adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/c578cb44-e440-486d-80a4-8cf6256c1d53.json

233 lines
No EOL
25 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--c578cb44-e440-486d-80a4-8cf6256c1d53",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T07:54:14.000Z",
"modified": "2023-12-05T07:54:14.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--c578cb44-e440-486d-80a4-8cf6256c1d53",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T07:54:14.000Z",
"modified": "2023-12-05T07:54:14.000Z",
"name": "AA23-335A: IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities",
"published": "2023-12-05T08:49:26Z",
"object_refs": [
"indicator--b4097d04-408a-4279-aac4-40ae3dd0710f",
"indicator--95a83932-6e7a-4024-b3f5-d878d78fd1d0",
"indicator--eb825787-5cf3-423a-aec9-42d611cc61e1",
"indicator--695afe84-7eb6-4004-a7e1-2ad80bfa5131",
"indicator--b74311f5-0fc4-4fda-a6c3-3a13cf1d3069",
"x-misp-object--0025bc8f-1af0-48a6-9534-e82af80ee21c",
"x-misp-object--157412c1-046a-4e74-99f8-84a148792839"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:stix-2.1-attack-pattern=\"9a280255-c770-4d42-ae50-aff1896ebded\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"tlp:clear"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b4097d04-408a-4279-aac4-40ae3dd0710f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-04T20:38:04.000Z",
"modified": "2023-12-04T20:38:04.000Z",
"pattern": "[file:hashes.SHA256 = '440b5385d3838e3f6bc21220caa83b65cd5f3618daea676f271c3671650ce9a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-09-13T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--95a83932-6e7a-4024-b3f5-d878d78fd1d0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-04T20:38:04.000Z",
"modified": "2023-12-04T20:38:04.000Z",
"pattern": "[file:hashes.SHA1 = '66ae21571faee1e258549078144325dc9dd60303']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-09-13T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eb825787-5cf3-423a-aec9-42d611cc61e1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-04T20:38:04.000Z",
"modified": "2023-12-04T20:38:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.162.227.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-09-13T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--695afe84-7eb6-4004-a7e1-2ad80bfa5131",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-04T20:38:04.000Z",
"modified": "2023-12-04T20:38:04.000Z",
"pattern": "[file:hashes.MD5 = 'ba284a4b508a7abd8070a427386e93e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-09-13T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b74311f5-0fc4-4fda-a6c3-3a13cf1d3069",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-04T20:38:04.000Z",
