{
  "Event": {
    "analysis": "1",
    "date": "2016-11-30",
    "extends_uuid": "",
    "info": "[Threat Intel] Shamoon 2: Return of the Disttrack Wipe",
    "protected": false,
    "publish_timestamp": "1772419759",
    "published": true,
    "threat_level_id": "2",
    "timestamp": "1772419757",
    "uuid": "cbc5a8d1-ca4c-4e84-af71-3ee5e4403d77",
    "Orgc": {
      "name": "Rectifyq",
      "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:clear",
        "relationship_type": ""
      },
      {
        "colour": "#004646",
        "local": false,
        "name": "type:OSINT",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:producer=\"Palo Alto\"",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:malpedia=\"DistTrack\"",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:target-information=\"Saudi Arabia\"",
        "relationship_type": ""
      },
      {
        "colour": "#49a260",
        "local": false,
        "name": "rectifyq:category=\"threat\"",
        "relationship_type": ""
      },
      {
        "colour": "#110041",
        "local": false,
        "name": "rectifyq:sub-category=\"malware-analysis\"",
        "relationship_type": ""
      },
      {
        "colour": "#190061",
        "local": false,
        "name": "rectifyq:topic=\"ics-ot\"",
        "relationship_type": ""
      },
      {
        "colour": "#d92121",
        "local": false,
        "name": "rectifyq:target=\"targeted\"",
        "relationship_type": ""
      },
      {
        "colour": "#31373d",
        "local": false,
        "name": "rectifyq:MY-relevancy=\"not-relevant\"",
        "relationship_type": ""
      },
      {
        "colour": "#dff146",
        "local": false,
        "name": "IT-impact-ICS",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:sector=\"Industrial\"",
        "relationship_type": ""
      },
      {
        "colour": "#b94b1d",
        "local": false,
        "name": "rectifyq:mitre-att&ck=\"none-from-src\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1771847972",
        "to_ids": false,
        "type": "link",
        "uuid": "f5340429-6b25-45e3-9e43-f18e21095f77",
        "value": "https://unit42.paloaltonetworks.com/unit42-shamoon-2-return-disttrack-wiper/"
      },
      {
        "category": "Payload delivery",
        "comment": "Disttrack Dropper",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1771848081",
        "to_ids": true,
        "type": "sha256",
        "uuid": "07d13685-69a3-4026-a12b-4fbfe079230e",
        "value": "47bb36cd2832a18b5ae951cf5a7d44fba6d8f5dca0a372392d40f51d1fe1ac34"
      },
      {
        "category": "Payload delivery",
        "comment": "Disttrack Dropper",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1771848081",
        "to_ids": true,
        "type": "sha256",
        "uuid": "8270e9cc-742f-445e-8e45-c85a964d7453",
        "value": "394a7ebad5dfc13d6c75945a61063470dc3b68f7a207613b79ef000e1990909b"
      },
      {
        "category": "Payload delivery",
        "comment": "Communication Components",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1771848081",
        "to_ids": true,
        "type": "sha256",
        "uuid": "1fc743a4-c16d-458a-afa3-e02179ed145e",
        "value": "772ceedbc2cacf7b16ae967de310350e42aa47e5cef19f4423220d41501d86a5"
      },
      {
        "category": "Payload delivery",
        "comment": "Communication Components",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1771848081",
        "to_ids": true,
        "type": "sha256",
        "uuid": "6f6e6f04-0f2c-42de-940e-8835e28287f3",
        "value": "61c1c8fc8b268127751ac565ed4abd6bdab8d2d0f2ff6074291b2d54b0228842"
      },
      {
        "category": "Payload delivery",
        "comment": "Wiper Components",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1771848081",
        "to_ids": true,
        "type": "sha256",
        "uuid": "08d8f5a4-c688-4612-a2a8-affa95d682a0",
        "value": "c7fc1f9c2bed748b50a599ee2fa609eb7c9ddaeb9cd16633ba0d10cf66891d8a"
      },
      {
        "category": "Payload delivery",
        "comment": "Wiper Components",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1771848081",
        "to_ids": true,
        "type": "sha256",
        "uuid": "753b6116-2c3d-4deb-82a1-d6f8cb48a6f1",
        "value": "128fa5815c6fee68463b18051c1a1ccdf28c599ce321691686b1efa4838a2acd"
      },
      {
        "category": "Payload delivery",
        "comment": "EldoS RawDisk Sample",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1771848081",
        "to_ids": true,
        "type": "sha256",
        "uuid": "511c14a3-ec62-444c-8b70-e34b46f30aed",
        "value": "5a826b4fa10891cf63aae832fc645ce680a483b915c608ca26cedbb173b1b80a"
      },
      {
        "category": "Payload delivery",
        "comment": "EldoS RawDisk Sample",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1771848081",
        "to_ids": true,
        "type": "sha256",
        "uuid": "d295c805-bb6b-4896-99fb-5f6bd10c98bd",
        "value": "4744df6ac02ff0a3f9ad0bf47b15854bbebb73c936dd02f7c79293a2828406f6"
      }
    ]
  }
}