mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-23 07:17:17 +00:00
Merge pull request #720 from Th4nat0s/thales_atk
Add Mitre vs Thales RosettaStone
This commit is contained in:
commit
10d53418de
1 changed files with 137 additions and 46 deletions
|
@ -67,7 +67,8 @@
|
||||||
"Brown Fox",
|
"Brown Fox",
|
||||||
"GIF89a",
|
"GIF89a",
|
||||||
"ShadyRAT",
|
"ShadyRAT",
|
||||||
"Shanghai Group"
|
"Shanghai Group",
|
||||||
|
"G0006"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -149,6 +150,9 @@
|
||||||
"https://www.cylance.com/content/dam/cylance/pdfs/reports/Op_Dust_Storm_Report.pdf",
|
"https://www.cylance.com/content/dam/cylance/pdfs/reports/Op_Dust_Storm_Report.pdf",
|
||||||
"https://web.archive.org/web/20140816135909/https://www.symantec.com/connect/blogs/inside-back-door-attack",
|
"https://web.archive.org/web/20140816135909/https://www.symantec.com/connect/blogs/inside-back-door-attack",
|
||||||
"https://attack.mitre.org/groups/G0031/"
|
"https://attack.mitre.org/groups/G0031/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"G0031"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -279,7 +283,8 @@
|
||||||
"4HCrew",
|
"4HCrew",
|
||||||
"SULPHUR",
|
"SULPHUR",
|
||||||
"SearchFire",
|
"SearchFire",
|
||||||
"TG-6952"
|
"TG-6952",
|
||||||
|
"G0024"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -383,7 +388,9 @@
|
||||||
"APT-C-06",
|
"APT-C-06",
|
||||||
"SIG25",
|
"SIG25",
|
||||||
"TUNGSTEN BRIDGE",
|
"TUNGSTEN BRIDGE",
|
||||||
"T-APT-02"
|
"T-APT-02",
|
||||||
|
"G0012",
|
||||||
|
"ATK52"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -461,11 +468,13 @@
|
||||||
"country": "CN",
|
"country": "CN",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.fireeye.com/blog/threat-research/2015/12/the_eps_awakens.html",
|
"https://www.fireeye.com/blog/threat-research/2015/12/the_eps_awakens.html",
|
||||||
"https://www.cfr.org/interactive/cyber-operations/apt-16"
|
"https://www.cfr.org/interactive/cyber-operations/apt-16",
|
||||||
|
"https://attack.mitre.org/groups/G0023"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"APT16",
|
"APT16",
|
||||||
"SVCMONDR"
|
"SVCMONDR",
|
||||||
|
"G0023"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "1f73e14f-b882-4032-a565-26dc653b0daf",
|
"uuid": "1f73e14f-b882-4032-a565-26dc653b0daf",
|
||||||
|
@ -494,7 +503,8 @@
|
||||||
"https://web.archive.org/web/20141016080249/http://www.symantec.com/connect/blogs/security-vendors-take-action-against-hidden-lynx-malware",
|
"https://web.archive.org/web/20141016080249/http://www.symantec.com/connect/blogs/security-vendors-take-action-against-hidden-lynx-malware",
|
||||||
"https://web.archive.org/web/20130920000343/https://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire",
|
"https://web.archive.org/web/20130920000343/https://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire",
|
||||||
"https://www.recordedfuture.com/hidden-lynx-analysis/",
|
"https://www.recordedfuture.com/hidden-lynx-analysis/",
|
||||||
"https://www.secureworks.com/research/threat-profiles/bronze-keystone"
|
"https://www.secureworks.com/research/threat-profiles/bronze-keystone",
|
||||||
|
"https://attack.mitre.org/groups/G0025/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"APT 17",
|
"APT 17",
|
||||||
|