"modified": "2023-12-04T20:38:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.162.235.206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-14T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0025bc8f-1af0-48a6-9534-e82af80ee21c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T07:48:53.000Z",
"modified": "2023-12-05T07:48:53.000Z",
"labels": [
"misp:name=\"original-imported-file\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "attachment",
"object_relation": "imported-sample",
"value": "AA23-335A-IRGC-Affiliated-Cyber-Actors-Exploit-PLCs-in-Multiple-Sectors-Including-US-Water-and-Wastewater-Systems-Facilities.stix_.json",
"category": "External analysis",
"uuid": "63b59f7b-462d-4bdb-9861-b2de803a358c",
"data": "ewogICAgInR5cGUiOiAiYnVuZGxlIiwKICAgICJpZCI6ICJidW5kbGUtLTk0MDVhYWFlLWNmMDAtNDAzMC1hMzI2LTcwYjk2ZWE2YmJiNSIsCiAgICAib2JqZWN0cyI6IFsKICAgICAgICB7CiAgICAgICAgICAgICJpZCI6ICJsb2NhdGlvbi0tZTJjODg5YWEtYjBiMS00ZjA1LWI5MGMtYTBhMWExNTVkYzYyIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAidHlwZSI6ICJsb2NhdGlvbiIsCiAgICAgICAgICAgICJjb3VudHJ5IjogIlVTIiwKICAgICAgICAgICAgImFkbWluaXN0cmF0aXZlX2FyZWEiOiAiVVMtREMiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgImNyZWF0ZWRfYnlfcmVmIjogImlkZW50aXR5LS1iM2JjYTNjMi0xZjNkLTRiNTQtYjQ0Zi1kYWM0MmMzYThmMDEiLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAibWFya2luZy1kZWZpbml0aW9uIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAiaWQiOiAibWFya2luZy1kZWZpbml0aW9uLS00NzkwODFjOC0zYTYwLTRlYjgtYjQxMC05NmEzMGYzOTVkZWYiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTAzLTAyVDE2OjQ4OjU3Ljk1OVoiLAogICAgICAgICAgICAiZXh0ZW5zaW9ucyI6IHsKICAgICAgICAgICAgICAgICJleHRlbnNpb24tZGVmaW5pdGlvbi0tM2E2NTg4NGQtMDA1YS00MjkwLTgzMzUtY2IyZDc3OGE4M2NlIjogewogICAgICAgICAgICAgICAgICAgICJleHRlbnNpb25fdHlwZSI6ICJwcm9wZXJ0eS1leHRlbnNpb24iLAogICAgICAgICAgICAgICAgICAgICJpZGVudGlmaWVyIjogImlzYTpndWlkZS4xOTAwMS5BQ1MzLTllMGNkNTBlLTZlZmMtNDViMy04YTNkLWI2Mzc2NTQxYzljNSIsCiAgICAgICAgICAgICAgICAgICAgImNyZWF0ZV9kYXRlX3RpbWUiOiAiMjAyMy0wMy0wMlQxNjo0ODo1Ny45NTlaIiwKICAgICAgICAgICAgICAgICAgICAicmVzcG9uc2libGVfZW50aXR5X2N1c3RvZGlhbiI6ICJVU0EuREhTLk5DQ0lDIiwKICAgICAgICAgICAgICAgICAgICAicmVzcG9uc2libGVfZW50aXR5X29yaWdpbmF0b3IiOiAiVVNBLkRIUy5OQ0NJQyIsCiAgICAgICAgICAgICAgICAgICAgInBvbGljeV9yZWZlcmVuY2UiOiAidXJuOmlzYTpwb2xpY3k6YWNzOm5zOnYzLjA/cHJpdmRlZmF1bHQ9ZGVueSZzaGFyZWRlZmF1bHQ9cGVybWl0IiwKICAgICAgICAgICAgICAgICAgICAiY29udHJvbF9zZXQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJjbGFzc2lmaWNhdGlvbiI6ICJVIiwKICAgICAgICAgICAgICAgICAgICAgICAgImZvcm1hbF