MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-23 07:17:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #684 from Mathieu4141/actors-targeting-ukraine

Browse source 
Actors targeting ukraine
This commit is contained in:
Alexandre Dulaunoy 2022-03-02 21:42:19 +01:00 committed by GitHub
commit 21be83e3e9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
clusters/threat-actor.json
View file

@ -4190,6 +4190,12 @@
{ {
"description": "Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. In the past, the Gamaredon Group has relied heavily on off-the-shelf tools. Our new research shows the Gamaredon Group have made a shift to custom-developed malware. We believe this shift indicates the Gamaredon Group have improved their technical capabilities.", "description": "Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. In the past, the Gamaredon Group has relied heavily on off-the-shelf tools. Our new research shows the Gamaredon Group have made a shift to custom-developed malware. We believe this shift indicates the Gamaredon Group have improved their technical capabilities.",
"meta": { "meta": {
"cfr-suspected-victims": [
"Ukraine"
],
"cfr-target-category": [
"Government"
],
"refs": [ "refs": [
"http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution", "http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution",
"https://www.lookingglasscyber.com/wp-content/uploads/2015/08/Operation_Armageddon_Final.pdf", "https://www.lookingglasscyber.com/wp-content/uploads/2015/08/Operation_Armageddon_Final.pdf",
@ -4200,7 +4206,8 @@
"https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal/", "https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal/",
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine",
"https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/", "https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/",
"https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/" "https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/",
"https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/"
], ],
"synonyms": [ "synonyms": [
"Primitive Bear", "Primitive Bear",
@ -8450,18 +8457,24 @@
{ {
"description": "Ghostwriter is referred as an 'activity set', with various incidents tied together by overlapping behavioral characteristics and personas, rather than as an actor or group in itself.", "description": "Ghostwriter is referred as an 'activity set', with various incidents tied together by overlapping behavioral characteristics and personas, rather than as an actor or group in itself.",
"meta": { "meta": {
"attribution-confidence": "50",
"cfr-suspected-state-sponsor": "Belarus",
"cfr-suspected-victims": [ "cfr-suspected-victims": [
"Germany", "Germany",
"Latvia", "Latvia",
"Lithuania", "Lithuania",
"Poland" "Poland",
"Ukraine"
], ],
"cfr-target-category": [ "cfr-target-category": [
"Government" "Government"
], ],
"country": "BY",
"refs": [ "refs": [
"https://www.fireeye.com/blog/threat-research/2020/07/ghostwriter-influence-campaign.html", "https://www.fireeye.com/blog/threat-research/2020/07/ghostwriter-influence-campaign.html",
"https://twitter.com/hatr/status/1377220336597483520" "https://twitter.com/hatr/status/1377220336597483520",
"https://www.mandiant.com/resources/unc1151-linked-to-belarus-government",
"https://www.bleepingcomputer.com/news/security/meta-ukrainian-officials-military-targeted-by-ghostwriter-hackers/"
] ]
}, },
"uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5", "uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5",
@ -8953,5 +8966,5 @@
"value": "TA2541" "value": "TA2541"
} }
], ],
"version": 212 "version": 213
} }