@ -504,7 +514,8 @@
|
||||||
"Hidden Lynx",
|
"Hidden Lynx",
|
||||||
"Tailgater Team",
|
"Tailgater Team",
|
||||||
"Dogfish",
|
"Dogfish",
|
||||||
"BRONZE KEYSTONE"
|
"BRONZE KEYSTONE",
|
||||||
|
"G0025"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -557,7 +568,8 @@
|
||||||
"country": "CN",
|
"country": "CN",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://threatpost.com/apt-gang-branches-out-to-medical-espionage-in-community-health-breach/107828",
|
"https://threatpost.com/apt-gang-branches-out-to-medical-espionage-in-community-health-breach/107828",
|
||||||
"https://www.cfr.org/interactive/cyber-operations/apt-18"
|
"https://www.cfr.org/interactive/cyber-operations/apt-18",
|
||||||
|
"https://attack.mitre.org/groups/G0026"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Dynamite Panda",
|
"Dynamite Panda",
|
||||||
|
@ -565,7 +577,8 @@
|
||||||
"APT 18",
|
"APT 18",
|
||||||
"SCANDIUM",
|
"SCANDIUM",
|
||||||
"PLA Navy",
|
"PLA Navy",
|
||||||
"APT18"
|
"APT18",
|
||||||
|
"G0026"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -648,7 +661,8 @@
|
||||||
"BARIUM",
|
"BARIUM",
|
||||||
"BRONZE ATLAS",
|
"BRONZE ATLAS",
|
||||||
"BRONZE EXPORT",
|
"BRONZE EXPORT",
|
||||||
"Red Kelpie"
|
"Red Kelpie",
|
||||||
|
"G0044"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -731,7 +745,8 @@
|
||||||
"Group 13",
|
"Group 13",
|
||||||
"PinkPanther",
|
"PinkPanther",
|
||||||
"Sh3llCr3w",
|
"Sh3llCr3w",
|
||||||
"BRONZE FIRESTONE"
|
"BRONZE FIRESTONE",
|
||||||
|
"G0009"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -807,7 +822,8 @@
|
||||||
"APT.Naikon",
|
"APT.Naikon",
|
||||||
"Lotus Panda",
|
"Lotus Panda",
|
||||||
"Hellsing",
|
"Hellsing",
|
||||||
"BRONZE GENEVA"
|
"BRONZE GENEVA",
|
||||||
|
"G0019"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -879,7 +895,9 @@
|
||||||
"ST Group",
|
"ST Group",
|
||||||
"Esile",
|
"Esile",
|
||||||
"DRAGONFISH",
|
"DRAGONFISH",
|
||||||
"BRONZE ELGIN"
|
"BRONZE ELGIN",
|
||||||
|
"ATK1",
|
||||||
|
"G0030"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -1037,7 +1055,8 @@
|
||||||
"ZipToken",
|
"ZipToken",
|
||||||
"Iron Tiger",
|
"Iron Tiger",
|
||||||
"BRONZE UNION",
|
"BRONZE UNION",
|
||||||
"Lucky Mouse"
|
"Lucky Mouse",
|
||||||
|
"G0027"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -1108,7 +1127,9 @@
|
||||||
"CVNX",
|
"CVNX",
|
||||||
"HOGFISH",
|
"HOGFISH",
|
||||||
"Cloud Hopper",
|
"Cloud Hopper",
|
||||||
"BRONZE RIVERSIDE"
|
"BRONZE RIVERSIDE",
|
||||||
|
"ATK41",
|
||||||
|
"G0045"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -1181,6 +1202,9 @@
|
||||||
"https://kc.mcafee.com/corporate/index?page=content&id=KB71150",
|
"https://kc.mcafee.com/corporate/index?page=content&id=KB71150",
|
||||||
"https://securingtomorrow.mcafee.com/wp-content/uploads/2011/02/McAfee_NightDragon_wp_draft_to_customersv1-1.pdf",
|
"https://securingtomorrow.mcafee.com/wp-content/uploads/2011/02/McAfee_NightDragon_wp_draft_to_customersv1-1.pdf",
|
||||||
"https://attack.mitre.org/groups/G0014/"
|
"https://attack.mitre.org/groups/G0014/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"G0014"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -1233,7 +1257,8 @@
|
||||||
"Lurid",
|
"Lurid",
|
||||||
"Social Network Team",
|
"Social Network Team",
|
||||||
