misp-circl-feed/feeds/circl/misp/5bd1ba76-6e4c-4228-af60-563a950d210f.json

1 line
No EOL
2.1 KiB
JSON

{"Event": {"info": "OSINT - TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"TRISIS\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"win.triton\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "publish_timestamp": "0", "timestamp": "1540474156", "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5bd1bc50-8144-4458-9bb1-4e57950d210f", "timestamp": "1540472734", "to_ids": false, "value": "In a previous blog post we detailed the TRITON intrusion that impacted industrial control systems (ICS) at a critical infrastructure facility. We now track this activity set as TEMP.Veles. In this blog post we provide additional information linking TEMP.Veles and their activity surrounding the TRITON intrusion to a Russian government-owned research institute.", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "text"}, {"comment": "", "category": "External analysis", "uuid": "5bd1bc87-22ec-4319-a874-57f4950d210f", "timestamp": "1540472750", "to_ids": false, "value": "https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "Network activity", "uuid": "5bd1beac-2d90-4e35-9b3d-951c950d210f", "timestamp": "1540472492", "to_ids": true, "value": "87.245.143.140", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}], "extends_uuid": "", "published": false, "date": "2018-10-23", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5bd1ba76-6e4c-4228-af60-563a950d210f"}}