9kZXRlcm1pbmF0aW9uIjogWwogICAgICAgICAgICAgICAgICAgICAgICAgICAgIklORk9STUFUSU9OLURJUkVDVExZLVJFTEFURUQtVE8tQ1lCRVJTRUNVUklUWS1USFJFQVQiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIlBVQlJFTCIKICAgICAgICAgICAgICAgICAgICAgICAgXQogICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgImF1dGhvcml0eV9yZWZlcmVuY2UiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICJ1cm46aXNhOmF1dGhvcml0eTphaXMiCiAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAiYWNjZXNzX3ByaXZpbGVnZSI6IFsKICAgICAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInByaXZpbGVnZV9hY3Rpb24iOiAiQ0lTQVVTRVMiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgInJ1bGVfZWZmZWN0IjogInBlcm1pdCIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAicHJpdmlsZWdlX3Njb3BlIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJlbnRpdHkiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJBTEwiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAicGVybWl0dGVkX25hdGlvbmFsaXRpZXMiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJBTEwiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAicGVybWl0dGVkX29yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJBTEwiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAic2hhcmVhYmlsaXR5IjogWwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiQUxMIgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIF0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgIF0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgICAiaWQiOiAiYXR0YWNrLXBhdHRlcm4tLTlhMjgwMjU1LWM3NzAtNGQ0Mi1hZTUwLWFmZjE4OTZlYmRlZCIsCiAgICAgICAgICAgICJ0eXBlIjogImF0dGFjay1wYXR0ZXJuIiwKICAgICAgICAgICAgImNyZWF0ZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm1vZGlmaWVkIjogIjIwMjMtMTItMDRUMjA6Mzg6MDQuMDAwWiIsCiAgICAgICAgICAgICJzcGVjX3ZlcnNpb24iOiAiMi4xIiwKICAgICAgICAgICAgImNyZWF0ZWRfYnlfcmVmIjogImlkZW50aXR5LS1iM2JjYTNjMi0xZjNkLTRiNTQtYjQ0Zi1kYWM0MmMzYThmMDEiLAogICAgICAgICAgICAibmFtZSI6ICJDcmVkZW50aWFsIEFjY2VzcyAtIEJydXRlIEZvcmNlIFtUMTExMF0iLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgImlkIjogImluZGljYXRvci0tYjQwOTdkMDQtNDA4YS00Mjc5LWFhYzQtNDBhZTNkZDA3MTBmIiwKICAgICAgICAgICAgInR5cGUiOiAiaW5kaWNhdG9yIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAicGF0dGVybl90eXBlIjogInN0aXgiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm9iamVjdF9tYXJraW5nX3JlZnMiOiBbCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS00NzkwODFjOC0zYTYwLTRlYjgtYjQxMC05NmEzMGYzOTVkZWYiLAogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNjEzZjJlMjYtNDA3ZC00OGM3LTllY2EtYjhlOTFkZjk5ZGM5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAibmFtZSI6ICJGaWxlIEluZGljYXRvciIsCiAgICAgICAgICAgICJpbmRpY2F0