"Royal APT",
|
"Royal APT",
|
||||||
"BRONZE PALACE"
|
"BRONZE PALACE",
|
||||||
|
"G0004"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8",
|
"uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8",
|
||||||
|
@ -1401,7 +1426,8 @@
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"PittyTiger",
|
"PittyTiger",
|
||||||
"MANGANESE"
|
"MANGANESE",
|
||||||
|
"G0011"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -1607,7 +1633,8 @@
|
||||||
"Admin338",
|
"Admin338",
|
||||||
"Team338",
|
"Team338",
|
||||||
"MAGNESIUM",
|
"MAGNESIUM",
|
||||||
"admin@338"
|
"admin@338",
|
||||||
|
"G0018"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -1645,7 +1672,8 @@
|
||||||
"KeyBoy",
|
"KeyBoy",
|
||||||
"TropicTrooper",
|
"TropicTrooper",
|
||||||
"Tropic Trooper",
|
"Tropic Trooper",
|
||||||
"BRONZE HOBART"
|
"BRONZE HOBART",
|
||||||
|
"G0081"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "7f16d1f5-04ee-4d99-abf0-87e1f23f9fee",
|
"uuid": "7f16d1f5-04ee-4d99-abf0-87e1f23f9fee",
|
||||||
|
@ -1873,7 +1901,8 @@
|
||||||
"iKittens",
|
"iKittens",
|
||||||
"Group 83",
|
"Group 83",
|
||||||
"Newsbeef",
|
"Newsbeef",
|
||||||
"NewsBeef"
|
"NewsBeef",
|
||||||
|
"G0058"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -1962,6 +1991,7 @@
|
||||||
"https://www.brighttalk.com/webcast/10703/275683",
|
"https://www.brighttalk.com/webcast/10703/275683",
|
||||||
"https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage",
|
"https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage",
|
||||||
"https://www.secureworks.com/research/threat-profiles/cobalt-trinity",
|
"https://www.secureworks.com/research/threat-profiles/cobalt-trinity",
|
||||||
|
"https://attack.mitre.org/groups/G0064/",
|
||||||
"https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/"
|
"https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
|
@ -1970,7 +2000,9 @@
|
||||||
"MAGNALLIUM",
|
"MAGNALLIUM",
|
||||||
"Refined Kitten",
|
"Refined Kitten",
|
||||||
"HOLMIUM",
|
"HOLMIUM",
|
||||||
"COBALT TRINITY"
|
"COBALT TRINITY",
|
||||||
|
"G0064",
|
||||||
|
"ATK35"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -2181,7 +2213,9 @@
|
||||||
"APT35",
|
"APT35",
|
||||||
"APT 35",
|
"APT 35",
|
||||||
"TEMP.Beanie",
|
"TEMP.Beanie",
|
||||||
"Ghambar"
|
"Ghambar",
|
||||||
|
"G0059",
|
||||||
|
"G0003"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -2399,7 +2433,9 @@
|
||||||
"Group 74",
|
"Group 74",
|
||||||
"SIG40",
|
"SIG40",
|
||||||
"Grizzly Steppe",
|
"Grizzly Steppe",
|
||||||
"apt_sofacy"
|
"apt_sofacy",
|
||||||
|
"G0007",
|
||||||
|
"ATK5"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -2457,7 +2493,8 @@
|
||||||
"https://www.cfr.org/interactive/cyber-operations/dukes",
|
"https://www.cfr.org/interactive/cyber-operations/dukes",
|
||||||
"https://pylos.co/2018/11/18/cozybear-in-from-the-cold/",
|
"https://pylos.co/2018/11/18/cozybear-in-from-the-cold/",
|
||||||
"https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/",
|
"https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/",
|
||||||
"https://www.secureworks.com/research/threat-profiles/iron-hemlock"
|
"https://www.secureworks.com/research/threat-profiles/iron-hemlock",
|
||||||
|
"https://attack.mitre.org/groups/G0016"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Dukes",
