Merge https://github.com/MISP/misp-galaxy

2025-01-31 08:58:26 +00:00 · 2023-04-27 10:04:30 +02:00 · 2023-04-27 10:04:30 +02:00 · 1649c3dfca
commit 1649c3dfca
parent bd050668ef 0997f8eb70
2 changed files with 84 additions and 6 deletions
--- a/clusters/attck4fraud.json
+++ b/clusters/attck4fraud.json
@ -84,6 +84,19 @@
      "uuid": "0e45e11c-9c24-49a2-b1fe-5d78a235844b",
      "value": "ATM skimming"
    },
+    {
+      "description": "Trap the cash dispenser with a physical component. Type 1 are visible to the user and type 2 are hidden in the cash dispenser",
+      "meta": {
+        "kill_chain": [
+          "fraud-tactics:Initiation"
+        ],
+        "refs": [
+          "https://medium.com/@netsentries/beware-of-atm-cash-trapping-9421e498dfcf"
+        ]
+      },
+      "uuid": "1e709b6e-ff4a-4645-adec-42f9636d38f8",
+      "value": "ATM cash trapping"
+    },
    {
      "description": "ATM Shimming refers to the act of capturing a bank card data accessing the EMV chip installed on the card while presenting the card to a ATM. Due to their low profile, shimmers can be fit inside ATM card readers and are therefore more difficult to detect.",
      "meta": {
@ -380,5 +393,5 @@
      "value": "ATM Explosive Attack"
    }
  ],
-  "version": 3
+  "version": 4
 }
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -7901,7 +7901,8 @@
          "G0044",
          "Earth Baku",
          "Amoeba",
-          "HOODOO"
+          "HOODOO",
+          "Brass Typhoon"
        ]
      },
      "related": [
@ -10110,16 +10111,20 @@
          "Hong Kong",
          "Malaysia",
          "India",
-          "Taiwan"
+          "Taiwan",
+          "Macao",
+          "Nigeria"
        ],
        "country": "CN",
        "refs": [
          "https://blog.malwarebytes.com/threat-analysis/2020/07/chinese-apt-group-targets-india-and-hong-kong-using-new-variant-of-mgbot-malware",
          "https://vb2020.vblocalhost.com/uploads/VB2020-43.pdf",
-          "https://www.youtube.com/watch?v=LeKi0KfzOow&list=PLffioUnqXWkdzWcZXH-bzPVgcs2R4r7iS&index=1&t=2154s"
+          "https://www.youtube.com/watch?v=LeKi0KfzOow&list=PLffioUnqXWkdzWcZXH-bzPVgcs2R4r7iS&index=1&t=2154s",
+          "https://www.welivesecurity.com/2023/04/26/evasive-panda-apt-group-malware-updates-popular-chinese-software/"
        ],
        "synonyms": [
-          "Evasive Panda"
+          "Evasive Panda",
+          " Daggerfly"
        ]
      },
      "uuid": "62710572-e416-419d-bb1f-81ffc1ddc976",
@ -11259,7 +11264,67 @@
      },
      "uuid": "8ca38564-5515-45f5-9f3b-a4091546e10b",
      "value": "Anonymous Sudan"
+    },
+    {
+      "description": "Recorded Future’s Insikt Group has identified a large cluster of new operational infrastructure associated with use of the custom Windows and Linux backdoor KEYPLUG. We attribute this activity to a threat activity group tracked as RedGolf, which is highly likely to be a Chinese state-sponsored group. RedGolf closely overlaps with threat activity reported in open sources under the aliases APT41/BARIUM and has likely carried out state-sponsored espionage activity in parallel with financially motivated operations for personal gain from at least 2014 onward.",
+      "meta": {
+        "cfr-suspected-state-sponsor": "China",
+        "cfr-target-category": [
+          "Aviation",
+          "Automotive",
+          "Education",
+          "Intergovernmental",
+          "Media and Entertainment",
+          "Information Technology",
+          "Religious Organizations"
+        ],
+        "country": "CN",
+        "motive": "state-sponsored espionage and financially motivated",
+        "references": [
+          "https://go.recordedfuture.com/hubfs/reports/cta-2023-0330.pdf",
+          "https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "9c124874-042d-48cd-b72b-ccdc51ecbbd6",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "overlaps"
+        },
+        {
+          "dest-uuid": "036bd099-fe80-46c2-9c4c-e5c6df8dcdee",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "1a1d3ea4-972e-4c48-8d85-08d9db8f1550",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "9c124874-042d-48cd-b72b-ccdc51ecbbd6",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "2c4bfc14-3ea4-4ced-806a-fcac30b2a9d7",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        }
+      ],
+      "uuid": "eff0c059-5449-4207-9860-715475139595",
+      "value": "RedGolf"
    }
  ],
-  "version": 271
+  "version": 272
 }