b3JfdHlwZXMiOiBbCiAgICAgICAgICAgICAgICAibWFsaWNpb3VzLWFjdGl2aXR5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAidmFsaWRfZnJvbSI6ICIyMDIzLTA5LTEzVDAwOjAwOjAwWiIsCiAgICAgICAgICAgICJwYXR0ZXJuIjogIltmaWxlOmhhc2hlcy4nU0hBLTI1NicgPSAnNDQwQjUzODVEMzgzOEUzRjZCQzIxMjIwQ0FBODNCNjVDRDVGMzYxOERBRUE2NzZGMjcxQzM2NzE2NTBDRTlBMyddIiwKICAgICAgICAgICAgImNyZWF0ZWRfYnlfcmVmIjogImlkZW50aXR5LS1iM2JjYTNjMi0xZjNkLTRiNTQtYjQ0Zi1kYWM0MmMzYThmMDEiCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAgICJpZCI6ICJpbmRpY2F0b3ItLTk1YTgzOTMyLTZlN2EtNDAyNC1iM2Y1LWQ4NzhkNzhmZDFkMCIsCiAgICAgICAgICAgICJ0eXBlIjogImluZGljYXRvciIsCiAgICAgICAgICAgICJzcGVjX3ZlcnNpb24iOiAiMi4xIiwKICAgICAgICAgICAgInBhdHRlcm5fdHlwZSI6ICJzdGl4IiwKICAgICAgICAgICAgImNyZWF0ZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm1vZGlmaWVkIjogIjIwMjMtMTItMDRUMjA6Mzg6MDQuMDAwWiIsCiAgICAgICAgICAgICJvYmplY3RfbWFya2luZ19yZWZzIjogWwogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNDc5MDgxYzgtM2E2MC00ZWI4LWI0MTAtOTZhMzBmMzk1ZGVmIiwKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTYxM2YyZTI2LTQwN2QtNDhjNy05ZWNhLWI4ZTkxZGY5OWRjOSIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm5hbWUiOiAiRmlsZSBJbmRpY2F0b3IiLAogICAgICAgICAgICAiaW5kaWNhdG9yX3R5cGVzIjogWwogICAgICAgICAgICAgICAgIm1hbGljaW91cy1hY3Rpdml0eSIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInZhbGlkX2Zyb20iOiAiMjAyMy0wOS0xM1QwMDowMDowMFoiLAogICAgICAgICAgICAicGF0dGVybiI6ICJbZmlsZTpoYXNoZXMuJ1NIQS0xJyA9ICc2NkFFMjE1NzFGQUVFMUUyNTg1NDkwNzgxNDQzMjVEQzlERDYwMzAzJ10iLAogICAgICAgICAgICAiY3JlYXRlZF9ieV9yZWYiOiAiaWRlbnRpdHktLWIzYmNhM2MyLTFmM2QtNGI1NC1iNDRmLWRhYzQyYzNhOGYwMSIKICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgImlkIjogImluZGljYXRvci0tZWI4MjU3ODctNWNmMy00MjNhLWFlYzktNDJkNjExY2M2MWUxIiwKICAgICAgICAgICAgInR5cGUiOiAiaW5kaWNhdG9yIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAicGF0dGVybl90eXBlIjogInN0aXgiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm9iamVjdF9tYXJraW5nX3JlZnMiOiBbCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS00NzkwODFjOC0zYTYwLTRlYjgtYjQxMC05NmEzMGYzOTVkZWYiLAogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNjEzZjJlMjYtNDA3ZC00OGM3LTllY2EtYjhlOTFkZjk5ZGM5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAibmFtZSI6ICJJUHY0IEluZGljYXRvciIsCiAgICAgICAgICAgICJpbmRpY2F0b3JfdHlwZXMiOiBbCiAgICAgICAgICAgICAgICAibWFsaWNpb3VzLWFjdGl2aXR5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAidmFsaWRfZnJvbSI6ICIyMDIzLTA5LTEzVDAwOjAwOjAwWiIsCiAgICAgICAgICAgICJwYXR0ZXJuIjogIltpcHY0LWFkZHI6dmFsdWUgPSAnMTc4LjE2Mi4yMjcuMTgwJ10iLAogICAgICAgICAgICAiY3JlYXRlZF9ieV9yZWYiOiAiaWRlbnRpdHktLWIzYmNhM2MyLTFmM2QtNGI1NC1iNDRmLWRhYzQyYzNhOGYwMSIKICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgImlkIjogImluZGljYXRvci0tNjk1YWZlODQtN2ViNi00MDA0LWE3ZTEtMmFkODBiZmE1MTMxIiwKICAgICAgICAgICAgInR5cGUiOiAiaW5kaWNhdG9yIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAicGF0dGVybl90eXBlIjogInN0aXgiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm9iamVjdF9tYXJraW5nX3JlZnMiOiBbCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS00NzkwODFjOC0zYTYwLTRlYjgtYjQxMC05NmEzMGYzOTVkZWYiLAogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNjEzZjJlMjYtNDA3ZC00OGM3LTllY2EtYjhlOTFkZjk5ZGM5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAibmFtZSI6ICJGaWxlIEluZGljYXRvciIsCiAgICAgICAgICAgICJpbmRpY2F0b3JfdHlwZXMiOiBbCiAgICAgICAgICAgICAgICAibWFsaWNpb3VzLWFjdGl2aXR5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAidmFsaWRfZnJvbSI6ICIyMDIzLTA5LTEzVDAwOjAwOjAwWiIsCiAgICAgICAgICAgICJwYXR0ZXJuIjogIltmaWxlOmhhc2hlcy5NRDUgPSAnQkEyODRBNEI1MDhBN0FCRDgwNzBBNDI3Mzg2RTkzRTAnXSIsCiAgICAgICAgICAgICJjcmVhdGVkX2J5X3JlZiI6ICJpZGVudGl0eS0tYjNiY2EzYzItMWYzZC00YjU0LWI0NGYtZGFjNDJjM2E4ZjAxIgogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgICAiaWQiOiAiaW5kaWNhdG9yLS1iNzQzMTFmNS0wZmM0LTRmZGEtYTZjMy0zYTEzY2YxZDMwNjkiLAogICAgICAgICAgICAidHlwZSI6ICJpbmRpY2F0b3IiLAogICAgICAgICAgICAic3BlY192ZXJzaW9uIjogIjIuMSIsCiAgICAgICAgICAgICJwYXR0ZXJuX3R5cGUiOiAic3RpeCIsCiAgICAgICAgICAgICJjcmVhdGVkIjogIjIwMjMtMTItMDRUMjA6Mzg6MDQuMDAwWiIsCiAgICAgICAgICAgICJtb2RpZmllZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJuYW1lIjogIklQdjQgSW5kaWNhdG9yIiwKICAgICAgICAgICAgImluZGljYXRvcl90eXBlcyI6IFsKICAgICAgICAgICAgICAgICJtYWxpY2lvdXMtYWN0aXZpdHkiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJ2YWxpZF9mcm9tIjogIjIwMTgtMDUtMTRUMDA6MDA6MDBaIiwKICAgICAgICAgICAgInBhdHRlcm4iOiAiW2lwdjQtYWRkcjp2YWx1ZSA9ICcxODUuMTYyLjIzNS4yMDYnXSIsCiAgICAgICAgICAgICJjcmVhdGVkX2J5X3JlZiI6ICJpZGVudGl0eS0tYjNiY2EzYzItMWYzZC00YjU0LWI0NGYtZGFjNDJjM2E4ZjAxIgogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJyZWxhdGlvbnNoaXAiLAogICAgICAgICAgICAic3BlY192ZXJzaW9uIjogIjIuMSIsCiAgICAgICAgICAgICJpZCI6ICJyZWxhdGlvbnNoaXAtLTNkOGJiNDBmLTAxZWYtNDZmOS1hNWMwLTAwNGExMmU0MDE1NSIsCiAgICAgICAgICAgICJjcmVhdGVkX2J5X3JlZiI6ICJpZGVudGl0eS0tYjNiY2EzYzItMWYzZC00YjU0LWI0NGYtZGFjNDJjM2E4ZjAxIiwKICAgICAgICAgICAgImNyZWF0ZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm1vZGlmaWVkIjogIjIwMjMtMTItMDRUMjA6Mzg6MDQuMDAwWiIsCiAgICAgICAgICAgICJzb3VyY2VfcmVmIjogImlkZW50aXR5LS1iM2JjYTNjMi0xZjNkLTRiNTQtYjQ0Zi1kYWM0MmMzYThmMDEiLAogICAgICAgICAgICAicmVsYXRpb25zaGlwX3R5cGUiOiAibG9jYXRlZC1hdCIsCiAgICAgICAgICAgICJ0YXJnZXRfcmVmIjogImxvY2F0aW9uLS1lMmM4ODlhYS1iMGIxLTRmMDUtYjkwYy1hMGExYTE1NWRjNjIiLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgImlkIjogInJlcG9ydC0tYzU3OGNiNDQtZTQ0MC00ODZkLTgwYTQtOGNmNjI1NmMxZDUzIiwKICAgICAgICAgICAgInR5cGUiOiAicmVwb3J0IiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm5hbWUiOiAiQUEyMy0zMzVBOiBJUkdDLUFmZmlsaWF0ZWQgQ3liZXIgQWN0b3JzIEV4cGxvaXQgUExDcyBpbiBNdWx0aXBsZSBTZWN0b3JzLCBJbmNsdWRpbmcgVS5TLiBXYXRlciBhbmQgV2FzdGV3YXRlciBTeXN0ZW1zIEZhY2lsaXRpZXMiLAogICAgICAgICAgICAiZGVzY3JpcHRpb24iOiAiVGhlIEZlZGVyYWwgQnVyZWF1IG9mIEludmVzdGlnYXRpb24gKEZCSSksIEN5YmVyc2VjdXJpdHkgYW5kIEluZnJhc3RydWN0dXJlIFNlY3VyaXR5IEFnZW5jeSAoQ0lTQSksIE5hdGlvbmFsIFNlY3VyaXR5IEFnZW5jeSAoTlNBKSwgRW52aXJvbm1lbnRhbCBQcm90ZWN0aW9uIEFnZW5jeSAoRVBBKSwgYW5kIHRoZSBJc3JhZWwgTmF0aW9uYWwgQ3liZXIgRGlyZWN0b3JhdGUgKElOQ0QpXFx1MjAxNGhlcmVhZnRlciByZWZlcnJlZCAgdG8gIGFzIFwidGhlIGF1dGhvcmluZyBhZ2VuY2llc1wiIC0gYXJlIGRpc3NlbWluYXRpbmcgdGhpcyBqb2ludCBDeWJlcnNlY3VyaXR5IEFkdmlzb3J5IChDU0EpIHRvIGhpZ2hsaWdodCBjb250aW51ZWQgbWFsaWNpb3VzIGN5YmVyIGFjdGl2aXR5IGFnYWluc3Qgb3BlcmF0aW9uYWwgdGVjaG5vbG9neSBkZXZpY2VzIGJ5IElyYW5pYW4gR292ZXJubWVudCBJc2xhbWljIFJldm9sdXRpb25hcnkgR3VhcmQgQ29ycHMgSVJHQyktYWZmaWxpYXRlZCBBZHZhbmNlZCBQZXJzaXN0ZW50IFRocmVhdCAoQVBUKSBjeWJlciBhY3RvcnMuIFxyXG5cclxuVGhlIElSR0MgaXMgYW4gSXJhbmlhbiBtaWxpdGFyeSBvcmdhbml6YXRpb24gdGhhdCB0aGUgVW5pdGVkIFN0YXRlcyBkZXNpZ25hdGVkIGFzIGEgZm9yZWlnbiB0ZXJyb3Jpc3Qgb3JnYW5pemF0aW9uIGluIDIwMTkuIElSR0MtYWZmaWxpYXRlZCBjeWJlciBhY3RvcnMgdXNpbmcgdGhlIHBlcnNvbmEgXFx1MjAxY0N5YmVyQXYzbmdlcnNcXHUyMDFkIGFyZSBhY3RpdmVseSB0YXJnZXRpbmcgYW5kIGNvbXByb21pc2luZyBJc3JhZWxpLW1hZGUgVW5pdHJvbmljcyBWaXNpb24gU2VyaWVzIHByb2dyYW1tYWJsZSBsb2dpYyBjb250cm9sbGVycyAgKFBMQ3MpLiBUaGVzZSBQTENzIGFyZSBjb21tb25seSB1c2VkIGluIHRoZSBXYXRlciBhbmQgV2FzdGV3YXRlciBTeXN0ZW1zIChXV1MpIFNlY3RvciBhbmQgYXJlIGFkZGl0aW9uYWxseSB1c2VkIGluIG90aGVyIGluZHVzdHJpZXMgaW5jbHVkaW5nLCBidXQgbm90IGxpbWl0ZWQgdG8sIGVuZXJneSwgZm9vZCBhbmQgYmV2ZXJhZ2UgbWFudWZhY3R1cmluZywgYW5kIGhlYWx0aGNhcmUuIFRoZSBQTENzIG1heSBiZSByZWJyYW5kZWQgYW5kIGFwcGVhciBhcyBkaWZmZXJlbnQgbWFudWZhY3R1cmVycyBhbmQgY29tcGFuaWVzLiBJbiBhZGRpdGlvbiB0byB0aGUgcmVjZW50IENJU0EgQWxlcnQsIHRoZSBhdXRob3JpbmcgYWdlbmNpZXMgYXJlIHJlbGVhc2luZyB0aGlzIGpvaW50IENTQSB0byBzaGFyZSBpbmRpY2F0b3JzIG9mIGNvbXByb21pc2UgKElPQ3MpIGFuZCB0YWN0aWNzLCB0ZWNobmlxdWVzLCBhbmQgcHJvY2VkdXJlcyAoVFRQcykgYXNzb2NpYXRlZCB3aXRoIElSR0MgY3liZXIgb3BlcmF0aW9ucy5cclxuIiwKICAgICAgICAgICAgInB1Ymxpc2hlZCI6ICIyMDIzLTEyLTAyVDAwOjAwOjAwWiIsCiAgICAgICAgICAgICJjcmVhdGVkX2J5X3JlZiI6ICJpZGVudGl0eS0tYjNiY2EzYzItMWYzZC00YjU0LWI0NGYtZGFjNDJjM2E4ZjAxIiwKICAgICAgICAgICAgIm9iamVjdF9yZWZzIjogWwogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNDc5MDgxYzgtM2E2MC00ZWI4LWI0MTAtOTZhMzBmMzk1ZGVmIiwKICAgICAgICAgICAgICAgICJhdHRhY2stcGF0dGVybi0tOWEyODAyNTUtYzc3MC00ZDQyLWFlNTAtYWZmMTg5NmViZGVkIiwKICAgICAgICAgICAgICAgICJpbmRpY2F0b3ItLWI0MDk3ZDA0LTQwOGEtNDI3OS1hYWM0LTQwYWUzZGQwNzEwZiIsCiAgICAgICAgICAgICAgICAiaW5kaWNhdG9yLS05NWE4MzkzMi02ZTdhLTQwMjQtYjNmNS1kODc4ZDc4ZmQxZDAiLAogICAgICAgICAgICAgICAgImluZGljYXRvci0tZWI4MjU3ODctNWNmMy00MjNhLWFlYzktNDJkNjExY2M2MWUxIiwKICAgICAgICAgICAgICAgICJpbmRpY2F0b3ItLTY5NWFmZTg0LTdlYjYtNDAwNC1hN2UxLTJhZDgwYmZhNTEzMSIsCiAgICAgICAgICAgICAgICAiaW5kaWNhdG9yLS1iNzQzMTFmNS0wZmM0LTRmZGEtYTZjMy0zYTEzY2YxZDMwNjkiLAogICAgICAgICAgICAgICAgInJlbGF0aW9uc2hpcC0tM2Q4YmI0MGYtMDFlZi00NmY5LWE1YzAtMDA0YTEyZTQwMTU1IgogICAgICAgICAgICBdLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0KICAgICAgICB9CiAgICBdCn0="
},
{
"type": "text",
"object_relation": "format",
"value": "STIX 2.1",
"category": "Other",
"uuid": "a8bc59ca-67e3-4e50-acd3-c1867a2acc3c"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "original-imported-file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--157412c1-046a-4e74-99f8-84a148792839",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T07:54:14.000Z",
"modified": "2023-12-05T07:54:14.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://www.cisa.gov/sites/default/files/2023-12/AA23-335A-IRGC-Affiliated-Cyber-Actors-Exploit-PLCs-in-Multiple-Sectors-Including-US-Water-and-Wastewater-Systems-Facilities.stix_.json",
"category": "External analysis",
"uuid": "c6fbcbef-c300-445b-85d0-025c748f5545"
},
{
"type": "text",
"object_relation": "summary",
"value": "The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)\\\\u2014hereafter referred to as \"the authoring agencies\" - are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors. \\r\\n\\r\\nThe IRGC is an Iranian military organization that the United States designated as a foreign terrorist organization in 2019. IRGC-affiliated cyber actors using the persona \\\\u201cCyberAv3ngers\\\\u201d are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs). These PLCs are commonly used in the Water and Wastewater Systems (WWS) Sector and are additionally used in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare. The PLCs may be rebranded and appear as different manufacturers and companies. In addition to the recent CISA Alert, the authoring agencies are releasing this joint CSA to share indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with IRGC cyber operations.\\r\\n",
"category": "Other",
"uuid": "548e3b68-36bd-4297-b825-3cadd87fc1c7"
}
],
"x_misp_comment": "\"AA23-335A: IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities",
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink