzOTVkZWYiLAogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNjEzZjJlMjYtNDA3ZC00OGM3LTllY2EtYjhlOTFkZjk5ZGM5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAibmFtZSI6ICJGaWxlIEluZGljYXRvciIsCiAgICAgICAgICAgICJpbmRpY2F0b3JfdHlwZXMiOiBbCiAgICAgICAgICAgICAgICAibWFsaWNpb3VzLWFjdGl2aXR5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAidmFsaWRfZnJvbSI6ICIyMDIzLTA5LTEzVDAwOjAwOjAwWiIsCiAgICAgICAgICAgICJwYXR0ZXJuIjogIltmaWxlOmhhc2hlcy4nU0hBLTI1NicgPSAnNDQwQjUzODVEMzgzOEUzRjZCQzIxMjIwQ0FBODNCNjVDRDVGMzYxOERBRUE2NzZGMjcxQzM2NzE2NTBDRTlBMyddIiwKICAgICAgICAgICAgImNyZWF0ZWRfYnlfcmVmIjogImlkZW50aXR5LS1iM2JjYTNjMi0xZjNkLTRiNTQtYjQ0Zi1kYWM0MmMzYThmMDEiCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAgICJpZCI6ICJpbmRpY2F0b3ItLTk1YTgzOTMyLTZlN2EtNDAyNC1iM2Y1LWQ4NzhkNzhmZDFkMCIsCiAgICAgICAgICAgICJ0eXBlIjogImluZGljYXRvciIsCiAgICAgICAgICAgICJzcGVjX3ZlcnNpb24iOiAiMi4xIiwKICAgICAgICAgICAgInBhdHRlcm5fdHlwZSI6ICJzdGl4IiwKICAgICAgICAgICAgImNyZWF0ZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm1vZGlmaWVkIjogIjIwMjMtMTItMDRUMjA6Mzg6MDQuMDAwWiIsCiAgICAgICAgICAgICJvYmplY3RfbWFya2luZ19yZWZzIjogWwogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNDc5MDgxYzgtM2E2MC00ZWI4LWI0MTAtOTZhMzBmMzk1ZGVmIiwKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTYxM2YyZTI2LTQwN2QtNDhjNy05ZWNhLWI4ZTkxZGY5OWRjOSIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm5hbWUiOiAiRmlsZSBJbmRpY2F0b3IiLAogICAgICAgICAgICAiaW5kaWNhdG9yX3R5cGVzIjogWwogICAgICAgICAgICAgICAgIm1hbGljaW91cy1hY3Rpdml0eSIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInZhbGlkX2Zyb20iOiAiMjAyMy0wOS0xM1QwMDowMDowMFoiLAogICAgICAgICAgICAicGF0dGVybiI6ICJbZmlsZTpoYXNoZXMuJ1NIQS0xJyA9ICc2NkFFMjE1NzFGQUVFMUUyNTg1NDkwNzgxNDQzMjVEQzlERDYwMzAzJ10iLAogICAgICAgICAgICAiY3JlYXRlZF9ieV9yZWYiOiAiaWRlbnRpdHktLWIzYmNhM2MyLTFmM2QtNGI1NC1iNDRmLWRhYzQyYzNhOGYwMSIKICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgImlkIjogImluZGljYXRvci0tZWI4MjU3ODctNWNmMy00MjNhLWFlYzktNDJkNjExY2M2MWUxIiwKICAgICAgICAgICAgInR5cGUiOiAiaW5kaWNhdG9yIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAicGF0dGVybl90eXBlIjogInN0aXgiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm9iamVjdF9tYXJraW5nX3JlZnMiOiBbCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS00NzkwODFjOC0zYTYwLTRlYjgtYjQxMC05NmEzMGYzOTVkZWYiLAogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNjEzZjJlMjYtNDA3ZC00OGM3LTllY2EtYjhlOTFkZjk5ZGM5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAibmFtZSI6ICJJUHY0IEluZGljYXRvciIsCiAgICAgICAgICAgICJpbmRpY2F0b3JfdHlwZXMiOiBbCiAgICAgICAgICAgICAgICAibWFsaWNpb3VzLWFjdGl2aXR5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAidmFsaWRfZnJvbSI6ICIyMDIzLTA5LTEzVDAwOjAwOjAwWiIsCiAgICAgICAgICAgICJwYXR0ZXJuIjogIltpcHY0LWFkZHI6dmFsdWUgPSAnMTc4LjE2Mi4yMjcuMTgwJ10iLAogICAgICAgICAgICAiY3JlYXRlZF9ieV9yZWYiOiAiaWRlbnRpdHktLWIzYmNhM2MyLTFmM2QtNGI1NC1iNDRmLWRhYzQyYzNhOGYwMSIKICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgImlkIjogImluZGljYXRvci0tNjk1YWZlODQtN2ViNi00MDA0LWE3ZTEtMmFkODBiZmE1MTMxIiwKICAgICAgICAgICAgInR5cGUiOiAiaW5kaWNhdG9yIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAicGF0dGVybl90eXBlIjogInN0aXgiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm9iamVjdF9tYXJraW5nX3JlZnMiOiBbCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS00NzkwODFjOC0zYTYwLTRlYjgtYjQxMC05NmEzMGYzOTVkZWYiLAogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNjEzZjJlMjYtNDA3ZC00OGM3LTllY2EtYjhlOTFkZjk5ZGM5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAibmFtZSI6ICJGaWxlIEluZGljYXRvciIsCiAgICAgICAgICAgICJpbmRpY2F0b3JfdHlwZXMiOiBbCiAgICAgICAgICAgICAgICAibWFsaWNpb3VzLWFjdGl2aXR5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAidmFsaWRfZnJvbSI6ICIyMDIzLTA5LTEzVDAwOjAwOjAwWiIsCiAgICAgICAgICAgICJwYXR0ZXJuIjogIltmaWxlOmhhc2hlcy5NRDUgPSAnQkEyODRBNEI1MDhBN0FCRDgwNzBBNDI3Mzg2RTkzRTAnXSIsCiAgICAgICAgICAgICJjcmVhdGVkX2J5X3JlZiI6ICJpZGVudGl0eS0tYjNiY2EzYzItMWYzZC00YjU0LWI0NGYtZGFjNDJjM2E4ZjAxIgogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgICAiaWQiOiAiaW5kaWNhdG9yLS1iNzQzMTFmNS0wZmM0LTRmZGEtYTZjMy0zYTEzY2YxZDMwNjkiLAogICAgICAgICAgICAidHlwZSI6ICJpbmRpY2F0b3IiLAogICAgICAgICAgICAic3BlY192ZXJzaW9uIjogIjIuMSIsCiAgICAgICAgICAgICJwYXR0ZXJuX3R5cGUiOiAic3RpeCIsCiAgICAgICAgICAgICJjcmVhdGVkIjogIjIwMjMtMTItMDRUMjA6Mzg6MDQuMDAwWiIsCiAgICAgICAgICAgICJtb2RpZmllZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJuYW1lIjogIklQdjQgSW5kaWNhdG9yIiwKICAgICAgICAgICAgImluZGljYXRvcl90eXBlcyI6IFsKICAgICAgICAgICAgICAgICJtYWxpY2lvdXMtYWN0aXZpdHkiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJ2YWxpZF9mcm9tIjogIjIwMTgtMDUtMTRUMDA6MDA6MDBaIiwKICAgICAgICAgICAgInBhdHRlcm4iOiAiW2lwdjQtYWRkcjp2YWx1ZSA9ICcxODUuMTYyLjIzNS4yMDYnXSIsCiAgICAgICAgICAgICJjcmVhdGVkX2J5X3JlZiI6ICJpZGVudGl0eS0tYjNiY2EzYzItMWYzZC00YjU0LWI0NGYtZGFjNDJjM2E4ZjAxIgogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJyZWxhdGlvbnNoaXAiLAogICAgICAgICAgICAic3BlY192ZXJzaW9uIjogIjIuMSIsCiAgICAgICAgICAgICJpZCI6ICJyZWxhdGlvbnNoaXAtLTNkOGJiNDBmLTAxZWYtNDZmOS1hNWMwLTAwNGExMmU0MDE1NSIsCiAgICAgICAgICAgICJjcmVhdGVkX2J5X3JlZiI6ICJpZGVudGl0eS0tYjNiY2EzYzItMWYzZC00YjU0LWI0NGYtZGFjNDJjM2E4ZjAxIiwKICAgICAgICAgICAgImNyZWF0ZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm1vZGlmaWVkIjogIjIwMjMtMTItMDRUMjA6Mzg6MDQuMDAwWiIsCiAgICAgICAgICAgICJzb3VyY2VfcmVmIjogImlkZW50aXR5LS1iM2JjYTNjMi0xZjNkLTRiNTQtYjQ0Zi1kYWM0MmMzYThmMDEiLAogICAgICAgICAgICAicmVsYXRpb25zaGlwX3R5cGUiOiAibG9jYXRlZC1hdCIsCiAgICAgICAgICAgICJ0YXJnZXRfcmVmIjogImxvY2F0aW9uLS1lMmM4ODlhYS1iMGIxLTRmMDUtYjkwYy1hMGExYTE1NWRjNjIiLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgImlkIjogInJlcG9ydC0tYzU3OGNiNDQtZTQ0MC00ODZkLTgwYTQtOGNmNjI1NmMxZDUzIiwKICAgICAgICAgICAgInR5cGUiOiAicmVwb3J0IiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm5hbWUiOiAiQUEyMy0zMzVBOiBJUkdDLUFmZmlsaWF0ZWQgQ3liZXIgQWN0b3JzIEV4cGxvaXQgUExDcyBpbiBNdWx0aXBsZSBTZWN0b3JzLCBJbmNsdWRpbmcgVS5TLiBXYXRlciBhbmQgV2FzdGV3YXRlciBTeXN0ZW1zIEZhY2lsaXRpZXMiLAogICAgICAgICAgICAiZGVzY3JpcHRpb24iOiAiVGhlIEZlZGVyYWwgQnVyZWF1IG9mIEludmVzdGlnYXRpb24gKEZCSSksIEN5YmVyc2VjdXJpdHkgYW5kIEluZnJhc3RydWN0dXJlIFNlY3VyaXR5IEFnZW5jeSAoQ0lTQSksIE5hdGlvbmFsIFNlY3VyaXR5IEFnZW5jeSAoTlNBKSwgRW52aXJvbm1lbnRhbCBQcm90ZWN0aW9uIEFnZW5jeSAoRVBBKSwgYW5kIHRoZSBJc3JhZWwgTmF0aW9uYWwgQ3liZXIgRGlyZWN0b3JhdGUgKElOQ0QpXFx1MjAxNGhlcmVhZnRlciByZWZlcnJlZCAgdG8gIGFzIFwidGhlIGF1dGhvcmluZyBhZ2VuY2llc1wiIC0gYXJlIGRpc3NlbWluYXRpbmcgdGhpcyBqb2ludCBDeWJlcnNlY3VyaXR5IEFkdmlzb3J5IChDU0EpIHRvIGhpZ2hsaWdodCBjb250aW51ZWQgbWFsaWNpb3VzIGN5YmVyIGFjdGl2aXR5IGFnYWluc3Qgb3BlcmF0aW9uYWwgdGVjaG5vbG9neSBkZXZpY2VzIGJ5IElyYW5pYW4gR292ZXJubWVudCBJc2xhbWljIFJldm9sdXRpb25hcnkgR3VhcmQgQ29ycHMgSVJHQyktYWZmaWxpYXRlZCBBZHZhbmNlZCBQZXJzaXN0ZW50IFRocmVhdCAoQVBUKSBjeWJlciBhY3RvcnMuIFxyXG5cclxuVGhlIElSR0MgaXMgYW4gSXJhbmlhbiBtaWxpdGFyeSBvcmdhbml6YXRpb24gdGhhdCB0aGUgVW5pdGVkIFN0YXRlcyBkZXNpZ25hdGVkIGFzIGEgZm9yZWlnbiB0ZXJyb3Jpc3Qgb3JnYW5pemF0aW9uIGluIDIwMTkuIElSR0MtYWZmaWxpYXRlZCBjeWJlciBhY3RvcnMgdXNpbmcgdGhlIHBlcnNvbmEgXFx1MjAxY0N5YmVyQXYzbmdlcnNcXHUyMDFkIGFyZSBhY3RpdmVseSB0YXJnZXRpbmcgYW5kIGNvbXByb21pc2luZyBJc3JhZWxpLW1hZGUgVW5pdHJvbmljcyBWaXNpb24gU2VyaWVzIHByb2dyYW1tYWJsZSBsb2dpYyBjb250cm9sbGVycyAgKFBMQ3MpLiBUaGVzZSBQTENzIGFyZSBjb21tb25seSB1c2VkIGluIHRoZSBXYXRlciBhbmQgV2FzdGV3YXRlciBTeXN0ZW1zIChXV1MpIFNlY3RvciBhbmQgYXJlIGFkZGl0aW9uYWxseSB1c2VkIGluIG90aGVyIGluZHVzdHJpZXMgaW5jbHVkaW5nLCBidXQgbm90IGxpbWl0ZWQgdG8sIGVuZXJneSwgZm9vZCBhbmQgYmV2ZXJhZ2UgbWFudWZhY3R1cmluZywgYW5kIGhlYWx0aGNhcmUuIFRoZSBQTENzIG1heSBiZSByZWJyYW5kZWQgYW5kIGFwcGVhciBhcyBkaWZmZXJlbnQgbWFudWZhY3R1cmVycyBhbmQgY29tcGFuaWVzLiBJbiBhZGRpdGlvbiB0byB0aGUgcmVjZW50IENJU0EgQWxlcnQsIHRoZSBhdXRob3JpbmcgYWdlbmNpZXMgYXJlIHJlbGVhc2luZyB0aGlzIGpvaW50IENTQSB0byBzaGFyZSBpbmRpY2F0b3JzIG9mIGNvbXByb21pc2UgKElPQ3MpIGFuZCB0YWN0aWNzLCB0ZWNobmlxdWVzLCBhbmQgcHJvY2VkdXJlcyAoVFRQcykgYXNzb2NpYXRlZCB3aXRoIElSR0MgY3liZXIgb3BlcmF0aW9ucy5cclxuIiwKICAgICAgICAgICAgInB1Ymxpc2hlZCI6ICIyMDIzLTEyLTAyVDAwOjAwOjAwWiIsCiAgICAgICAgICAgICJjcmVhdGVkX2J5X3JlZiI6ICJpZGVudGl0eS0tYjNiY2EzYzItMWYzZC00YjU0LWI0NGYtZGFjNDJjM2E4ZjAxIiwKICAgICAgICAgICAgIm9iamVjdF9yZWZzIjogWwogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNDc5MDgxYzgtM2E2MC00ZWI4LWI0MTAtOTZhMzBmMzk1ZGVmIiwKICAgICAgICAgICAgICAgICJhdHRhY2stcGF0dGVybi0tOWEyODAyNTUtYzc3MC00ZDQyLWFlNTAtYWZmMTg5NmViZGVkIiwKICAgICAgICAgICAgICAgICJpbmRpY2F0b3ItLWI0MDk3ZDA0LTQwOGEtNDI3OS1hYWM0LTQwYWUzZGQwNzEwZiIsCiAgICAgICAgICAgICAgICAiaW5kaWNhdG9yLS05NWE4MzkzMi02ZTdhLTQwMjQtYjNmNS1kODc4ZDc4ZmQxZDAiLAogICAgICAgICAgICAgICAgImluZGljYXRvci0tZWI4MjU3ODctNWNmMy00MjNhLWFlYzktNDJkNjExY2M2MWUxIiwKICAgICAgICAgICAgICAgICJpbmRpY2F0b3ItLTY5NWFmZTg0LTdlYjYtNDAwNC1hN2UxLTJhZDgwYmZhNTEzMSIsCiAgICAgICAgICAgICAgICAiaW5kaWNhdG9yLS1iNzQzMTFmNS0wZmM0LTRmZGEtYTZjMy0zYTEzY2YxZDMwNjkiLAogICAgICAgICAgICAgICAgInJlbGF0aW9uc2hpcC0tM2Q4YmI0MGYtMDFlZi00NmY5LWE1YzAtMDA0YTEyZTQwMTU1IgogICAgICAgICAgICBdLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0KICAgICAgICB9CiAgICBdCn0=", "deleted": false, "disable_correlation": true, "object_relation": "imported-sample", "timestamp": "1701762533", "to_ids": false, "type": "attachment", "uuid": "63b59f7b-462d-4bdb-9861-b2de803a358c", "value": "AA23-335A-IRGC-Affiliated-Cyber-Actors-Exploit-PLCs-in-Multiple-Sectors-Including-US-Water-and-Wastewater-Systems-Facilities.stix_.json" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "format", "timestamp": "1701762533", "to_ids": false, "type": "text", "uuid": "a8bc59ca-67e3-4e50-acd3-c1867a2acc3c", "value": "STIX 2.1" } ] }, { "comment": "\"AA23-335A: IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities", "deleted": false, "description": "Metadata used to generate an executive level report", "meta-category": "misc", "name": "report", "template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df", "template_version": "7", "timestamp": "1701762854", "uuid": "157412c1-046a-4e74-99f8-84a148792839", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1701762854", "to_ids": false, "type": "link", "uuid": "c6fbcbef-c300-445b-85d0-025c748f5545", "value": "https://www.cisa.gov/sites/default/files/2023-12/AA23-335A-IRGC-Affiliated-Cyber-Actors-Exploit-PLCs-in-Multiple-Sectors-Including-US-Water-and-Wastewater-Systems-Facilities.stix_.json" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "summary", "timestamp": "1701762854", "to_ids": false, "type": "text", "uuid": "548e3b68-36bd-4297-b825-3cadd87fc1c7", "value": "The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)\\\\u2014hereafter referred to as \"the authoring agencies\" - are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors. \\r\\n\\r\\nThe IRGC is an Iranian military organization that the United States designated as a foreign terrorist organization in 2019. IRGC-affiliated cyber actors using the persona \\\\u201cCyberAv3ngers\\\\u201d are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs). These PLCs are commonly used in the Water and Wastewater Systems (WWS) Sector and are additionally used in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare. The PLCs may be rebranded and appear as different manufacturers and companies. In addition to the recent CISA Alert, the authoring agencies are releasing this joint CSA to share indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with IRGC cyber operations.\\r\\n" } ] } ] } }