{"f422a443-4984-4df5-a8eb-233bbe1b3d8f": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Water\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006a", "local": false, "name": "rectifyq:topic=\"insider-threat\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Wireless Compromise\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Alarm Suppression\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Manipulation of Control\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Unauthorized Command Message\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Valid Accounts\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}], "info": "[Threat Intel] Malicious Control System Cyber Security Attack Case StudyMaroochy Water Services, Australia", "date": "2008-07-23", "analysis": 2, "threat_level_id": 2, "timestamp": 1772398524}, "7341b785-36f7-4bf1-a3f7-66bbac62fa02": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Stuxnet\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": ""}, {"colour": "#150052", "local": false, "name": "rectifyq:sub-category=\"zero-day\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"denmark\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#8de1e8", "local": false, "name": "SANS-ICS515", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}], "info": "[Threat Intel] W32.Stuxnet Dossier", "date": "2011-02-01", "analysis": 1, "threat_level_id": 1, "timestamp": 1772398632}, "ff7d66c2-c57e-4cf1-807e-7903a3a56a56": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#150052", "local": false, "name": "rectifyq:sub-category=\"zero-day\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Stuxnet\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Stuxnet Under the Microscope", "date": "2010-10-20", "analysis": 1, "threat_level_id": 1, "timestamp": 1772398650}, "2955667f-2a0e-4521-9158-38b978e36046": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DistTrack\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] The Shamoon Attacks", "date": "2012-08-16", "analysis": 1, "threat_level_id": 1, "timestamp": 1772419207}, "d9380b93-f7a5-4e7f-b3ca-fdd9b4ea8a29": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003f", "local": false, "name": "rectifyq:sub-category=\"tool-profile\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] S4x13 Releases: S7 password offline bruteforce tool", "date": "2013-01-16", "analysis": 2, "threat_level_id": 3, "timestamp": 1772419810}, "b250cb46-e5e9-4f0b-881a-9ffb7ec4e84a": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Stuxnet\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Stuxnet Malware Mitigation (Update B)", "date": "2014-01-08", "analysis": 1, "threat_level_id": 1, "timestamp": 1772419222}, "1e8c927a-17b3-4f22-8843-073507adea01": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Stuxnet\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"israel\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": ""}, {"colour": "#150052", "local": false, "name": "rectifyq:sub-category=\"zero-day\"", "relationship_type": ""}, {"colour": "#7f009f", "local": false, "name": "ms-caro-malware:malware-platform=\"WinNT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Damage to Property\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Replication Through Removable Media\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Rootkit\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Stuxnet\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Debugger Evasion - T1622\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#8de1e8", "local": false, "name": "SANS-ICS515", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}], "info": "[Threat Intel] Stuxnet Facts Report. A Technical and Strategic Analysis", "date": "2018-10-01", "analysis": 2, "threat_level_id": 1, "timestamp": 1772419514}, "5cf8b108-ced8-41a2-8e0b-400278cdfc76": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Petrochemical\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Venezuela\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Destruction\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Productivity and Revenue\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Field Controller/RTU/PLC/IED\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#8de1e8", "local": false, "name": "SANS-ICS515", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Hackers Shut Down Crude Oil Loading Terminal For 8 Hours", "date": "2010-08-17", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419543}, "58a08b1b-a911-4f45-ab3d-ce9d5c1b5973": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"WithSecure\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Havex RAT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CrowdStrike\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"ENERGETIC BEAR\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Backdoor.Oldrea, Havex\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Automated Collection\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Denial of Service\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Location Identification\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Point & Tag Identification\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Remote System Discovery\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Role Identification\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Spearphishing Attachment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Supply Chain Compromise\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"User Execution\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"russia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}], "info": "[Threat Intel] Havex Hunts For ICS/SCADA Systems", "date": "2014-06-23", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419460}, "fc7a92cc-88f9-44c5-ba91-8b263e40c322": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"ENERGETIC BEAR\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Greece\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Romania\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Serbia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Havex RAT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Dragonfly\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Backdoor.Oldrea, Havex\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Dragonfly: Cyberespionage Attacks Against Energy Suppliers", "date": "2014-07-07", "analysis": 1, "threat_level_id": 2, "timestamp": 1772420101}, "c83dd79e-930c-4ffb-800a-d3fa607ca0fb": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Azerbaijan\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Belarus\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Croatia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Kuwait\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Kyrgyzstan\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Libya\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Lithuania\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] BE2 custom plugins, router abuse, and target profiles", "date": "2014-11-03", "analysis": 1, "threat_level_id": 2, "timestamp": 1772420116}, "b52f8666-741c-436e-9ffd-bd7399117055": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Recorded Future\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Sandworm\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Human-Machine Interface\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#8de1e8", "local": false, "name": "SANS-ICS515", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Sandworm to Blacken: The SCADA Connection", "date": "2014-10-16", "analysis": 1, "threat_level_id": 1, "timestamp": 1772419880}, "4aa91a18-4394-4d2d-94f8-8fdf24177882": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"georgia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"russia\"", "relationship_type": ""}, {"colour": "#8de1e8", "local": false, "name": "SANS-ICS515", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Alarm Suppression\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Control\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of View\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Manipulation of Control\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Media report of the Baku-Tbilisi-Ceyhan (BTC) pipeline Cyber Attack", "date": "2014-12-20", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419581}, "a28abebe-0645-450e-9b9b-e9e998e5076c": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Steel\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Spearphishing Attachment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Damage to