diff --git a/elements/apt-groups.json b/elements/apt-groups.json index cbc2de0..54e2a54 100644 --- a/elements/apt-groups.json +++ b/elements/apt-groups.json @@ -1,7 +1,7 @@ { "version" : 1, - "description": "Known or estimated adversary groups targeting organizations and employees", - "author": "Various", + "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups can be confused with their initial operation or campaign.", + "authors": ["Alexandre Dulaunoy", "Florian Roth", "Various"], "type": "APT Groups", "groups" : ["Comment Crew","Sofacy"], "details" : [ @@ -18,6 +18,46 @@ "refs": ["https://en.wikipedia.org/wiki/Sofacy_Group"], "country": "RU", "synonyms": ["APT 28", "APT28", "Pawn Storm", "Fancy Bear", "Sednit"] + }, + { + "group": "APT 29", + "refs": ["https://labsblog.f-secure.com/2015/09/17/the-dukes-7-years-of-russian-cyber-espionage/"], + "country": "RU", + "synonyms": ["Dukes", "Group 100", "Cozy Duke", "EuroAPT", "CozyBear", "CozyCar", "Cozer", "Office Monkeys"] + }, + { + "group": "Turla Group", + "country": "RU", + "synonyms": ["Turla", "Snake", "Venomous Bear", "Group 88"] + }, + { + "group": "Energetic Bear", + "country": "RU", + "synonyms": ["Dragonfly", "Crouching Yeti", "Group 24"] + }, + { + "group": "Sandworm", + "refs": ["http://www.isightpartners.com/2014/10/cve-2014-4114/"], + "country": "RU", + "synonyms": ["Sandworm Team"] + }, + { + "group": "Anunak", + "description": "Groups targeting financial organizations or people with significant financial assets.", + "country": "RU", + "synonyms": ["Carbanak"] + }, + { + "group": "TeamSpy Crew", + "refs": ["https://securelist.com/blog/incidents/35520/the-teamspy-crew-attacks-abusing-teamviewer-for-cyberespionage-8/"], + "country": "RU", + "synonyms": ["TeamSpy"] + }, + { + "group": "BuhTrap", + "refs": ["http://www.welivesecurity.com/2015/11/11/operathion-buhtrap-malware-distributed-via-ammyy-com/"], + "country": "RU", + "synonyms": [""] } ] }