|
"Dukes",
|
||||||
|
@ -2478,7 +2515,9 @@
|
||||||
"Hammer Toss",
|
"Hammer Toss",
|
||||||
"YTTRIUM",
|
"YTTRIUM",
|
||||||
"Iron Hemlock",
|
"Iron Hemlock",
|
||||||
"Grizzly Steppe"
|
"Grizzly Steppe",
|
||||||
|
"G0016",
|
||||||
|
"ATK7"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -2572,7 +2611,9 @@
|
||||||
"Popeye",
|
"Popeye",
|
||||||
"SIG23",
|
"SIG23",
|
||||||
"Iron Hunter",
|
"Iron Hunter",
|
||||||
"MAKERSMARK"
|
"MAKERSMARK",
|
||||||
|
"ATK13",
|
||||||
|
"G0010"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -2646,7 +2687,9 @@
|
||||||
"Havex",
|
"Havex",
|
||||||
"CrouchingYeti",
|
"CrouchingYeti",
|
||||||
"Koala Team",
|
"Koala Team",
|
||||||
"IRON LIBERTY"
|
"IRON LIBERTY",
|
||||||
|
"G0035",
|
||||||
|
"ATK6"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -2819,7 +2862,9 @@
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"CARBON SPIDER",
|
"CARBON SPIDER",
|
||||||
"GOLD NIAGARA",
|
"GOLD NIAGARA",
|
||||||
"Calcium"
|
"Calcium",
|
||||||
|
"ATK32",
|
||||||
|
"G0046"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -3081,7 +3126,9 @@
|
||||||
"https://www.hvs-consulting.de/lazarus-report/",
|
"https://www.hvs-consulting.de/lazarus-report/",
|
||||||
"https://github.com/hvs-consulting/ioc_signatures/tree/main/Lazarus_APT37",
|
"https://github.com/hvs-consulting/ioc_signatures/tree/main/Lazarus_APT37",
|
||||||
"https://blogs.jpcert.or.jp/en/2021/01/Lazarus_tools.html",
|
"https://blogs.jpcert.or.jp/en/2021/01/Lazarus_tools.html",
|
||||||
"https://blogs.jpcert.or.jp/en/2021/01/Lazarus_malware2.html"
|
"https://blogs.jpcert.or.jp/en/2021/01/Lazarus_malware2.html",
|
||||||
|
"https://attack.mitre.org/groups/G0082",
|
||||||
|
"https://attack.mitre.org/groups/G0032"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Operation DarkSeoul",
|
"Operation DarkSeoul",
|
||||||
|
@ -3108,7 +3155,11 @@
|
||||||
"Nickel Academy",
|
"Nickel Academy",
|
||||||
"APT-C-26",
|
"APT-C-26",
|
||||||
"NICKEL GLADSTONE",
|
"NICKEL GLADSTONE",
|
||||||
"COVELLITE"
|
"COVELLITE",
|
||||||
|
"ATK3",
|
||||||
|
"G0032",
|
||||||
|
"ATK117",
|
||||||
|
"G0082"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -3232,7 +3283,8 @@
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Animal Farm",
|
"Animal Farm",
|
||||||
"Snowglobe"
|
"Snowglobe",
|
||||||
|
"ATK8"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "3b8e7462-c83f-4e7d-9511-2fe430d80aab",
|
"uuid": "3b8e7462-c83f-4e7d-9511-2fe430d80aab",
|
||||||
|
@ -3385,7 +3437,9 @@
|
||||||
"Sarit",
|
"Sarit",
|
||||||
"Quilted Tiger",
|
"Quilted Tiger",
|
||||||
"APT-C-09",
|
"APT-C-09",
|
||||||
"ZINC EMERSON"
|
"ZINC EMERSON",
|
||||||
|
"ATK11",
|
||||||
|
"G0040"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -3689,7 +3743,9 @@
|
||||||
"ITG08",
|
"ITG08",
|
||||||
"MageCart Group 6",
|
"MageCart Group 6",
|
||||||
"White Giant",
|
"White Giant",
|
||||||
"GOLD FRANKLIN"
|
"GOLD FRANKLIN",
|
||||||
|
"ATK88",
|
||||||
|
"G0037"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -3789,7 +3845,9 @@
|
||||||
"Helix Kitten",
|
"Helix Kitten",
|
||||||
"APT 34",
|
"APT 34",
|
||||||
"APT34",
|
"APT34",
|
||||||
"IRN2"
|
"IRN2",
|
||||||
|
"ATK40",
|
||||||
|
"G0049"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -4455,7 +4513,9 @@
