MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add Mitre vs Thales RosettaStone

Browse source
This commit is contained in:
Thanat0s 2022-06-10 18:24:15 -04:00
parent 18fd2c0e34
commit 297acc0f5e
1 changed files with 140 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

188
clusters/threat-actor.json
View file

@ -67,7 +67,8 @@
"Brown Fox",
"GIF89a",
"ShadyRAT",
"Shanghai Group"
"Shanghai Group",
"G0006"
]
},
"related": [
@ -149,7 +150,10 @@
"https://www.cylance.com/content/dam/cylance/pdfs/reports/Op_Dust_Storm_Report.pdf",
"https://web.archive.org/web/20140816135909/https://www.symantec.com/connect/blogs/inside-back-door-attack",
"https://attack.mitre.org/groups/G0031/"
]
],
"synonyms": [
"G0031"
]
},
"related": [
{
@ -279,7 +283,8 @@
"4HCrew",
"SULPHUR",
"SearchFire",
"TG-6952"
"TG-6952",
"G0024"
]
},
"related": [
@ -383,7 +388,9 @@
"APT-C-06",
"SIG25",
"TUNGSTEN BRIDGE",
"T-APT-02"
"T-APT-02",
"G0012",
"ATK52"
]
},
"related": [
@ -461,11 +468,13 @@
"country": "CN",
"refs": [
"https://www.fireeye.com/blog/threat-research/2015/12/the_eps_awakens.html",
"https://www.cfr.org/interactive/cyber-operations/apt-16"
"https://www.cfr.org/interactive/cyber-operations/apt-16",
"https://attack.mitre.org/groups/G0023"
],
"synonyms": [
"APT16",
"SVCMONDR"
"SVCMONDR",
"G0023"
]
},
"uuid": "1f73e14f-b882-4032-a565-26dc653b0daf",
@ -494,7 +503,8 @@
"https://web.archive.org/web/20141016080249/http://www.symantec.com/connect/blogs/security-vendors-take-action-against-hidden-lynx-malware",
"https://web.archive.org/web/20130920000343/https://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire",
"https://www.recordedfuture.com/hidden-lynx-analysis/",
"https://www.secureworks.com/research/threat-profiles/bronze-keystone"
"https://www.secureworks.com/research/threat-profiles/bronze-keystone",
"https://attack.mitre.org/groups/G0025/"
],
"synonyms": [
"APT 17",
@ -504,7 +514,8 @@
"Hidden Lynx",
"Tailgater Team",
"Dogfish",
"BRONZE KEYSTONE"
"BRONZE KEYSTONE",
"G0025"
]
},
"related": [
@ -557,7 +568,8 @@
"country": "CN",
"refs": [
"https://threatpost.com/apt-gang-branches-out-to-medical-espionage-in-community-health-breach/107828",
"https://www.cfr.org/interactive/cyber-operations/apt-18"
"https://www.cfr.org/interactive/cyber-operations/apt-18",
"https://attack.mitre.org/groups/G0026"
],
"synonyms": [
"Dynamite Panda",
@ -565,7 +577,8 @@
"APT 18",
"SCANDIUM",
"PLA Navy",
"APT18"
"APT18",
"G0026"
]
},
"related": [
@ -648,7 +661,8 @@
"BARIUM",
"BRONZE ATLAS",
"BRONZE EXPORT",
"Red Kelpie"
"Red Kelpie",
"G0044"
]
},
"related": [
@ -731,7 +745,8 @@
"Group 13",
"PinkPanther",
"Sh3llCr3w",
"BRONZE FIRESTONE"
"BRONZE FIRESTONE",
"G0009"
]
},
"related": [
@ -807,7 +822,8 @@
"APT.Naikon",
"Lotus Panda",
"Hellsing",
"BRONZE GENEVA"
"BRONZE GENEVA",
"G0019"
]
},
"related": [
@ -879,7 +895,9 @@
"ST Group",
"Esile",
"DRAGONFISH",
"BRONZE ELGIN"
"BRONZE ELGIN",
"ATK1",
"G0030"
]
},
"related": [
@ -1037,7 +1055,8 @@
"ZipToken",
"Iron Tiger",
"BRONZE UNION",
"Lucky Mouse"
"Lucky Mouse",
"G0027"
]
},