Property\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Control\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] German Steel Mill Cyber Attack", "date": "2014-12-30", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419611}, "4347d922-e92b-4716-886b-3a2398084cbc": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"WithSecure\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Georgia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Railway\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] BLACKENERGY & QUEDAGH", "date": "2015-01-01", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419790}, "c1d9af5e-2f14-4d65-9517-74c5c387ed0c": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] BE2 extraordinary plugins, Siemens targeting, dev fails", "date": "2015-02-17", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419927}, "46e7d2b9-de11-41fd-bbf6-d600ccf59186": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"News - Media\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry", "date": "2016-01-03", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419620}, "783a3e07-e762-42be-b3a9-61e5d98665e7": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#8de1e8", "local": false, "name": "SANS-ICS515", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Hacktivist\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Field Controller/RTU/PLC/IED\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Analysis of the recent reports of attacks on US infrastructure by Iranian Actors", "date": "2016-01-05", "analysis": 1, "threat_level_id": 1, "timestamp": 1772419486}, "8079695d-837f-4bda-9ca4-5c46f3b89102": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Google Cloud Blog\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Availability\"", "relationship_type": ""}, {"colour": "#8de1e8", "local": false, "name": "SANS-ICS515", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Human-Machine Interface\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"External Remote Services\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Control\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Spearphishing Attachment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"KillDisk\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Block Command Message\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Block Serial COM\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Command-Line Interface\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Commonly Used Port\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Destruction\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Denial of Control\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Denial of View\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Indicator Removal on Host\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Masquerading\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Network Connection Enumeration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Network Service Scanning\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Remote File Copy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Remote System Discovery\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Scripting\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"System Firmware\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Unauthorized Command Message\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"User Execution\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Valid Accounts\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}], "info": "[Threat Intel] Sandworm Team and the Ukrainian Power Authority Attacks (UKRAINE 2015 CYBER ATTACK)", "date": "2016-01-07", "analysis": 0, "threat_level_id": 1, "timestamp": 1772419195}, "c7d9bc60-0375-43b2-9d52-2e3b930ec32b": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents", "date": "2016-01-28", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419870}, "d45a4b0b-0a4f-4ad8-8690-2026a192e010": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Cutting Kitten\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Denial of Service - T1498\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Infrastructure\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Manipulation of Control\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] CONSPIRACY TO COMMIT COMPUTER HACKING - ITSEC TEAM", "date": "2016-03-24", "analysis": 1, "threat_level_id": 1, "timestamp": 1772419632}, "b1578753-ad30-4423-b0c2-d09353a59fe3": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"KillDisk\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] BlackEnergy - Malware for Cyber-Physical Attacks", "date": "2016-05-01", "analysis": 2, "threat_level_id": 4, "timestamp": 1772419862}, "a46eea22-de83-40b8-a2a9-f53ebfc17443": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Control Server\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems", "date": "2016-06-02", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419494}, "7af3faec-22b0-42be-9b4b-fefa49f9fb66": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] BLACKENERGY \u2013 WHAT WE REALLY KNOW ABOUT THE NOTORIOUS CYBER ATTACKS", "date": "2016-10-01", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419748}, "cbc5a8d1-ca4c-4e84-af71-3ee5e4403d77": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Palo Alto\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DistTrack\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Shamoon 2: Return of the Disttrack Wipe", "date": "2016-11-30", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419757}, "36469906-8e4b-4708-94d4-5770f4183256": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"KillDisk\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Block Command Message\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Block Serial COM\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Command-Line Interface\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Commonly Used Port\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Destruction\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Denial of Control\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Denial of View\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"External Remote Services\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Indicator Removal on Host\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Availability\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Masquerading\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Network Connection Enumeration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Network Service Scanning\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Remote File Copy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Remote System Discovery\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Scripting\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Spearphishing Attachment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"System Firmware\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Unauthorized Command Message\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"User Execution\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Valid Accounts\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] WHEN THE LIGHTS WENT OUT -  A COMPREHENSIVE REVIEW OF THE 2015 ATTACKS ON UKRAINIAN CRITICAL INFRASTRUCTURE", "date": "2017-01-01", "analysis": 1, "threat_level_id": 1, "timestamp": 1772419852}, "e32bb008-f6ad-47f4-b788-968aeeb490e6": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"data-breach\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] The Ukrainian Power Grid Was Hacked Again", "date": "2017-01-10", "analysis": 1, "threat_level_id": 1, "timestamp": 1772419818}, "c4cbd621-d045-46f8-b5a8-1ff6def9ac51": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BrickerBot\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] BrickerBot Permanent Denial-of-Service Attack (Update A)", "date": "2017-04-18", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419801}, "3552e71b-675c-4291-afbf-8399ac6af719": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Industroyer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Industroyer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Industroyer: Biggest threat to industrial control systems since Stuxnet", "date": "2017-06-12", "analysis": 1, "threat_level_id": 1, "timestamp": 1772419917}, "40973d6f-3aef-4204-a9fe-9f9df4f5cef2": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Dragos\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Industroyer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Industroyer\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Destruction\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Control\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of