{ "Event": { "analysis": "0", "date": "2023-11-01", "extends_uuid": "", "info": "[Threat Intel] The attack against Danish, critical infrastructure", "protected": false, "publish_timestamp": "1772407477", "published": true, "threat_level_id": "2", "timestamp": "1772407474", "uuid": "b56905a2-39f0-4d90-a4ee-4d679cdf82a6", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Denmark\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MooBot\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:botnet=\"Mirai\"", "relationship_type": "" }, { "colour": "#170057", "local": false, "name": "rectifyq:sub-category=\"critical-vuln\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772346029", "to_ids": false, "type": "link", "uuid": "969e688a-8f01-47b1-b8a0-ea1e6eccbddd", "value": "https://sektorcert.dk/wp-content/uploads/2023/11/SektorCERT-The-attack-against-Danish-critical-infrastructure-TLP-CLEAR.pdf" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352308", "to_ids": true, "type": "url", "uuid": "6f1129f4-7a0b-4f74-8a0e-f69f03afaec1", "value": "http://45.89.106.147:8080/mpsl", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352329", "to_ids": true, "type": "url", "uuid": "b7b8d3a5-dec7-4867-8d68-f7eaa1e7435a", "value": "http://45.89.106.147:8080/mips", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352351", "to_ids": true, "type": "url", "uuid": "64c3c399-d079-4af1-87f1-48a00c97fa15", "value": "http://145.239.54.169/mipskiller", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352372", "to_ids": true, "type": "url", "uuid": "d4a4d0f1-f9bd-4ba8-8899-abbdb6127c3c", "value": "http://176.124.32.84/mipskiller", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352394", "to_ids": true, "type": "url", "uuid": "b1e436f4-fba4-47d8-9b14-045790bd8a52", "value": "http://185.180.223.48/mipskiller", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352415", "to_ids": true, "type": "url", "uuid": "8343e964-7f15-49e2-8381-352631b2ff50", "value": "http://91.235.234.81/proxy2", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352437", "to_ids": true, "type": "url", "uuid": "9bd80698-1500-4762-b6e5-f934489a0f2a", "value": "http://205.147.101.170:82/fuckjewishpeople.mips", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352458", "to_ids": true, "type": "url", "uuid": "19d56bfc-0e34-4244-a114-e2c01dadbf73", "value": "http://45.128.232.143/bins/paraiso.mips", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352480", "to_ids": true, "type": "url", "uuid": "5845bed6-1824-49d2-82a4-65506781cdfc", "value": "http://45.128.232.143/bins/libcurl1337.mips", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352501", "to_ids": true, "type": "url", "uuid": "aaf51c65-606f-4263-a3d4-5bd52d837fa7", "value": "http://91.235.234.251/proxy1", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352522", "to_ids": true, "type": "hostname", "uuid": "6dd22eb3-fc4a-4cd3-b5ef-7a7a7687c913", "value": "www.joshan.pro", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352543", "to_ids": true, "type": "ip-dst", "uuid": "11557412-443c-4810-9775-ef20c0dd2c55", "value": "45.89.106.147", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352565", "to_ids": true, "type": "ip-dst", "uuid": "263442c1-2672-410f-a2f5-63fb3060fada", "value": "145.239.54.169", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352586", "to_ids": true, "type": "ip-dst", "uuid": "a96ea69f-ef7b-48f5-be21-7807da18f82d", "value": "176.124.32.84", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352607", "to_ids": true, "type": "ip-dst", "uuid": "bfc79732-c354-4cfb-845e-9a1c4e9d5fef", "value": "185.180.223.48", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352629", "to_ids": true, "type": "ip-dst", "uuid": "2e464f9b-2d12-4a2c-a5ec-03a73e1a040d", "value": "91.235.234.81", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352650", "to_ids": true, "type": "ip-dst", "uuid": "d306fc9a-ec5f-440c-9f49-cebb9ff17021", "value": "205.147.101.170", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352671", "to_ids": true, "type": "ip-dst", "uuid": "e72f0872-11ca-4117-9468-cd6c01dd8faf", "value": "45.128.232.143", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352692", "to_ids": true, "type": "ip-dst", "uuid": "145b2122-8f0b-45bc-8694-4cbf1ba04c32", "value": "91.235.234.251", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352715", "to_ids": true, "type": "ip-dst", "uuid": "ebf897c6-8973-4442-8762-f290ced9e120", "value": "46.8.198.196", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352736", "to_ids": true, "type": "ip-dst", "uuid": "5e4dd045-99c6-48ef-8557-870dd6985e05", "value": "156.241.86.2", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352757", "to_ids": true, "type": "ip-dst", "uuid": "1329eae4-5675-4f74-a9db-4834aa90d33a", "value": "185.44.81.147", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352779", "to_ids": true, "type": "ip-dst", "uuid": "1cc08d22-0a37-4298-a509-30bc3966750e", "value": "63.79.171.112", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352800", "to_ids": true, "type": "ip-dst", "uuid": "446c8ca0-d23d-4c83-8ab5-ac3afec62973", "value": "217.57.80.18", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352822", "to_ids": true, "type": "ip-dst", "uuid": "4b225d8d-1879-40f7-88a8-f15f8d4e6383", "value": "70.62.153.174", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772346065", "to_ids": false, "type": "vulnerability", "uuid": "695449b7-fb79-4121-a3f7-8a5ad85bffa6", "value": "CVE-2023-28771" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772346065", "to_ids": false, "type": "vulnerability", "uuid": "a954eaf0-5abb-4b41-af6b-d5a393b5c300", "value": "CVE-2023-33009" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772346065", "to_ids": false, "type": "vulnerability", "uuid": "1055b743-b6e6-41d2-8b68-d1842e2980aa", "value": "CVE-2023-33010" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772352844", "uuid": "5ec08a4a-6b6d-40a5-a474-81b3e5cbaddc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772352844", "to_ids": true, "type": "md5", "uuid": "6da66217-d4f3-4934-9f63-e406a1f691ff", "value": "5b0f10b36a240311305f7ef2bd19c810", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352098", "to_ids": true, "type": "sha1", "uuid": "5e1f85d9-ad9c-4c93-b542-e4ceb6b54299", "value": "6c2da04cd253e5dd43ace04f08df78e62147145b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352098", "to_ids": true, "type": "sha256", "uuid": "5341f2de-c44b-42eb-8048-b37fa0c81bb0", "value": "bc1a3ff3d3677593aca94c15c88f95623f12309057c77fb26d5145aac9afae39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351574", "to_ids": true, "type": "ssdeep", "uuid": "82cdf7b2-661a-4f4a-a92a-406b033d97ac", "value": "768:sD7fxbOUL+goKPsJtN1hCeF56eYOiKfrwwuaYbZdkWFXi2U7n/eYYTEOCwnJIk:snxbns8Y56vO82wZdn+n/nYTvnJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351574", "to_ids": false, "type": "size-in-bytes", "uuid": "edb5f816-cab6-4624-acee-ff4c704bdfdf", "value": "76384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351574", "to_ids": true, "type": "vhash", "uuid": "8cbe75e7-5e33-4954-b384-47803d1d8425", "value": "c1ef86abc11839d9ba3a64d8c7236f93" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351574", "to_ids": true, "type": "filename", "uuid": "7baa55e5-f0a5-4317-8891-f8beea777bde", "value": "6c2da04cd253e5dd43ace04f08df78e62147145b.bin" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 22/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351574", "to_ids": false, "type": "text", "uuid": "92826f61-924f-4665-b8ae-6502cef728ce", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Mirai.FM!MTB\nVT Total Detection:42/64\nFirst Submission:2023-05-29T18:34:16.000000+00:00\nLast Submission:2023-12-12T17:08:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772352865", "uuid": "03b3351e-8215-4710-901a-84db9a7fbf2b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772352865", "to_ids": true, "type": "md5", "uuid": "37c4e4da-391e-4ab0-a8b3-115ab605418b", "value": "9a7823686738571abf19707613155012", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352099", "to_ids": true, "type": "sha1", "uuid": "697bff64-9eb3-4552-a8cc-75a783da4ebf", "value": "cf8038258f60dbe2c6377420ba69772605538171", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352099", "to_ids": true, "type": "sha256", "uuid": "7c229dff-02e8-4202-b0de-de642d6dbbf3", "value": "a6a814fa4868d42a0b7f9ac1706ee52f61d4355c7832e9d220a1c36e1efb47a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351596", "to_ids": true, "type": "ssdeep", "uuid": "7ac53124-2dd5-4cdf-8fdb-4365d7a3ad0c", "value": "768:uOHdEN88rdOdkr06mCNddIgGg/vPQKTQCQmZzck7XDSWbT2tAjUv5yzmRef8yWRY:aL5N5gLazT7vLU5e/W6nJ9D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351596", "to_ids": false, "type": "size-in-bytes", "uuid": "acee6dd3-0775-474b-b0c7-cacbda8aecbd", "value": "76384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351596", "to_ids": true, "type": "vhash", "uuid": "805789c5-ed72-4b98-b197-48fea74679ce", "value": "b3ed1ec23d69201a8be98dee9cf11556" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351596", "to_ids": true, "type": "filename", "uuid": "8d15e3a9-8482-4ffe-a6d4-f216aca250f4", "value": "cf8038258f60dbe2c6377420ba69772605538171.bin" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 15/06/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351596", "to_ids": false, "type": "text", "uuid": "578b2cb0-b4c1-4274-8d2d-d489ebaf8b80", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Mirai.Y!MTB\nVT Total Detection:38/64\nFirst Submission:2023-05-12T02:13:24.000000+00:00\nLast Submission:2023-12-12T17:12:21.000000+00:00" } ] } ] } }