"related": [
@ -1108,7 +1127,9 @@
"CVNX",
"HOGFISH",
"Cloud Hopper",
"BRONZE RIVERSIDE"
"BRONZE RIVERSIDE",
"ATK41",
"G0045"
]
},
"related": [
@ -1181,7 +1202,11 @@
"https://kc.mcafee.com/corporate/index?page=content&id=KB71150",
"https://securingtomorrow.mcafee.com/wp-content/uploads/2011/02/McAfee_NightDragon_wp_draft_to_customersv1-1.pdf",
"https://attack.mitre.org/groups/G0014/"
],
"synonyms": [
"G0014"
]
},
"related": [
{
@ -1233,7 +1258,8 @@
"Lurid",
"Social Network Team",
"Royal APT",
"BRONZE PALACE"
"BRONZE PALACE",
"G0004"
]
},
"uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8",
@ -1401,7 +1427,8 @@
],
"synonyms": [
"PittyTiger",
"MANGANESE"
"MANGANESE",
"G0011"
]
},
"related": [
@ -1607,7 +1634,8 @@
"Admin338",
"Team338",
"MAGNESIUM",
"admin@338"
"admin@338",
"G0018"
]
},
"related": [
@ -1645,7 +1673,8 @@
"KeyBoy",
"TropicTrooper",
"Tropic Trooper",
"BRONZE HOBART"
"BRONZE HOBART",
"G0081"
]
},
"uuid": "7f16d1f5-04ee-4d99-abf0-87e1f23f9fee",
@ -1873,7 +1902,8 @@
"iKittens",
"Group 83",
"Newsbeef",
"NewsBeef"
"NewsBeef",
"G0058"
]
},
"related": [
@ -1962,6 +1992,7 @@
"https://www.brighttalk.com/webcast/10703/275683",
"https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage",
"https://www.secureworks.com/research/threat-profiles/cobalt-trinity",
"https://attack.mitre.org/groups/G0064/",
"https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/"
],
"synonyms": [
@ -1970,7 +2001,9 @@
"MAGNALLIUM",
"Refined Kitten",
"HOLMIUM",
"COBALT TRINITY"
"COBALT TRINITY",
"G0064",
"ATK35"
]
},
"related": [
@ -2181,7 +2214,9 @@
"APT35",
"APT 35",
"TEMP.Beanie",
"Ghambar"
"Ghambar",
"G0059",
"G0003"
]
},
"related": [
@ -2399,7 +2434,9 @@
"Group 74",
"SIG40",
"Grizzly Steppe",
"apt_sofacy"
"apt_sofacy",
"G0007",
"ATK5"
]
},
"related": [
@ -2457,7 +2494,8 @@
"https://www.cfr.org/interactive/cyber-operations/dukes",
"https://pylos.co/2018/11/18/cozybear-in-from-the-cold/",
"https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/",
"https://www.secureworks.com/research/threat-profiles/iron-hemlock"
"https://www.secureworks.com/research/threat-profiles/iron-hemlock",
"https://attack.mitre.org/groups/G0016"
],
"synonyms": [
"Dukes",
@ -2478,7 +2516,9 @@
"Hammer Toss",
"YTTRIUM",
"Iron Hemlock",
"Grizzly Steppe"
"Grizzly Steppe",
"G0016",
"ATK7"
]
},
"related": [
@ -2572,7 +2612,9 @@
"Popeye",
"SIG23",
"Iron Hunter",
"MAKERSMARK"
"MAKERSMARK",
"ATK13",
"G0010"
]
},
"related": [
@ -2646,7 +2688,9 @@
"Havex",
"CrouchingYeti",
"Koala Team",
"IRON LIBERTY"
"IRON LIBERTY",
"G0035",
"ATK6"
]
},
"related": [
@ -2819,7 +2863,9 @@
"synonyms": [
"CARBON SPIDER",
"GOLD NIAGARA",
"Calcium"
"Calcium",
"ATK32",
"G0046"
]
},
"related": [
@ -3081,7 +3127,9 @@
"https://www.hvs-consulting.de/lazarus-report/",
"https://github.com/hvs-consulting/ioc_signatures/tree/main/Lazarus_APT37",
"https://blogs.jpcert.or.jp/en/2021/01/Lazarus_tools.html",
"https://blogs.jpcert.or.jp/en/2021/01/Lazarus_malware2.html"
"https://blogs.jpcert.or.jp/en/2021/01/Lazarus_malware2.html",
"https://attack.mitre.org/groups/G0082",