View\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] CRASHOVERRIDE Analyzing the Threat to Electric Grid Operations", "date": "2017-06-13", "analysis": 1, "threat_level_id": 1, "timestamp": 1772419957}, "c8cd9765-2ca6-4118-9b2a-42baa8bade7c": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Industroyer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Industroyer\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"russia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Denial of Service\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Device Restart/Shutdown\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Manipulation of Control\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Network Connection Enumeration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Network Service Scanning\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}], "info": "[Threat Intel] CRASHOVERRIDE Malware", "date": "2017-07-25", "analysis": 1, "threat_level_id": 1, "timestamp": 1772419178}, "20eb62ea-ea54-40ab-ac66-8c8e32a1b539": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Destruction\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Denial of Service\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"User Execution\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Industroyer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Industroyer\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] ICS Defense Use Case No. 6: Modular ICS Malware", "date": "2017-08-02", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419903}, "d5fd014a-aa75-47aa-8968-58e4668bae94": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT33\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Civil Aviation\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Petrochemical\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"APT33\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware", "date": "2017-09-20", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419525}, "8d2fb70e-3149-4ef3-be81-4160444cb137": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"ENERGETIC BEAR\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Switzerland\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Dragonfly 2.0\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Dragonfly: Western energy sector targeted by sophisticated attack group", "date": "2017-10-20", "analysis": 1, "threat_level_id": 2, "timestamp": 1772419777}, "5c808df0-e02a-402f-a8f5-e00cdfe8dede": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Cisco Talos Intelligence Group\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Civil Aviation\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Infrastructure\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Transport\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Petya\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Bad Rabbit, Diskcoder.D\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"NotPetya\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"EternalPetya\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Bad Rabbit: Not-Petya is back with improved ransomware", "date": "2017-10-24", "analysis": 1, "threat_level_id": 2, "timestamp": 1772423860}, "8fc6d517-39ba-4bf9-b526-503705f47fc9": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Dragos\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Triton\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Triton\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Acquire and/or use 3rd party infrastructure services - T1329\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic DNS - T1311\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Image File Execution Options Injection - T1183\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1076\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1099\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Uncommonly Used Port - T1065\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}], "info": "[Threat Intel] Attackers Deploy New ICS Attack Framework \"TRITON\" and Cause Operational Disruption to Critical Infrastructure", "date": "2017-12-13", "analysis": 1, "threat_level_id": 1, "timestamp": 1772419001}, "5f1bc9f7-fc74-407e-bff2-c40ed39e129d": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"russia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#3600cf", "local": false, "name": "rectifyq:detection-rules=\"snort-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Human-Machine Interface\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors", "date": "2018-03-16", "analysis": 1, "threat_level_id": 1, "timestamp": 1772418915}, "229e949b-88b8-4351-8b4c-9d3f134af1a8": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#FFC000", "local": false, "name": "tlp:amber", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Dragos\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Gozi\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Snifula\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] TR-2018-25: PHISHING CAMPAIGN TARGETING ELECTRIC UTILITY COMPANIES", "date": "2018-09-17", "analysis": 2, "threat_level_id": 2, "timestamp": 1772423283}, "357c7a82-78fd-49cb-876e-38d2d738dccb": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Dragos\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Industroyer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Industroyer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Engineering Workstation\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Field Controller/RTU/PLC/IED\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Human-Machine Interface\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Destruction\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] ANATOMY OF AN ATTACK: DETECTING AND DEFEATING CRASHOVERRIDE", "date": "2018-10-03", "analysis": 1, "threat_level_id": 2, "timestamp": 1772418894}, "34c150d0-1e0c-4d4f-94b3-5ce551808a64": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Sandworm\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Black Energy \u2013 Analysis", "date": "2019-01-18", "analysis": 1, "threat_level_id": 2, "timestamp": 1772418866}, "9cfcdb0f-da19-45be-af5c-c0cd3541d7ab": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Medium\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"LockerGoga\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Manufacturing\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] How Lockergoga took down Hydro \u2014 ransomware used in targeted attacks aimed at big business", "date": "2019-03-21", "analysis": 1, "threat_level_id": 2, "timestamp": 1772418858}, "57a2dddf-e055-4a7d-924f-2add789ff07f": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Sophos\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Lyceum .NET DNS Backdoor\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Lyceum .NET TCP Backdoor\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"HEXANE\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"danbot\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] LYCEUM Takes Center Stage in Middle East Campaign", "date": "2019-08-27", "analysis": 1, "threat_level_id": 2, "timestamp": 1772418850}, "f1a282a8-dfde-4620-b572-5a6ced87ea2c": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Crysis XTBL\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Hunt\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Virus-Encoder\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats", "date": "2020-01-01", "analysis": 1, "threat_level_id": 2, "timestamp": 1772423876}, "572dd42b-11e4-411c-8035-db1bc1492275": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"ENERGETIC BEAR\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Dragonfly\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Dragonfly 2.0\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"russia\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] The Enigmatic Energetic Bear", "date": "2020-04-11", "analysis": 1, "threat_level_id": 2, "timestamp": 1772418829}, "e8f1c068-f648-4678-b557-a4196cdf7ebc": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Snake-Ekans\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Automotive\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Honda Hacked: Japanese Car Giant Confirms Cyber Attack On Global Operations", "date": "2020-06-10", "analysis": 1, "threat_level_id": 2, "timestamp": 1772418813}, "67f60c89-4bbc-41b6-b97b-e5275d1dd196": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"TEMP.Veles\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"XENOTIME\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Analysis