{ "Event": { "analysis": "1", "date": "2022-05-25", "extends_uuid": "", "info": "[Threat Intel] APT Cyber Tools Targeting ICS/SCADA Devices", "protected": false, "publish_timestamp": "1772407540", "published": true, "threat_level_id": "1", "timestamp": "1772407537", "uuid": "a6f5953f-c8b4-407d-a43a-e66e1b8f7a3c", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003f", "local": false, "name": "rectifyq:sub-category=\"tool-profile\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": "" }, { "colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772335246", "to_ids": false, "type": "link", "uuid": "608d1db3-bf8a-49d3-9466-bee7b09b1bae", "value": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-103a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772335561", "to_ids": false, "type": "other", "uuid": "f163cdc5-63a3-44a3-819c-ea293f607623", "value": "APT Tool for Schneider Electric ICS TTPs", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Block Command Message\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Block Reporting Message\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Command-Line Interface\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Commonly Used Port\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Destruction\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Default Credentials\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Denial of Control\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Denial of Service\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Denial of View\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Device Restart/Shutdown\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Availability\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Control\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Productivity and Revenue\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Manipulation of Control\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Modify Parameter\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Monitor Process State\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Program Download\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Program Upload\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Remote System Discovery\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Scripting\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Standard Application Layer Protocol\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"System Firmware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Theft of Operational Information\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Unauthorized Command Message\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Valid Accounts\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772335711", "to_ids": false, "type": "other", "uuid": "e60e47e5-8598-4c95-97be-87bba16ae332", "value": "APT Tool for OMRON ICS TTPs", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Command-Line Interface\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Commonly Used Port\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Damage to Property\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Default Credentials\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Detect Operating Mode\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Exploitation of Remote Services\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Safety\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Manipulation of Control\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Modify Control Logic\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Modify Parameter\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Monitor Process State\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Network Sniffing\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Program Download\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Program Upload\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Remote System Discovery\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Scripting\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Service Stop\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Standard Application Layer Protocol\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Theft of Operational Information\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Unauthorized Command Message\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Utilize/Change Operating Mode\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Valid Accounts\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772335778", "to_ids": false, "type": "other", "uuid": "b33832e9-7b95-4c46-9cb4-fc4c047444cd", "value": "APT Tool for OPC UA ICS TTPs", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Command-Line Interface\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Commonly Used Port\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Manipulate I/O Image\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Monitor Process State\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Point & Tag Identification\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Remote System Discovery\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Scripting\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Standard Application Layer Protocol\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Theft of Operational Information\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Valid Accounts\"", "relationship_type": "" } ] } ] } }