|
||||||
"Ocean Buffalo",
|
"Ocean Buffalo",
|
||||||
"POND LOACH",
|
"POND LOACH",
|
||||||
"TIN WOODLAWN",
|
"TIN WOODLAWN",
|
||||||
"BISMUTH"
|
"BISMUTH",
|
||||||
|
"ATK17",
|
||||||
|
"G0050"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -4519,7 +4579,9 @@
|
||||||
"https://attack.mitre.org/groups/G0068/"
|
"https://attack.mitre.org/groups/G0068/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"TwoForOne"
|
"TwoForOne",
|
||||||
|
"G0068",
|
||||||
|
"ATK33"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -4595,7 +4657,9 @@
|
||||||
"since": "2017",
|
"since": "2017",
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"LeafMiner",
|
"LeafMiner",
|
||||||
"Raspite"
|
"Raspite",
|
||||||
|
"ATK113",
|
||||||
|
"G0061"
|
||||||
],
|
],
|
||||||
"victimology": "Electric utility sector"
|
"victimology": "Electric utility sector"
|
||||||
},
|
},
|
||||||
|
@ -5607,7 +5671,9 @@
|
||||||
"Static Kitten",
|
"Static Kitten",
|
||||||
"Seedworm",
|
"Seedworm",
|
||||||
"MERCURY",
|
"MERCURY",
|
||||||
"COBALT ULSTER"
|
"COBALT ULSTER",
|
||||||
|
"G0069",
|
||||||
|
"ATK51"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -5716,7 +5782,9 @@
|
||||||
"Red Eyes",
|
"Red Eyes",
|
||||||
"Ricochet Chollima",
|
"Ricochet Chollima",
|
||||||
"ScarCruft",
|
"ScarCruft",
|
||||||
"Venus 121"
|
"Venus 121",
|
||||||
|
"ATK4",
|
||||||
|
"G0067"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -5803,7 +5871,9 @@
|
||||||
"APT40",
|
"APT40",
|
||||||
"BRONZE MOHAWK",
|
"BRONZE MOHAWK",
|
||||||
"GADOLINIUM",
|
"GADOLINIUM",
|
||||||
"Kryptonite Panda"
|
"Kryptonite Panda",
|
||||||
|
"G0065",
|
||||||
|
"ATK29"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -6145,7 +6215,9 @@
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Gorgon Group",
|
"Gorgon Group",
|
||||||
"Subaat"
|
"Subaat",
|
||||||
|
"ATK92",
|
||||||
|
"G0078"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "e47c2c4d-706b-4098-92a2-b93e7103e131",
|
"uuid": "e47c2c4d-706b-4098-92a2-b93e7103e131",
|
||||||
|
@ -6401,6 +6473,10 @@
|
||||||
"country": "PK",
|
"country": "PK",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.cfr.org/interactive/cyber-operations/stealth-mango-and-tangelo"
|
"https://www.cfr.org/interactive/cyber-operations/stealth-mango-and-tangelo"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"ATK78",
|
||||||
|
"G0076"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "f82b352e-a9f8-11e8-8be8-fbcf6eddd58c",
|
"uuid": "f82b352e-a9f8-11e8-8be8-fbcf6eddd58c",
|
||||||
|
@ -6524,6 +6600,10 @@
|
||||||
"country": "RU",
|
"country": "RU",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.cfr.org/interactive/cyber-operations/cloud-atlas"
|
"https://www.cfr.org/interactive/cyber-operations/cloud-atlas"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"ATK116",
|
||||||
|
"G0100"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126",
|
"uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126",
|
||||||
|
@ -6826,7 +6906,9 @@
|
||||||
"GRACEFUL SPIDER",
|
"GRACEFUL SPIDER",
|
||||||
"GOLD TAHOE",
|
"GOLD TAHOE",
|
||||||
"Dudear",
|
"Dudear",
|
||||||
"TEMP.Warlock"
|
"TEMP.Warlock",
|
||||||
|
"G0092",
|
||||||
|
"ATK103"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f",
|
"uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f",
|
||||||
|
@ -7452,7 +7534,9 @@
|
||||||
"https://attack.mitre.org/groups/G0088/"
|
"https://attack.mitre.org/groups/G0088/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Xenotime"
|
"Xenotime",
|
||||||
|
"G0088",
|
||||||
|
"ATK91"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "90abfc42-91c6-11e9-89b1-af58de8f7ec2",
|
"uuid": "90abfc42-91c6-11e9-89b1-af58de8f7ec2",
|
||||||
|
@ -8445,6 +8529,10 @@
|
||||||
"https://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks",
|
"https://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks",
|
||||||
"https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking",
|
"https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking",
|
||||||
"https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-joins-international-partners-attribution-malicious-cyber-activity-china"
|
"https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-joins-international-partners-attribution-malicious-cyber-activity-china"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"ATK233",
|
||||||
|
"G0125"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",
|
"uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",
|
||||||
|
@ -8698,11 +8786,14 @@
|
||||||
"description": "GOLD CABIN is a financially motivated cybercriminal threat group operating a malware distribution service on behalf of numerous customers since 2018. GOLD CABIN uses malicious documents, often contained in password-protected archives, delivered through email to download and execute payloads. The second-stage payloads are most frequently Gozi ISFB (Ursnif) or IcedID (Bokbot), sometimes using intermediary malware like Valak. GOLD CABIN infrastructure relies on artificial appearing and frequently changing URLs created with a domain generation algorithm (DGA). The URLs host a PHP object that returns the malware as a DLL file.",
|
"description": "GOLD CABIN is a financially motivated cybercriminal threat group operating a malware distribution service on behalf of numerous customers since 2018. GOLD CABIN uses malicious documents, often contained in password-protected archives, delivered through email to download and execute payloads. The second-stage payloads are most frequently Gozi ISFB (Ursnif) or IcedID (Bokbot), sometimes using intermediary malware like Valak. GOLD CABIN infrastructure relies on artificial appearing and frequently changing URLs created with a domain generation algorithm (DGA). The URLs host a PHP object that returns the malware as a DLL file.",
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.secureworks.com/research/threat-profiles/gold-cabin"
|
"https://www.secureworks.com/research/threat-profiles/gold-cabin",
|
||||||
|
"https://attack.mitre.org/groups/G0127/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Shakthak",
|
"Shakthak",
|
||||||
"TA551"
|
"TA551",
|
||||||
|
"ATK236",
|
||||||
|
"G0127"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "36e8c848-4d20-47ea-9fc2-31aa17bf82d1",
|
"uuid": "36e8c848-4d20-47ea-9fc2-31aa17bf82d1",
|
||||||
|
@ -9335,5 +9426,5 @@
|
||||||
"value": "RansomHouse"
|
"value": "RansomHouse"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 227
|
"version": 228
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue