{ "Event": { "analysis": "1", "date": "2018-06-20", "extends_uuid": "", "info": "[Threat Intel] Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies", "protected": false, "publish_timestamp": "1780039856", "published": true, "threat_level_id": "2", "timestamp": "1772901983", "uuid": "2a3c9ac8-a388-48d7-9fbe-e8650d140232", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Thrip\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Catchamas\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MimiKatz\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Defense\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740399288", "to_ids": false, "type": "link", "uuid": "8967d19e-7cb5-495f-9c07-2289583cabe8", "value": "https://www.security.com/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746518191", "to_ids": true, "type": "sha256", "uuid": "5047a6eb-e363-4f96-9792-27fe55a66b38", "value": "6b236d3fc54d36e6dc2a26299f6ded597058fed7c9099f1a37716c5e4b162abc", "Tag": [ { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746518192", "to_ids": true, "type": "sha256", "uuid": "efc4bb1f-56c6-440c-8330-2b0bc733c2f9", "value": "d9131bf2e2e2a80c319ed6ffbe5c726fe30eac50902705096d2610de52a774e2", "Tag": [ { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746518193", "to_ids": true, "type": "sha256", "uuid": "a6cb313e-7539-4926-851a-3f711c175c07", "value": "db921a575fa7fd4b0c1b405a54f77d10c73eb1cb1384a27d584d7323e72938b6", "Tag": [ { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746518194", "to_ids": true, "type": "sha256", "uuid": "5a09ef3c-8117-4c5b-bea9-31b35b5b5e65", "value": "6b01d376b355c56ede966ccf5cca6c8d5616962e67bbf0ddbf7ad395d117fdee", "Tag": [ { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746518195", "to_ids": true, "type": "sha256", "uuid": "0f6e7ff0-7292-46e1-9899-9d11ac442163", "value": "586bcdd0027d88e0832bf028c8085969e7e0aec6bfd245f968d9d4207103719a", "Tag": [ { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746541473", "uuid": "9e475d28-2aaf-4ebf-9e6d-a05284c553b6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746541473", "to_ids": true, "type": "md5", "uuid": "a7ff86f5-fd6f-44de-b681-52e744dc1c25", "value": "09a40750c3333acb6b94062bdeb9380a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746516048", "to_ids": true, "type": "sha1", "uuid": "64937c5f-71b1-40d2-b888-07616803c2e4", "value": "068ce5d5617a30975a7fec92a3a6c0fb64d8eb1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746516048", "to_ids": true, "type": "sha256", "uuid": "368f2c9d-99d1-44df-b168-aaa594dc9ca8", "value": "f14c9c859e12cf70099af098668f849b2ca0e99de6cc62b8569c230f35e36aa5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746516048", "to_ids": true, "type": "ssdeep", "uuid": "7a13c39e-0ef6-4db8-86ec-dcbd708ae439", "value": "1536:JlfrY84TfqenLCFc3FcW74tBnxkJbk1oxZ5Zs2p5sMXy:Lf7UquZREPMbky75ZVp5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746516048", "to_ids": false, "type": "size-in-bytes", "uuid": "dd8fe011-1ff1-4d1c-b30f-c72b8798e0f1", "value": "145920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746516048", "to_ids": true, "type": "vhash", "uuid": "d8356450-dbe8-417c-8cfc-1874d19cced1", "value": "015056655d1515116za0062bz13z1020019ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746516048", "to_ids": true, "type": "filename", "uuid": "e59b7187-28e8-4889-a5df-54a40896f28f", "value": "malware.bin" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 28/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746516048", "to_ids": false, "type": "text", "uuid": "d65a427c-eece-4141-8572-7c3ae268fe7c", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Catchman\nVT Total Detection:61/72\nFirst Submission:2017-08-21T14:38:48.000000+00:00\nLast Submission:2024-10-27T19:29:18.000000+00:00" } ] } ] } }