of the recent report of supply chain attacks on US electric infrastructure by Chinese Actors", "date": "2020-06-12", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407744}, "b3a2e79a-cb03-4237-8195-afca0094f074": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Fortinet\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Snake-Ekans\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Component Object Model and Distributed COM - T1175\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disabling Security Tools - T1089\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Execution Guardrails - T1480\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indirect Command Execution - T1202\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Denial of Service - T1498\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Peripheral Device Discovery - T1120\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Software Discovery - T1063\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Service Discovery - T1007\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}], "info": "[Threat Intel] EKANS Ransomware: A Malware Targeting OT ICS Systems", "date": "2020-07-01", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407727}, "26ed9c21-416c-41b9-8203-a9d0a39ed7eb": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"DoppelPaymer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"LockerGoga\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Maze\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"MegaCortex\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Nefilim\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Clop\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}], "info": "[Threat Intel] Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families", "date": "2020-07-15", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407716}, "a349a90b-d1e3-4f3c-be33-c9593d8ab2d8": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Availability\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Productivity and Revenue\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of View\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Account Use Policies - M1036\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Antivirus/Antimalware - M1049\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Data Backup - M1053\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Execution Prevention - M1038\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Filter Network Traffic - M1037\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Limit Access to Resource Over Network - M1035\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Multi-factor Authentication - M1032\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Network Segmentation - M1030\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Privileged Account Management - M1026\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Update Software - M1051\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"User Account Control - M1052\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"User Training - M1017\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Command-Line Interface\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Commonly Used Port\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Destruction\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Historian Compromise\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Denial of View\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Engineering Workstation Compromise\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"External Remote Services\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Masquerading\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Network Service Scanning\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Program Download\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Remote File Copy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Remote System Discovery\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Scripting\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Service Stop\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Spearphishing Attachment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"User Execution\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Valid Accounts\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}], "info": "[Threat Intel] Ransomware Impacting Pipeline Operations", "date": "2020-10-24", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407687}, "95d6057c-6480-4092-aa67-8be863203031": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"russia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Sandworm\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Industroyer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"KillDisk\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Industroyer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"KillDisk\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Field Controller/RTU/PLC/IED\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Destruction\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] INDICTMENT - Conspiracy to Commit an Offense Against the United States", "date": "2020-10-15", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407661}, "0f53028b-ce92-4eef-81ea-3926dcd89dcd": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Create or Modify System Process - T1543\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Cron - T1053.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Launch Daemon - T1543.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Launchd - T1053.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Setuid and Setgid - T1548.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Systemd Service - T1543.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unix Shell - T1059.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"IRIDIUM\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PAS\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#3600cf", "local": false, "name": "rectifyq:detection-rules=\"snort-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Exaramel (ELF)\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}], "info": "[Threat Intel] SANDWORM INTRUSION SET CAMPAIGN TARGETING CENTREON SYSTEMS", "date": "2021-01-27", "analysis": 1, "threat_level_id": 1, "timestamp": 1772425098}, "fa87cc42-3528-470d-bd88-e5ba65484a78": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"ENERGETIC BEAR\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Dragonfly\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Dragonfly 2.0\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Backdoor.Oldrea, Havex\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Havex RAT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Human-Machine Interface\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Screen Capture\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] THE BAFFLING BERSERK BEAR: A DECADE\u2019S ACTIVITY TARGETING CRITICAL INFRASTRUCTURE", "date": "2021-10-07", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407632}, "085907c0-0f5d-48ee-a6ff-ee569e2dee76": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Darkside\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Sodinokibi\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"WannaCry\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Stuxnet\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"WannaCry\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Attacks Against Critical Infrastructure: A Global Concern", "date": "2021-10-19", "analysis": 1, "threat_level_id": 4, "timestamp": 1772407609}, "26cbd432-9350-49a1-9830-ab68d413bcb1": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Dragos\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INCONTROLLER\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Chernovite\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Command-Line Interface\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Commonly Used Port\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Connection Proxy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Default Credentials\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Denial of Control\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Denial of Service\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Denial of View\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Detect Operating Mode\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Device Restart/Shutdown\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Execution through API\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Availability\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Control\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Productivity and Revenue\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Safety\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of View\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Manipulate I/O Image\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Manipulation of Control\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Network Sniffing\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Point & Tag Identification\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Program Download\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Program Upload\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Remote System Discovery\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Rootkit\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Scripting\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Standard Application Layer Protocol\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"System Firmware\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Theft of Operational Information\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"User Execution\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Valid Accounts\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}], "info": "[Threat Intel] PIPEDREAM: CHERNOVITE\u2019S EMERGING MALWARE TARGETING INDUSTRIAL CONTROL SYSTEMS", "date": "2022-01-01", "analysis": 1, "threat_level_id": 2, "timestamp": 1772400099}, "0a7981fe-093c-4ba6-9005-ae1ca2effee1": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Industroyer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INCONTROLLER\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INDUSTROYER2\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ArguePatch\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Industroyer2 and INCONTROLLER", "date": "2022-01-01", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407599}, "79dd7b67-1679-45e1-9db0-2a71b37c3637": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CERT-UA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CaddyWiper\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INDUSTROYER2\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Cyberattack by the Sandworm group (UAC-0082) on Ukrainian energy facilities using the malware INDUSTROYER2 and CADDYWIPER (CERT-UA#4435)", "date": "2022-04-12", "analysis": 1, "threat_level_id": 1, "timestamp": 1772424893}, "82c47a83-9dc1-49e4-8198-51fa6d05cab0": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"russia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Triton\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Triton\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"ENERGETIC BEAR\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Backdoor.Oldrea, Havex\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector", "date": "2022-03-24", "analysis": 1, "threat_level_id": 1, "timestamp": 1772407557}, "50c5a354-30ff-476a-be77-c2e02f741137": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"russia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT28\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT29\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Gamaredon Group\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Killnet\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MUMMY SPIDER\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"SALTY SPIDER\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"SCULLY SPIDER\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"TEMP.Veles\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Turla\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"UNC2452\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"WIZARD SPIDER\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"XakNet\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure", "date": "2022-05-09", "analysis": 1, "threat_level_id": 1, "timestamp": 1772407546}, "a6f5953f-c8b4-407d-a43a-e66e1b8f7a3c": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003f", "local": false, "name": "rectifyq:sub-category=\"tool-profile\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] APT Cyber Tools Targeting ICS/SCADA Devices", "date": "2022-05-25", "analysis": 1, "threat_level_id": 1, "timestamp": 1772407537}, "ec5d4523-8311-46c4-aa73-a4eafd38fb02": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INDUSTROYER2\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CaddyWiper\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Industroyer2: Industroyer reloaded", "date": "2022-04-12", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407527}, "0d9d1da8-710b-478a-954b-7964321bbbbe": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INCONTROLLER\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Field Controller/RTU/PLC/IED\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems", "date": "2022-04-13", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407520}, "1c545209-80f5-4434-b51e-3bb84871b90f": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INDUSTROYER2\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Industroyer2: The ICS-capable malware re-emerges in order to cause critical services disruption", "date": "2022-04-18", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407509}, "0f2e8d5c-1583-4451-99a4-f4f78414c1b5": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INDUSTROYER2\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] INDUSTROYER.V2: Old Malware Learns New Tricks", "date": "2022-04-25", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407500}, "58805a7e-8a3f-4221-b0a7-379e11f07695": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INDUSTROYER2\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Industroyer2 IEC-104 Analysis", "date": "2022-04-25", "analysis": 0, "threat_level_id": 2, "timestamp": 1772407493}, "c3518b95-ae77-4186-ae3b-190c9d98c57b": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INDUSTROYER2\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Industroyer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Industroyer\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload", "date": "2022-04-27", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407484}, "b56905a2-39f0-4d90-a4ee-4d679cdf82a6": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Denmark\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MooBot\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:botnet=\"Mirai\"", "relationship_type": ""}, {"colour": "#170057", "local": false, "name": "rectifyq:sub-category=\"critical-vuln\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] The attack against Danish, critical infrastructure", "date": "2023-11-01", "analysis": 0, "threat_level_id": 2, "timestamp": 1772407474}, "6b78d9dc-0fb8-423f-9745-804e0f8759d1": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CaddyWiper\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"EternalPetya\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"HermeticWiper\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INDUSTROYER2\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Industroyer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Olympic Destroyer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PartyTicket\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"RoarBAT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"VPNFilter\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] APT44: Unearthing Sandworm", "date": "2024-01-01", "analysis": 1, "threat_level_id": 1, "timestamp": 1772407441}, "5697e940-fa73-4440-84d0-691be24f98ca": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"GreyEnergy\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] ICS malware analysis study: BlackEnergy", "date": "2024-02-04", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407429}, "73e9ff39-e5d4-42b8-99ba-18df9b40f859": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Dragos\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Volt Typhoon\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"002 - Africa\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"UTA0178\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Water\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] VOLTZITE Espionage Operations Targeting U.S. Critical Systems", "date": "2024-02-04", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407418}, "c5b1f6ab-c3be-4abd-ba33-496917f3cb48": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Volt Typhoon\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Window Discovery - T1010\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Botnet - T1584.005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Browser Information Discovery - T1217\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clear Persistence - T1070.009\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clear Windows Event Logs - T1070.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Cloud Accounts - T1078.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Cloud Services - T1021.007\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Direct Volume Access - T1006\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Addresses - T1589.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploits - T1587.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploits - T1588.005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Host Information - T1592\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Identity Information - T1589\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Network Information - T1590\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Org Information - T1591\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internet Connection Discovery - T1016.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LSASS Memory - T1003.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Account - T1087.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Log Enumeration - T1654\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"NTDS - T1003.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Password Cracking - T1110.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Peripheral Device Discovery - T1120\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Permission Groups Discovery - T1069\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Private Keys - T1552.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1021.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Service Session Hijacking - T1563\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Search Open Websites/Domains - T1593\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Search Victim-Owned Websites - T1594\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server - T1584.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Binary Proxy Execution - T1218\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Location Discovery - T1614\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Service Discovery - T1007\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Time Discovery - T1124\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unix Shell - T1059.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unsecured Credentials - T1552\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Use Alternate Authentication Material - T1550\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive via Utility - T1560.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Staged - T1074\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Alternative Protocol - T1048\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internal Proxy - T1090.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Multi-hop Proxy - T1090.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"KV\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}], "info": "[Threat Intel] PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure", "date": "2024-02-07", "analysis": 1, "threat_level_id": 1, "timestamp": 1772407407}, "6bb1ef75-ec72-477d-871f-859ccc32eade": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"BlackJack\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Water\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Dragos\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Hacktivist\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Unpacking the Blackjack Group's Fuxnet Malware", "date": "2024-04-12", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407390}, "f1baddf0-90de-4137-99e4-e338c24807a3": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INDUSTROYER2\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Industroyer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Industroyer\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] A Tale of Two Industroyers: It was the Season of Darkness", "date": "2024-05-19", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407382}, "f6417d79-8def-4233-9f17-83f9aae4edd2": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Dragos\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"FrostyGoop\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Impact of FrostyGoop ICS Malware on Connected OT Systems", "date": "2024-07-01", "analysis": 1, "threat_level_id": 1, "timestamp": 1772407374}, "b93f896a-ecf5-42a6-95c5-d7d3b1015ecd": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CERT-UA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Chisel (ELF)\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"JuicyPotato\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Kapeka\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"reGeorg\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] UAC-0133 (Sandworm) plans for cyber sabotage on nearly 20 critical infrastructure facilities in Ukraine", "date": "2024-04-19", "analysis": 1, "threat_level_id": 1, "timestamp": 1772426251}, "2be127c7-1bef-4b56-aa83-d166b6efb74f": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"FrostyGoop\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Functional Analysis of FrostyGoop ICS Malware pt. 1/2", "date": "2024-07-01", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407355}, "5dd48f6e-1cc1-4275-9b21-41f2565c50ee": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"FrostyGoop\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Cyberwarfare Targeting OT: Protecting Against FrostyGoop/BUSTLEBERM Malware", "date": "2024-07-24", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407346}, "97a6d6ae-e891-40d8-8f67-c9065ead4c51": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"FrostyGoop\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] ICS Malware \u2018FrostyGoop/BUSTLEBERM\u2019: Insights Others Missed", "date": "2024-08-02", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407321}, "9d46d493-55c4-44f2-a025-6cc58d58f6dd": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"LIGHTWORK\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PIEHOP\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Command-Line Interface\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Destruction\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Manipulation of Control\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Unauthorized Command Message\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}], "info": "[Threat Intel] COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises", "date": "2023-05-25", "analysis": 1, "threat_level_id": 2, "timestamp": 1772424334}, "06203046-3e11-4e44-a20c-29360013e3a7": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"FrostyGoop\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] FrostyGoop\u2019s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications", "date": "2024-11-19", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407311}, "5ef558ec-a56f-4d88-8e98-fc5d58f4ca6a": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"elf.iocontrol\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Inside a New OT/IoT Cyberweapon: IOCONTROL", "date": "2024-12-10", "analysis": 0, "threat_level_id": 2, "timestamp": 1772407302}, "482e497c-1b27-4522-b1d4-f6c0c68ee7d6": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"elf.iocontrol\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Cleaver\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"OilRig\"", "relationship_type": ""}, {"colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] IOControl Malware: What\u2019s New, What\u2019s Not?", "date": "2024-12-16", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407293}, "933551cf-0c5a-40bb-8ea8-20b5247a57c0": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Ramnit\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] ICS Threat Analysis: New, Experimental Malware Can Kill Engineering Processes", "date": "2024-12-17", "analysis": 1, "threat_level_id": 2, "timestamp": 1772423947}, "388ebf8c-e4e4-42eb-916c-39b353101dac": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Water\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Access Removal - T1531\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Default Accounts - T1078.