188 lines
No EOL
22 KiB
JSON
188 lines
No EOL
22 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "0",
|
|
"date": "2023-12-05",
|
|
"extends_uuid": "",
|
|
"info": "AA23-335A: IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities",
|
|
"publish_timestamp": "1701766166",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1701762854",
|
|
"uuid": "c578cb44-e440-486d-80a4-8cf6256c1d53",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#2e2c61",
|
|
"local": "0",
|
|
"name": "misp-galaxy:stix-2.1-attack-pattern=\"9a280255-c770-4d42-ae50-aff1896ebded\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"local": "0",
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:clear",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"first_seen": "2023-09-13T00:00:00+00:00",
|
|
"timestamp": "1701722284",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b4097d04-408a-4279-aac4-40ae3dd0710f",
|
|
"value": "440b5385d3838e3f6bc21220caa83b65cd5f3618daea676f271c3671650ce9a3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"first_seen": "2023-09-13T00:00:00+00:00",
|
|
"timestamp": "1701722284",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "95a83932-6e7a-4024-b3f5-d878d78fd1d0",
|
|
"value": "66ae21571faee1e258549078144325dc9dd60303"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"first_seen": "2023-09-13T00:00:00+00:00",
|
|
"timestamp": "1701722284",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "eb825787-5cf3-423a-aec9-42d611cc61e1",
|
|
"value": "178.162.227.180"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"first_seen": "2023-09-13T00:00:00+00:00",
|
|
"timestamp": "1701722284",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "695afe84-7eb6-4004-a7e1-2ad80bfa5131",
|
|
"value": "ba284a4b508a7abd8070a427386e93e0"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"first_seen": "2018-05-14T00:00:00+00:00",
|
|
"timestamp": "1701722284",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "b74311f5-0fc4-4fda-a6c3-3a13cf1d3069",
|
|
"value": "185.162.235.206"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Object describing the original file used to import data in MISP.",
|
|
"meta-category": "file",
|
|
"name": "original-imported-file",
|
|
"template_uuid": "4cd560e9-2cfe-40a1-9964-7b2e797ecac5",
|
|
"template_version": "2",
|
|
"timestamp": "1701762533",
|
|
"uuid": "0025bc8f-1af0-48a6-9534-e82af80ee21c",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"data": "ewogICAgInR5cGUiOiAiYnVuZGxlIiwKICAgICJpZCI6ICJidW5kbGUtLTk0MDVhYWFlLWNmMDAtNDAzMC1hMzI2LTcwYjk2ZWE2YmJiNSIsCiAgICAib2JqZWN0cyI6IFsKICAgICAgICB7CiAgICAgICAgICAgICJpZCI6ICJsb2NhdGlvbi0tZTJjODg5YWEtYjBiMS00ZjA1LWI5MGMtYTBhMWExNTVkYzYyIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAidHlwZSI6ICJsb2NhdGlvbiIsCiAgICAgICAgICAgICJjb3VudHJ5IjogIlVTIiwKICAgICAgICAgICAgImFkbWluaXN0cmF0aXZlX2FyZWEiOiAiVVMtREMiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgImNyZWF0ZWRfYnlfcmVmIjogImlkZW50aXR5LS1iM2JjYTNjMi0xZjNkLTRiNTQtYjQ0Zi1kYWM0MmMzYThmMDEiLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAibWFya2luZy1kZWZpbml0aW9uIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAiaWQiOiAibWFya2luZy1kZWZpbml0aW9uLS00NzkwODFjOC0zYTYwLTRlYjgtYjQxMC05NmEzMGYzOTVkZWYiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTAzLTAyVDE2OjQ4OjU3Ljk1OVoiLAogICAgICAgICAgICAiZXh0ZW5zaW9ucyI6IHsKICAgICAgICAgICAgICAgICJleHRlbnNpb24tZGVmaW5pdGlvbi0tM2E2NTg4NGQtMDA1YS00MjkwLTgzMzUtY2IyZDc3OGE4M2NlIjogewogICAgICAgICAgICAgICAgICAgICJleHRlbnNpb25fdHlwZSI6ICJwcm9wZXJ0eS1leHRlbnNpb24iLAogICAgICAgICAgICAgICAgICAgICJpZGVudGlmaWVyIjogImlzYTpndWlkZS4xOTAwMS5BQ1MzLTllMGNkNTBlLTZlZmMtNDViMy04YTNkLWI2Mzc2NTQxYzljNSIsCiAgICAgICAgICAgICAgICAgICAgImNyZWF0ZV9kYXRlX3RpbWUiOiAiMjAyMy0wMy0wMlQxNjo0ODo1Ny45NTlaIiwKICAgICAgICAgICAgICAgICAgICAicmVzcG9uc2libGVfZW50aXR5X2N1c3RvZGlhbiI6ICJVU0EuREhTLk5DQ0lDIiwKICAgICAgICAgICAgICAgICAgICAicmVzcG9uc2libGVfZW50aXR5X29yaWdpbmF0b3IiOiAiVVNBLkRIUy5OQ0NJQyIsCiAgICAgICAgICAgICAgICAgICAgInBvbGljeV9yZWZlcmVuY2UiOiAidXJuOmlzYTpwb2xpY3k6YWNzOm5zOnYzLjA/cHJpdmRlZmF1bHQ9ZGVueSZzaGFyZWRlZmF1bHQ9cGVybWl0IiwKICAgICAgICAgICAgICAgICAgICAiY29udHJvbF9zZXQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJjbGFzc2lmaWNhdGlvbiI6ICJVIiwKICAgICAgICAgICAgICAgICAgICAgICAgImZvcm1hbF9kZXRlcm1pbmF0aW9uIjogWwogICAgICAgICAgICAgICAgICAgICAgICAgICAgIklORk9STUFUSU9OLURJUkVDVExZLVJFTEFURUQtVE8tQ1lCRVJTRUNVUklUWS1USFJFQVQiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIlBVQlJFTCIKICAgICAgICAgICAgICAgICAgICAgICAgXQogICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgImF1dGhvcml0eV9yZWZlcmVuY2UiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICJ1cm46aXNhOmF1dGhvcml0eTphaXMiCiAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAiYWNjZXNzX3ByaXZpbGVnZSI6IFsKICAgICAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInByaXZpbGVnZV9hY3Rpb24iOiAiQ0lTQVVTRVMiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgInJ1bGVfZWZmZWN0IjogInBlcm1pdCIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAicHJpdmlsZWdlX3Njb3BlIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJlbnRpdHkiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJBTEwiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAicGVybWl0dGVkX25hdGlvbmFsaXRpZXMiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJBTEwiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAicGVybWl0dGVkX29yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJBTEwiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAic2hhcmVhYmlsaXR5IjogWwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiQUxMIgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIF0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgIF0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgICAiaWQiOiAiYXR0YWNrLXBhdHRlcm4tLTlhMjgwMjU1LWM3NzAtNGQ0Mi1hZTUwLWFmZjE4OTZlYmRlZCIsCiAgICAgICAgICAgICJ0eXBlIjogImF0dGFjay1wYXR0ZXJuIiwKICAgICAgICAgICAgImNyZWF0ZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm1vZGlmaWVkIjogIjIwMjMtMTItMDRUMjA6Mzg6MDQuMDAwWiIsCiAgICAgICAgICAgICJzcGVjX3ZlcnNpb24iOiAiMi4xIiwKICAgICAgICAgICAgImNyZWF0ZWRfYnlfcmVmIjogImlkZW50aXR5LS1iM2JjYTNjMi0xZjNkLTRiNTQtYjQ0Zi1kYWM0MmMzYThmMDEiLAogICAgICAgICAgICAibmFtZSI6ICJDcmVkZW50aWFsIEFjY2VzcyAtIEJydXRlIEZvcmNlIFtUMTExMF0iLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgImlkIjogImluZGljYXRvci0tYjQwOTdkMDQtNDA4YS00Mjc5LWFhYzQtNDBhZTNkZDA3MTBmIiwKICAgICAgICAgICAgInR5cGUiOiAiaW5kaWNhdG9yIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAicGF0dGVybl90eXBlIjogInN0aXgiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm9iamVjdF9tYXJraW5nX3JlZnMiOiBbCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS00NzkwODFjOC0zYTYwLTRlYjgtYjQxMC05NmEzMGYzOTVkZWYiLAogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNjEzZjJlMjYtNDA3ZC00OGM3LTllY2EtYjhlOTFkZjk5ZGM5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAibmFtZSI6ICJGaWxlIEluZGljYXRvciIsCiAgICAgICAgICAgICJpbmRpY2F0b3JfdHlwZXMiOiBbCiAgICAgICAgICAgICAgICAibWFsaWNpb3VzLWFjdGl2aXR5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAidmFsaWRfZnJvbSI6ICIyMDIzLTA5LTEzVDAwOjAwOjAwWiIsCiAgICAgICAgICAgICJwYXR0ZXJuIjogIltmaWxlOmhhc2hlcy4nU0hBLTI1NicgPSAnNDQwQjUzODVEMzgzOEUzRjZCQzIxMjIwQ0FBODNCNjVDRDVGMzYxOERBRUE2NzZGMjcxQzM2NzE2NTBDRTlBMyddIiwKICAgICAgICAgICAgImNyZWF0ZWRfYnlfcmVmIjogImlkZW50aXR5LS1iM2JjYTNjMi0xZjNkLTRiNTQtYjQ0Zi1kYWM0MmMzYThmMDEiCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAgICJpZCI6ICJpbmRpY2F0b3ItLTk1YTgzOTMyLTZlN2EtNDAyNC1iM2Y1LWQ4NzhkNzhmZDFkMCIsCiAgICAgICAgICAgICJ0eXBlIjogImluZGljYXRvciIsCiAgICAgICAgICAgICJzcGVjX3ZlcnNpb24iOiAiMi4xIiwKICAgICAgICAgICAgInBhdHRlcm5fdHlwZSI6ICJzdGl4IiwKICAgICAgICAgICAgImNyZWF0ZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm1vZGlmaWVkIjogIjIwMjMtMTItMDRUMjA6Mzg6MDQuMDAwWiIsCiAgICAgICAgICAgICJvYmplY3RfbWFya2luZ19yZWZzIjogWwogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNDc5MDgxYzgtM2E2MC00ZWI4LWI0MTAtOTZhMzBmMzk1ZGVmIiwKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTYxM2YyZTI2LTQwN2QtNDhjNy05ZWNhLWI4ZTkxZGY5OWRjOSIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm5hbWUiOiAiRmlsZSBJbmRpY2F0b3IiLAogICAgICAgICAgICAiaW5kaWNhdG9yX3R5cGVzIjogWwogICAgICAgICAgICAgICAgIm1hbGljaW91cy1hY3Rpdml0eSIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInZhbGlkX2Zyb20iOiAiMjAyMy0wOS0xM1QwMDowMDowMFoiLAogICAgICAgICAgICAicGF0dGVybiI6ICJbZmlsZTpoYXNoZXMuJ1NIQS0xJyA9ICc2NkFFMjE1NzFGQUVFMUUyNTg1NDkwNzgxNDQzMjVEQzlERDYwMzAzJ10iLAogICAgICAgICAgICAiY3JlYXRlZF9ieV9yZWYiOiAiaWRlbnRpdHktLWIzYmNhM2MyLTFmM2QtNGI1NC1iNDRmLWRhYzQyYzNhOGYwMSIKICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgImlkIjogImluZGljYXRvci0tZWI4MjU3ODctNWNmMy00MjNhLWFlYzktNDJkNjExY2M2MWUxIiwKICAgICAgICAgICAgInR5cGUiOiAiaW5kaWNhdG9yIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAicGF0dGVybl90eXBlIjogInN0aXgiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm9iamVjdF9tYXJraW5nX3JlZnMiOiBbCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS00NzkwODFjOC0zYTYwLTRlYjgtYjQxMC05NmEzMGYzOTVkZWYiLAogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNjEzZjJlMjYtNDA3ZC00OGM3LTllY2EtYjhlOTFkZjk5ZGM5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAibmFtZSI6ICJJUHY0IEluZGljYXRvciIsCiAgICAgICAgICAgICJpbmRpY2F0b3JfdHlwZXMiOiBbCiAgICAgICAgICAgICAgICAibWFsaWNpb3VzLWFjdGl2aXR5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAidmFsaWRfZnJvbSI6ICIyMDIzLTA5LTEzVDAwOjAwOjAwWiIsCiAgICAgICAgICAgICJwYXR0ZXJuIjogIltpcHY0LWFkZHI6dmFsdWUgPSAnMTc4LjE2Mi4yMjcuMTgwJ10iLAogICAgICAgICAgICAiY3JlYXRlZF9ieV9yZWYiOiAiaWRlbnRpdHktLWIzYmNhM2MyLTFmM2QtNGI1NC1iNDRmLWRhYzQyYzNhOGYwMSIKICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgImlkIjogImluZGljYXRvci0tNjk1YWZlODQtN2ViNi00MDA0LWE3ZTEtMmFkODBiZmE1MTMxIiwKICAgICAgICAgICAgInR5cGUiOiAiaW5kaWNhdG9yIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAicGF0dGVybl90eXBlIjogInN0aXgiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm9iamVjdF9tYXJraW5nX3JlZnMiOiBbCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS00NzkwODFjOC0zYTYwLTRlYjgtYjQxMC05NmEzMGYzOTVkZWYiLAogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNjEzZjJlMjYtNDA3ZC00OGM3LTllY2EtYjhlOTFkZjk5ZGM5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAibmFtZSI6ICJGaWxlIEluZGljYXRvciIsCiAgICAgICAgICAgICJpbmRpY2F0b3JfdHlwZXMiOiBbCiAgICAgICAgICAgICAgICAibWFsaWNpb3VzLWFjdGl2aXR5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAidmFsaWRfZnJvbSI6ICIyMDIzLTA5LTEzVDAwOjAwOjAwWiIsCiAgICAgICAgICAgICJwYXR0ZXJuIjogIltmaWxlOmhhc2hlcy5NRDUgPSAnQkEyODRBNEI1MDhBN0FCRDgwNzBBNDI3Mzg2RTkzRTAnXSIsCiAgICAgICAgICAgICJjcmVhdGVkX2J5X3JlZiI6ICJpZGVudGl0eS0tYjNiY2EzYzItMWYzZC00YjU0LWI0NGYtZGFjNDJjM2E4ZjAxIgogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgICAiaWQiOiAiaW5kaWNhdG9yLS1iNzQzMTFmNS0wZmM0LTRmZGEtYTZjMy0zYTEzY2YxZDMwNjkiLAogICAgICAgICAgICAidHlwZSI6ICJpbmRpY2F0b3IiLAogICAgICAgICAgICAic3BlY192ZXJzaW9uIjogIjIuMSIsCiAgICAgICAgICAgICJwYXR0ZXJuX3R5cGUiOiAic3RpeCIsCiAgICAgICAgICAgICJjcmVhdGVkIjogIjIwMjMtMTItMDRUMjA6Mzg6MDQuMDAwWiIsCiAgICAgICAgICAgICJtb2RpZmllZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJuYW1lIjogIklQdjQgSW5kaWNhdG9yIiwKICAgICAgICAgICAgImluZGljYXRvcl90eXBlcyI6IFsKICAgICAgICAgICAgICAgICJtYWxpY2lvdXMtYWN0aXZpdHkiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJ2YWxpZF9mcm9tIjogIjIwMTgtMDUtMTRUMDA6MDA6MDBaIiwKICAgICAgICAgICAgInBhdHRlcm4iOiAiW2lwdjQtYWRkcjp2YWx1ZSA9ICcxODUuMTYyLjIzNS4yMDYnXSIsCiAgICAgICAgICAgICJjcmVhdGVkX2J5X3JlZiI6ICJpZGVudGl0eS0tYjNiY2EzYzItMWYzZC00YjU0LWI0NGYtZGFjNDJjM2E4ZjAxIgogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJyZWxhdGlvbnNoaXAiLAogICAgICAgICAgICAic3BlY192ZXJzaW9uIjogIjIuMSIsCiAgICAgICAgICAgICJpZCI6ICJyZWxhdGlvbnNoaXAtLTNkOGJiNDBmLTAxZWYtNDZmOS1hNWMwLTAwNGExMmU0MDE1NSIsCiAgICAgICAgICAgICJjcmVhdGVkX2J5X3JlZiI6ICJpZGVudGl0eS0tYjNiY2EzYzItMWYzZC00YjU0LWI0NGYtZGFjNDJjM2E4ZjAxIiwKICAgICAgICAgICAgImNyZWF0ZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm1vZGlmaWVkIjogIjIwMjMtMTItMDRUMjA6Mzg6MDQuMDAwWiIsCiAgICAgICAgICAgICJzb3VyY2VfcmVmIjogImlkZW50aXR5LS1iM2JjYTNjMi0xZjNkLTRiNTQtYjQ0Zi1kYWM0MmMzYThmMDEiLAogICAgICAgICAgICAicmVsYXRpb25zaGlwX3R5cGUiOiAibG9jYXRlZC1hdCIsCiAgICAgICAgICAgICJ0YXJnZXRfcmVmIjogImxvY2F0aW9uLS1lMmM4ODlhYS1iMGIxLTRmMDUtYjkwYy1hMGExYTE1NWRjNjIiLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgImlkIjogInJlcG9ydC0tYzU3OGNiNDQtZTQ0MC00ODZkLTgwYTQtOGNmNjI1NmMxZDUzIiwKICAgICAgICAgICAgInR5cGUiOiAicmVwb3J0IiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIwOjM4OjA0LjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMDozODowNC4wMDBaIiwKICAgICAgICAgICAgIm5hbWUiOiAiQUEyMy0zMzVBOiBJUkdDLUFmZmlsaWF0ZWQgQ3liZXIgQWN0b3JzIEV4cGxvaXQgUExDcyBpbiBNdWx0aXBsZSBTZWN0b3JzLCBJbmNsdWRpbmcgVS5TLiBXYXRlciBhbmQgV2FzdGV3YXRlciBTeXN0ZW1zIEZhY2lsaXRpZXMiLAogICAgICAgICAgICAiZGVzY3JpcHRpb24iOiAiVGhlIEZlZGVyYWwgQnVyZWF1IG9mIEludmVzdGlnYXRpb24gKEZCSSksIEN5YmVyc2VjdXJpdHkgYW5kIEluZnJhc3RydWN0dXJlIFNlY3VyaXR5IEFnZW5jeSAoQ0lTQSksIE5hdGlvbmFsIFNlY3VyaXR5IEFnZW5jeSAoTlNBKSwgRW52aXJvbm1lbnRhbCBQcm90ZWN0aW9uIEFnZW5jeSAoRVBBKSwgYW5kIHRoZSBJc3JhZWwgTmF0aW9uYWwgQ3liZXIgRGlyZWN0b3JhdGUgKElOQ0QpXFx1MjAxNGhlcmVhZnRlciByZWZlcnJlZCAgdG8gIGFzIFwidGhlIGF1dGhvcmluZyBhZ2VuY2llc1wiIC0gYXJlIGRpc3NlbWluYXRpbmcgdGhpcyBqb2ludCBDeWJlcnNlY3VyaXR5IEFkdmlzb3J5IChDU0EpIHRvIGhpZ2hsaWdodCBjb250aW51ZWQgbWFsaWNpb3VzIGN5YmVyIGFjdGl2aXR5IGFnYWluc3Qgb3BlcmF0aW9uYWwgdGVjaG5vbG9neSBkZXZpY2VzIGJ5IElyYW5pYW4gR292ZXJubWVudCBJc2xhbWljIFJldm9sdXRpb25hcnkgR3VhcmQgQ29ycHMgSVJHQyktYWZmaWxpYXRlZCBBZHZhbmNlZCBQZXJzaXN0ZW50IFRocmVhdCAoQVBUKSBjeWJlciBhY3RvcnMuIFxyXG5cclxuVGhlIElSR0MgaXMgYW4gSXJhbmlhbiBtaWxpdGFyeSBvcmdhbml6YXRpb24gdGhhdCB0aGUgVW5pdGVkIFN0YXRlcyBkZXNpZ25hdGVkIGFzIGEgZm9yZWlnbiB0ZXJyb3Jpc3Qgb3JnYW5pemF0aW9uIGluIDIwMTkuIElSR0MtYWZmaWxpYXRlZCBjeWJlciBhY3RvcnMgdXNpbmcgdGhlIHBlcnNvbmEgXFx1MjAxY0N5YmVyQXYzbmdlcnNcXHUyMDFkIGFyZSBhY3RpdmVseSB0YXJnZXRpbmcgYW5kIGNvbXByb21pc2luZyBJc3JhZWxpLW1hZGUgVW5pdHJvbmljcyBWaXNpb24gU2VyaWVzIHByb2dyYW1tYWJsZSBsb2dpYyBjb250cm9sbGVycyAgKFBMQ3MpLiBUaGVzZSBQTENzIGFyZSBjb21tb25seSB1c2VkIGluIHRoZSBXYXRlciBhbmQgV2FzdGV3YXRlciBTeXN0ZW1zIChXV1MpIFNlY3RvciBhbmQgYXJlIGFkZGl0aW9uYWxseSB1c2VkIGluIG90aGVyIGluZHVzdHJpZXMgaW5jbHVkaW5nLCBidXQgbm90IGxpbWl0ZWQgdG8sIGVuZXJneSwgZm9vZCBhbmQgYmV2ZXJhZ2UgbWFudWZhY3R1cmluZywgYW5kIGhlYWx0aGNhcmUuIFRoZSBQTENzIG1heSBiZSByZWJyYW5kZWQgYW5kIGFwcGVhciBhcyBkaWZmZXJlbnQgbWFudWZhY3R1cmVycyBhbmQgY29tcGFuaWVzLiBJbiBhZGRpdGlvbiB0byB0aGUgcmVjZW50IENJU0EgQWxlcnQsIHRoZSBhdXRob3JpbmcgYWdlbmNpZXMgYXJlIHJlbGVhc2luZyB0aGlzIGpvaW50IENTQSB0byBzaGFyZSBpbmRpY2F0b3JzIG9mIGNvbXByb21pc2UgKElPQ3MpIGFuZCB0YWN0aWNzLCB0ZWNobmlxdWVzLCBhbmQgcHJvY2VkdXJlcyAoVFRQcykgYXNzb2NpYXRlZCB3aXRoIElSR0MgY3liZXIgb3BlcmF0aW9ucy5cclxuIiwKICAgICAgICAgICAgInB1Ymxpc2hlZCI6ICIyMDIzLTEyLTAyVDAwOjAwOjAwWiIsCiAgICAgICAgICAgICJjcmVhdGVkX2J5X3JlZiI6ICJpZGVudGl0eS0tYjNiY2EzYzItMWYzZC00YjU0LWI0NGYtZGFjNDJjM2E4ZjAxIiwKICAgICAgICAgICAgIm9iamVjdF9yZWZzIjogWwogICAgICAgICAgICAgICAgIm1hcmtpbmctZGVmaW5pdGlvbi0tNDc5MDgxYzgtM2E2MC00ZWI4LWI0MTAtOTZhMzBmMzk1ZGVmIiwKICAgICAgICAgICAgICAgICJhdHRhY2stcGF0dGVybi0tOWEyODAyNTUtYzc3MC00ZDQyLWFlNTAtYWZmMTg5NmViZGVkIiwKICAgICAgICAgICAgICAgICJpbmRpY2F0b3ItLWI0MDk3ZDA0LTQwOGEtNDI3OS1hYWM0LTQwYWUzZGQwNzEwZiIsCiAgICAgICAgICAgICAgICAiaW5kaWNhdG9yLS05NWE4MzkzMi02ZTdhLTQwMjQtYjNmNS1kODc4ZDc4ZmQxZDAiLAogICAgICAgICAgICAgICAgImluZGljYXRvci0tZWI4MjU3ODctNWNmMy00MjNhLWFlYzktNDJkNjExY2M2MWUxIiwKICAgICAgICAgICAgICAgICJpbmRpY2F0b3ItLTY5NWFmZTg0LTdlYjYtNDAwNC1hN2UxLTJhZDgwYmZhNTEzMSIsCiAgICAgICAgICAgICAgICAiaW5kaWNhdG9yLS1iNzQzMTFmNS0wZmM0LTRmZGEtYTZjMy0zYTEzY2YxZDMwNjkiLAogICAgICAgICAgICAgICAgInJlbGF0aW9uc2hpcC0tM2Q4YmI0MGYtMDFlZi00NmY5LWE1YzAtMDA0YTEyZTQwMTU1IgogICAgICAgICAgICBdLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0KICAgICAgICB9CiAgICBdCn0=",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "imported-sample",