"https://attack.mitre.org/groups/G0032"
],
"synonyms": [
"Operation DarkSeoul",
@ -3108,7 +3156,12 @@
"Nickel Academy",
"APT-C-26",
"NICKEL GLADSTONE",
"COVELLITE"
"COVELLITE",
"ATK3",
"G0032",
"ATK117",
"G0082"
]
},
"related": [
@ -3232,7 +3285,8 @@
],
"synonyms": [
"Animal Farm",
"Snowglobe"
"Snowglobe",
"ATK8"
]
},
"uuid": "3b8e7462-c83f-4e7d-9511-2fe430d80aab",
@ -3385,7 +3439,9 @@
"Sarit",
"Quilted Tiger",
"APT-C-09",
"ZINC EMERSON"
"ZINC EMERSON",
"ATK11",
"G0040"
]
},
"related": [
@ -3689,7 +3745,9 @@
"ITG08",
"MageCart Group 6",
"White Giant",
"GOLD FRANKLIN"
"GOLD FRANKLIN",
"ATK88",
"G0037"
]
},
"related": [
@ -3789,7 +3847,9 @@
"Helix Kitten",
"APT 34",
"APT34",
"IRN2"
"IRN2",
"ATK40",
"G0049"
]
},
"related": [
@ -4455,7 +4515,9 @@
"Ocean Buffalo",
"POND LOACH",
"TIN WOODLAWN",
"BISMUTH"
"BISMUTH",
"ATK17",
"G0050"
]
},
"related": [
@ -4519,7 +4581,9 @@
"https://attack.mitre.org/groups/G0068/"
],
"synonyms": [
"TwoForOne"
"TwoForOne",
"G0068",
"ATK33"
]
},
"related": [
@ -4595,7 +4659,9 @@
"since": "2017",
"synonyms": [
"LeafMiner",
"Raspite"
"Raspite",
"ATK113",
"G0061"
],
"victimology": "Electric utility sector"
},
@ -5607,7 +5673,9 @@
"Static Kitten",
"Seedworm",
"MERCURY",
"COBALT ULSTER"
"COBALT ULSTER",
"G0069",
"ATK51"
]
},
"related": [
@ -5716,7 +5784,9 @@
"Red Eyes",
"Ricochet Chollima",
"ScarCruft",
"Venus 121"
"Venus 121",
"ATK4",
"G0067"
]
},
"related": [
@ -5803,7 +5873,9 @@
"APT40",
"BRONZE MOHAWK",
"GADOLINIUM",
"Kryptonite Panda"
"Kryptonite Panda",
"G0065",
"ATK29"
]
},
"related": [
@ -6145,7 +6217,9 @@
],
"synonyms": [
"Gorgon Group",
"Subaat"
"Subaat",
"ATK92",
"G0078"
]
},
"uuid": "e47c2c4d-706b-4098-92a2-b93e7103e131",
@ -6393,6 +6467,10 @@
"India",
"United States"
],
"synonyms": [
"ATK78",
"G0076"
],
"cfr-target-category": [
"Government",
"Civil society"
@ -6524,7 +6602,11 @@
"country": "RU",
"refs": [
"https://www.cfr.org/interactive/cyber-operations/cloud-atlas"
]
],
"synonyms": [
"ATK116",
"G0100"
]
},
"uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126",
"value": "Cloud Atlas"
@ -6826,7 +6908,9 @@
"GRACEFUL SPIDER",
"GOLD TAHOE",
"Dudear",
"TEMP.Warlock"
"TEMP.Warlock",
"G0092",
"ATK103"
]
},
"uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f",
@ -7452,7 +7536,9 @@
"https://attack.mitre.org/groups/G0088/"
],
"synonyms": [
"Xenotime"
"Xenotime",
"G0088",
"ATK91"
]
},
"uuid": "90abfc42-91c6-11e9-89b1-af58de8f7ec2",
@ -8445,7 +8531,11 @@
"https://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks",
"https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking",
"https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-joins-international-partners-attribution-malicious-cyber-activity-china"
]
],
"synonyms": [
"ATK233",
"G0125"
]
},
"uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",
"value": "HAFNIUM"
@ -8702,7 +8792,9 @@
],
"synonyms": [
"Shakthak",
"TA551"
"TA551",
"ATK2361",
"G01271"
]
},
"uuid": "36e8c848-4d20-47ea-9fc2-31aa17bf82d1",
@ -9335,5 +9427,5 @@
"value": "RansomHouse"
}
],
"version": 227
"version": 228
}