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Endpoint Denial of Service - T1499\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internal Defacement - T1491.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Stored Data Manipulation - T1565.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Field Controller/RTU/PLC/IED\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Human-Machine Interface\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}], "info": "[Threat Intel] IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including US Water and Wastewater Systems Facilities", "date": "2024-12-18", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407257}, "efdd56e0-b933-4f1f-85cb-a252d4d8c72f": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Dragos\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Academia - University\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Bank\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Civil Aviation\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Defense\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Legal\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Police - Law enforcement\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Political party\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Technology\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Transport\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Water\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Hacktivist\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Cyber Army of Russia Reborn\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"NoName057(16)\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"RipperSec\"", "relationship_type": ""}, {"colour": "#18005c", "local": false, "name": "rectifyq:topic=\"ai\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT28\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Sandworm\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Australia Hacktivism", "date": "2025-11-01", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407235}, "9ae4dc80-11e0-4600-ab34-04a99835e275": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Dragos\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Field Controller/RTU/PLC/IED\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] ELECTRUM: Cyber Attack on Poland\u2019s Electric System 2025", "date": "2025-12-29", "analysis": 1, "threat_level_id": 2, "timestamp": 1772407222}, "5e620a7a-323c-4529-9710-dced8c01a497": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Network Device Firewall - T1562.013\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Structure Wipe - T1561.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Webhook - T1567.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Permissions Modification - T1222\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Group Policy Modification - T1484.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hide Infrastructure - T1665\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Accounts - T1078.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Storage Discovery - T1680\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Device Configuration Dump - T1602.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Desktop Software - T1219.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steal or Forge Kerberos Tickets - T1558\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Shutdown/Reboot - T1529\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Command-Line Interface\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Destruction\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Default Credentials\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Device Restart/Shutdown\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"External Remote Services\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Graphical User Interface\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Control\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of View\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Module Firmware\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Network Connection Enumeration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Remote System Discovery\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Screen Capture\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"System Firmware\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Valid Accounts\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}], "info": "[Threat Intel] Energy Sector Incident Report \u2013 29 December", "date": "2025-12-29", "analysis": 1, "threat_level_id": 1, "timestamp": 1772423968}, "70ba5689-caa8-4938-9e4e-d3944ad01c1d": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Content Wipe - T1561.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Proxy - T1090.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LSASS Memory - T1003.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Storage Discovery - T1680\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server - T1584.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Shutdown/Reboot - T1529\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Time Discovery - T1124\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}], "info": "[Threat Intel] DynoWiper update: Technical analysis and attribution", "date": "2026-01-30", "analysis": 1, "threat_level_id": 2, "timestamp": 1772398928}, "5b145dca-23a6-4251-b2c4-812e0cf9a36f": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#57356b", "local": false, "name": "misp-galaxy:producer=\"Seqrite\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"israel\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Seqrite: Advisory: Middle East Conflict & Cyber Escalation", "date": "2026-04-06", "analysis": 1, "threat_level_id": 2, "timestamp": 1775975067}, "ced52461-2315-4d19-a24e-f35319b81920": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#4929fe", "local": false, "name": "misp-galaxy:target-information=\"Iraq\"", "relationship_type": ""}, {"colour": "#13bb3c", "local": false, "name": "misp-galaxy:target-information=\"Oman\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#91c667", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Cloud Storage - T1530\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Impersonation - T1656\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Pro-Iranian Nasir Security is Targeting The Energy Sector in the Middle East", "date": "2026-03-23", "analysis": 1, "threat_level_id": 2, "timestamp": 1775507883}, "12ec4fe2-55a7-4cd4-b7d4-f3acf5d223e0": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"israel\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MuddyWater\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT35\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT42\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Cyber Av3ngers\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Fox Kitten\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"OilRig\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Iran \u2014 US/Israel Conflict, how is it impacted Malaysia Organisation?", "date": "2026-03-18", "analysis": 1, "threat_level_id": 2, "timestamp": 1774048909}, "fe3d8a75-2175-4215-b804-26c94b531ea3": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "relationship_type": ""}, {"colour": "#6ef296", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Password Spraying - T1110.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": ""}, {"colour": "#7d37d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Python - T1059.006\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#5884a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Bank\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Civil Aviation\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"IT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MuddyWater\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Charming Kitten\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Stuxnet\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Iranian APT on Networks of U.S. Bank, Airport, Software Company", "date": "2026-03-05", "analysis": 1, "threat_level_id": 2, "timestamp": 1773274389}, "41f768c4-dbfc-41bc-9118-15ec7109609f": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Structure Wipe - T1561.002\"", "relationship_type": ""}, {"colour": "#790faf", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Direct Network Flood - T1498.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#5b3acc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Wipe - T1561\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": ""}, {"colour": "#8f36b9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Reflection Amplification - T1498.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#866c0c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Active Scanning - T1595\"", "relationship_type": ""}, {"colour": "#6ef296", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Password Spraying - T1110.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Network Information - T1590\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": ""}, {"colour": "#251b6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obtain Capabilities - T1588\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Drive-by Compromise - T1189\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Denial of Service - T1498\"", "relationship_type": ""}, {"colour": "#cf2da1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Develop Capabilities - T1587\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Kuwait\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Jordan\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"elf.iocontrol\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Bahrain\"", "relationship_type": ""}, {"colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Civil Aviation\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Defense\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Health\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"News - Media\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Technology\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Transport\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Destruction\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Module Firmware\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Breaking Down the Role of Cyber Operations Taken in the Iran Crisis", "date": "2026-03-04", "analysis": 1, "threat_level_id": 2, "timestamp": 1772824073}, "2346e215-b23f-4ebf-9b77-f9aecfc36701": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LSASS Memory - T1003.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Proxy - T1090.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server - T1584.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Time Discovery - T1124\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Content Wipe - T1561.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Shutdown/Reboot - T1529\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Storage Discovery - T1680\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#7f009f", "local": false, "name": "ms-caro-malware:malware-platform=\"WinNT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] DynoWiper update: Technical analysis", "date": "2026-01-30", "analysis": 1, "threat_level_id": 1, "timestamp": 1776743168}, "fe0d7ff7-684f-46f5-a14d-7e6a7aa70de3": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1b0068", "local": false, "name": "rectifyq:topic=\"cloud\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Command-Line Interface\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Destruction\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Default Credentials\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Device Restart/Shutdown\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Exploitation of Remote Services\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"External Remote Services\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Graphical User Interface\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Control\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of View\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Module Firmware\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Network Connection Enumeration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Remote System Discovery\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Screen Capture\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"System Firmware\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Valid Accounts\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Network Device Firewall - T1562.013\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Structure Wipe - T1561.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Webhook - T1567.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Permissions Modification - T1222\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Group Policy Modification - T1484.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hide Infrastructure - T1665\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Accounts - T1078.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Storage Discovery - T1680\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Device Configuration Dump - T1602.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Desktop Software - T1219.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steal or Forge Kerberos Tickets - T1558\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Shutdown/Reboot - T1529\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"ENERGETIC BEAR\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ArguePatch\"", "relationship_type": ""}, {"colour": "#670080", "local": false, "name": "ms-caro-malware:malware-platform=\"Linux\"", "relationship_type": ""}, {"colour": "#7f009f", "local": false, "name": "ms-caro-malware:malware-platform=\"WinNT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Energy Sector Incident Report - 29 December 2025", "date": "2026-01-30", "analysis": 0, "threat_level_id": 1, "timestamp": 1776743414}, "f45d26b0-cadc-4e64-8cab-6f496f8f77c0": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#5b3acc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Wipe - T1561\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": ""}, {"colour": "#6b4ab5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Manipulation - T1565\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"russia\"", "relationship_type": ""}, {"colour": "#7f009f", "local": false, "name": "ms-caro-malware:malware-platform=\"WinNT\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Sandworm behind cyberattack on Poland's power grid in late 2025", "date": "2026-01-23", "analysis": 1, "threat_level_id": 1, "timestamp": 1776760713}, "24bd21dd-4f1b-4977-a476-db5f2b552c6b": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Stored Data Manipulation - T1565.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": ""}, {"colour": "#3e2e74", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Replication Through Removable Media - T1091\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#0aebeb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Water\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}], "info": "[Threat Intel] OT-Focused Malware Highlights Emerging Risk to Water Infrastructure Systems", "date": "2026-04-24", "analysis": 1, "threat_level_id": 2, "timestamp": 1777818318}, "d42b2320-8712-4593-b764-e1bb241f8fa2": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Water\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Commonly Used Port\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Internet Accessible Device\"", "relationship_type": ""}, {"colour": "#6b4ab5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Manipulation - T1565\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Human-Machine Interface\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure", "date": "2026-04-07", "analysis": 1, "threat_level_id": 2, "timestamp": 1776767285}, "38ba8130-fab8-4e81-b65b-69b2ea90cb60": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"PolySwarm\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Gas\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Oil\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Water\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT33\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"BANISHED KITTEN\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Cyber Av3ngers\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MuddyWater\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"OilRig\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Iran-Linked PLC Exploitation Expands Across US Critical Infrastructure", "date": "2026-04-17", "analysis": 1, "threat_level_id": 2, "timestamp": 1776767283}, "ffefe5df-a7b5-423b-b877-d72ed6b5e19b": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Water\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Replication Through Removable Media\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Inside ZionSiphon: Darktrace\u2019s Analysis of OT Malware Targeting Israeli Water Systems", "date": "2026-04-16", "analysis": 1, "threat_level_id": 2, "timestamp": 1777674241}}