|
|
"timestamp": "1701762533",
|
|
"to_ids": false,
|
|
"type": "attachment",
|
|
"uuid": "63b59f7b-462d-4bdb-9861-b2de803a358c",
|
|
"value": "AA23-335A-IRGC-Affiliated-Cyber-Actors-Exploit-PLCs-in-Multiple-Sectors-Including-US-Water-and-Wastewater-Systems-Facilities.stix_.json"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "format",
|
|
"timestamp": "1701762533",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "a8bc59ca-67e3-4e50-acd3-c1867a2acc3c",
|
|
"value": "STIX 2.1"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "\"AA23-335A: IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities",
|
|
"deleted": false,
|
|
"description": "Metadata used to generate an executive level report",
|
|
"meta-category": "misc",
|
|
"name": "report",
|
|
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
|
|
"template_version": "7",
|
|
"timestamp": "1701762854",
|
|
"uuid": "157412c1-046a-4e74-99f8-84a148792839",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "link",
|
|
"timestamp": "1701762854",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "c6fbcbef-c300-445b-85d0-025c748f5545",
|
|
"value": "https://www.cisa.gov/sites/default/files/2023-12/AA23-335A-IRGC-Affiliated-Cyber-Actors-Exploit-PLCs-in-Multiple-Sectors-Including-US-Water-and-Wastewater-Systems-Facilities.stix_.json"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "summary",
|
|
"timestamp": "1701762854",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "548e3b68-36bd-4297-b825-3cadd87fc1c7",
|
|
"value": "The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)\\\\u2014hereafter referred to as \"the authoring agencies\" - are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors. \\r\\n\\r\\nThe IRGC is an Iranian military organization that the United States designated as a foreign terrorist organization in 2019. IRGC-affiliated cyber actors using the persona \\\\u201cCyberAv3ngers\\\\u201d are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs). These PLCs are commonly used in the Water and Wastewater Systems (WWS) Sector and are additionally used in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare. The PLCs may be rebranded and appear as different manufacturers and companies. In addition to the recent CISA Alert, the authoring agencies are releasing this joint CSA to share indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with IRGC cyber operations.\\r\\n"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |