MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add Mitre vs Thales RosettaStone

Browse source
This commit is contained in:
Thanat0s 2022-06-10 18:24:15 -04:00
parent 18fd2c0e34
commit 297acc0f5e
1 changed files with 140 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

188
clusters/threat-actor.json
View file

@ -67,7 +67,8 @@
"Brown Fox", "Brown Fox",
"GIF89a", "GIF89a",
"ShadyRAT", "ShadyRAT",
"Shanghai Group" "Shanghai Group",
"G0006"
] ]
}, },
"related": [ "related": [
@ -149,7 +150,10 @@
"https://www.cylance.com/content/dam/cylance/pdfs/reports/Op_Dust_Storm_Report.pdf", "https://www.cylance.com/content/dam/cylance/pdfs/reports/Op_Dust_Storm_Report.pdf",
"https://web.archive.org/web/20140816135909/https://www.symantec.com/connect/blogs/inside-back-door-attack", "https://web.archive.org/web/20140816135909/https://www.symantec.com/connect/blogs/inside-back-door-attack",
"https://attack.mitre.org/groups/G0031/" "https://attack.mitre.org/groups/G0031/"
] ],
"synonyms": [
"G0031"
]
}, },
"related": [ "related": [
{ {
@ -279,7 +283,8 @@
"4HCrew", "4HCrew",
"SULPHUR", "SULPHUR",
"SearchFire", "SearchFire",
"TG-6952" "TG-6952",
"G0024"
] ]
}, },
"related": [ "related": [
@ -383,7 +388,9 @@
"APT-C-06", "APT-C-06",
"SIG25", "SIG25",
"TUNGSTEN BRIDGE", "TUNGSTEN BRIDGE",
"T-APT-02" "T-APT-02",
"G0012",
"ATK52"
] ]
}, },
"related": [ "related": [
@ -461,11 +468,13 @@
"country": "CN", "country": "CN",
"refs": [ "refs": [
"https://www.fireeye.com/blog/threat-research/2015/12/the_eps_awakens.html", "https://www.fireeye.com/blog/threat-research/2015/12/the_eps_awakens.html",
"https://www.cfr.org/interactive/cyber-operations/apt-16" "https://www.cfr.org/interactive/cyber-operations/apt-16",
"https://attack.mitre.org/groups/G0023"
], ],
"synonyms": [ "synonyms": [
"APT16", "APT16",
"SVCMONDR" "SVCMONDR",
"G0023"
] ]
}, },
"uuid": "1f73e14f-b882-4032-a565-26dc653b0daf", "uuid": "1f73e14f-b882-4032-a565-26dc653b0daf",
@ -494,7 +503,8 @@
"https://web.archive.org/web/20141016080249/http://www.symantec.com/connect/blogs/security-vendors-take-action-against-hidden-lynx-malware", "https://web.archive.org/web/20141016080249/http://www.symantec.com/connect/blogs/security-vendors-take-action-against-hidden-lynx-malware",
"https://web.archive.org/web/20130920000343/https://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire", "https://web.archive.org/web/20130920000343/https://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire",
"https://www.recordedfuture.com/hidden-lynx-analysis/", "https://www.recordedfuture.com/hidden-lynx-analysis/",
"https://www.secureworks.com/research/threat-profiles/bronze-keystone" "https://www.secureworks.com/research/threat-profiles/bronze-keystone",
"https://attack.mitre.org/groups/G0025/"
], ],
"synonyms": [ "synonyms": [
"APT 17", "APT 17",
@ -504,7 +514,8 @@
"Hidden Lynx", "Hidden Lynx",
"Tailgater Team", "Tailgater Team",
"Dogfish", "Dogfish",
"BRONZE KEYSTONE" "BRONZE KEYSTONE",
"G0025"
] ]
}, },
"related": [ "related": [
@ -557,7 +568,8 @@
"country": "CN", "country": "CN",
"refs": [ "refs": [
"https://threatpost.com/apt-gang-branches-out-to-medical-espionage-in-community-health-breach/107828", "https://threatpost.com/apt-gang-branches-out-to-medical-espionage-in-community-health-breach/107828",
"https://www.cfr.org/interactive/cyber-operations/apt-18" "https://www.cfr.org/interactive/cyber-operations/apt-18",
"https://attack.mitre.org/groups/G0026"
], ],
"synonyms": [ "synonyms": [
"Dynamite Panda", "Dynamite Panda",
@ -565,7 +577,8 @@
"APT 18", "APT 18",
"SCANDIUM", "SCANDIUM",
"PLA Navy", "PLA Navy",
"APT18" "APT18",
"G0026"
] ]
}, },
"related": [ "related": [
@ -648,7 +661,8 @@
"BARIUM", "BARIUM",
"BRONZE ATLAS", "BRONZE ATLAS",
"BRONZE EXPORT", "BRONZE EXPORT",
"Red Kelpie" "Red Kelpie",
"G0044"
] ]
}, },
"related": [ "related": [
@ -731,7 +745,8 @@
"Group 13", "Group 13",
"PinkPanther", "PinkPanther",
"Sh3llCr3w", "Sh3llCr3w",
"BRONZE FIRESTONE" "BRONZE FIRESTONE",
"G0009"
] ]
}, },
"related": [ "related": [
@ -807,7 +822,8 @@
"APT.Naikon", "APT.Naikon",
"Lotus Panda", "Lotus Panda",
"Hellsing", "Hellsing",
"BRONZE GENEVA" "BRONZE GENEVA",
"G0019"
] ]
}, },
"related": [ "related": [
@ -879,7 +895,9 @@
"ST Group", "ST Group",
"Esile", "Esile",
"DRAGONFISH", "DRAGONFISH",
"BRONZE ELGIN" "BRONZE ELGIN",
"ATK1",
"G0030"
] ]
}, },
"related": [ "related": [
@ -1037,7 +1055,8 @@
"ZipToken", "ZipToken",
"Iron Tiger", "Iron Tiger",
"BRONZE UNION", "BRONZE UNION",
"Lucky Mouse" "Lucky Mouse",
"G0027"
] ]
}, },
"related": [ "related": [
@ -1108,7 +1127,9 @@
"CVNX", "CVNX",
"HOGFISH", "HOGFISH",
"Cloud Hopper", "Cloud Hopper",
"BRONZE RIVERSIDE" "BRONZE RIVERSIDE",
"ATK41",
"G0045"
] ]
}, },
"related": [ "related": [
@ -1181,7 +1202,11 @@
"https://kc.mcafee.com/corporate/index?page=content&id=KB71150", "https://kc.mcafee.com/corporate/index?page=content&id=KB71150",
"https://securingtomorrow.mcafee.com/wp-content/uploads/2011/02/McAfee_NightDragon_wp_draft_to_customersv1-1.pdf", "https://securingtomorrow.mcafee.com/wp-content/uploads/2011/02/McAfee_NightDragon_wp_draft_to_customersv1-1.pdf",
"https://attack.mitre.org/groups/G0014/" "https://attack.mitre.org/groups/G0014/"
],
"synonyms": [
"G0014"
] ]
}, },
"related": [ "related": [
{ {
@ -1233,7 +1258,8 @@
"Lurid", "Lurid",
"Social Network Team", "Social Network Team",
"Royal APT", "Royal APT",
"BRONZE PALACE" "BRONZE PALACE",
"G0004"
] ]
}, },
"uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8", "uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8",
@ -1401,7 +1427,8 @@
], ],
"synonyms": [ "synonyms": [
"PittyTiger", "PittyTiger",
"MANGANESE" "MANGANESE",
"G0011"
] ]
}, },
"related": [ "related": [
@ -1607,7 +1634,8 @@
"Admin338", "Admin338",
"Team338", "Team338",
"MAGNESIUM", "MAGNESIUM",
"admin@338" "admin@338",
"G0018"
] ]
}, },
"related": [ "related": [
@ -1645,7 +1673,8 @@
"KeyBoy", "KeyBoy",
"TropicTrooper", "TropicTrooper",
"Tropic Trooper", "Tropic Trooper",
"BRONZE HOBART" "BRONZE HOBART",
"G0081"
] ]
}, },
"uuid": "7f16d1f5-04ee-4d99-abf0-87e1f23f9fee", "uuid": "7f16d1f5-04ee-4d99-abf0-87e1f23f9fee",
@ -1873,7 +1902,8 @@
"iKittens", "iKittens",
"Group 83", "Group 83",
"Newsbeef", "Newsbeef",
"NewsBeef" "NewsBeef",
"G0058"
] ]
}, },
"related": [ "related": [
@ -1962,6 +1992,7 @@
"https://www.brighttalk.com/webcast/10703/275683", "https://www.brighttalk.com/webcast/10703/275683",
"https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage", "https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage",
"https://www.secureworks.com/research/threat-profiles/cobalt-trinity", "https://www.secureworks.com/research/threat-profiles/cobalt-trinity",
"https://attack.mitre.org/groups/G0064/",
"https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/" "https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/"
], ],
"synonyms": [ "synonyms": [
@ -1970,7 +2001,9 @@
"MAGNALLIUM", "MAGNALLIUM",
"Refined Kitten", "Refined Kitten",
"HOLMIUM", "HOLMIUM",
"COBALT TRINITY" "COBALT TRINITY",
"G0064",
"ATK35"
] ]
}, },
"related": [ "related": [
@ -2181,7 +2214,9 @@
"APT35", "APT35",
"APT 35", "APT 35",
"TEMP.Beanie", "TEMP.Beanie",
"Ghambar" "Ghambar",
"G0059",
"G0003"
] ]
}, },
"related": [ "related": [
@ -2399,7 +2434,9 @@
"Group 74", "Group 74",
"SIG40", "SIG40",
"Grizzly Steppe", "Grizzly Steppe",
"apt_sofacy" "apt_sofacy",
"G0007",
"ATK5"
] ]
}, },
"related": [ "related": [
@ -2457,7 +2494,8 @@
"https://www.cfr.org/interactive/cyber-operations/dukes", "https://www.cfr.org/interactive/cyber-operations/dukes",
"https://pylos.co/2018/11/18/cozybear-in-from-the-cold/", "https://pylos.co/2018/11/18/cozybear-in-from-the-cold/",
"https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/", "https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/",
"https://www.secureworks.com/research/threat-profiles/iron-hemlock" "https://www.secureworks.com/research/threat-profiles/iron-hemlock",
"https://attack.mitre.org/groups/G0016"
], ],
"synonyms": [ "synonyms": [
"Dukes", "Dukes",
@ -2478,7 +2516,9 @@
"Hammer Toss", "Hammer Toss",
"YTTRIUM", "YTTRIUM",
"Iron Hemlock", "Iron Hemlock",
"Grizzly Steppe" "Grizzly Steppe",
"G0016",
"ATK7"
] ]
}, },
"related": [ "related": [
@ -2572,7 +2612,9 @@
"Popeye", "Popeye",
"SIG23", "SIG23",
"Iron Hunter", "Iron Hunter",
"MAKERSMARK" "MAKERSMARK",
"ATK13",
"G0010"
] ]
}, },
"related": [ "related": [
@ -2646,7 +2688,9 @@
"Havex", "Havex",
"CrouchingYeti", "CrouchingYeti",
"Koala Team", "Koala Team",
"IRON LIBERTY" "IRON LIBERTY",
"G0035",
"ATK6"
] ]
}, },
"related": [ "related": [
@ -2819,7 +2863,9 @@
"synonyms": [ "synonyms": [
"CARBON SPIDER", "CARBON SPIDER",
"GOLD NIAGARA", "GOLD NIAGARA",
"Calcium" "Calcium",
"ATK32",
"G0046"
] ]
}, },
"related": [ "related": [
@ -3081,7 +3127,9 @@
"https://www.hvs-consulting.de/lazarus-report/", "https://www.hvs-consulting.de/lazarus-report/",
"https://github.com/hvs-consulting/ioc_signatures/tree/main/Lazarus_APT37", "https://github.com/hvs-consulting/ioc_signatures/tree/main/Lazarus_APT37",
"https://blogs.jpcert.or.jp/en/2021/01/Lazarus_tools.html", "https://blogs.jpcert.or.jp/en/2021/01/Lazarus_tools.html",
"https://blogs.jpcert.or.jp/en/2021/01/Lazarus_malware2.html" "https://blogs.jpcert.or.jp/en/2021/01/Lazarus_malware2.html",
"https://attack.mitre.org/groups/G0082",
"https://attack.mitre.org/groups/G0032"
], ],
"synonyms": [ "synonyms": [
"Operation DarkSeoul", "Operation DarkSeoul",
@ -3108,7 +3156,12 @@
"Nickel Academy", "Nickel Academy",
"APT-C-26", "APT-C-26",
"NICKEL GLADSTONE", "NICKEL GLADSTONE",
"COVELLITE" "COVELLITE",
"ATK3",
"G0032",
"ATK117",
"G0082"
] ]
}, },
"related": [ "related": [
@ -3232,7 +3285,8 @@
], ],
"synonyms": [ "synonyms": [
"Animal Farm", "Animal Farm",
"Snowglobe" "Snowglobe",
"ATK8"
] ]
}, },
"uuid": "3b8e7462-c83f-4e7d-9511-2fe430d80aab", "uuid": "3b8e7462-c83f-4e7d-9511-2fe430d80aab",
@ -3385,7 +3439,9 @@
"Sarit", "Sarit",
"Quilted Tiger", "Quilted Tiger",
"APT-C-09", "APT-C-09",
"ZINC EMERSON" "ZINC EMERSON",
"ATK11",
"G0040"
] ]
}, },
"related": [ "related": [
@ -3689,7 +3745,9 @@
"ITG08", "ITG08",
"MageCart Group 6", "MageCart Group 6",
"White Giant", "White Giant",
"GOLD FRANKLIN" "GOLD FRANKLIN",
"ATK88",
"G0037"
] ]
}, },
"related": [ "related": [
@ -3789,7 +3847,9 @@
"Helix Kitten", "Helix Kitten",
"APT 34", "APT 34",
"APT34", "APT34",
"IRN2" "IRN2",
"ATK40",
"G0049"
] ]
}, },
"related": [ "related": [
@ -4455,7 +4515,9 @@
"Ocean Buffalo", "Ocean Buffalo",
"POND LOACH", "POND LOACH",
"TIN WOODLAWN", "TIN WOODLAWN",
"BISMUTH" "BISMUTH",
"ATK17",
"G0050"
] ]
}, },
"related": [ "related": [
@ -4519,7 +4581,9 @@
"https://attack.mitre.org/groups/G0068/" "https://attack.mitre.org/groups/G0068/"
], ],
"synonyms": [ "synonyms": [
"TwoForOne" "TwoForOne",
"G0068",
"ATK33"
] ]
}, },
"related": [ "related": [
@ -4595,7 +4659,9 @@
"since": "2017", "since": "2017",
"synonyms": [ "synonyms": [
"LeafMiner", "LeafMiner",
"Raspite" "Raspite",
"ATK113",
"G0061"
], ],
"victimology": "Electric utility sector" "victimology": "Electric utility sector"
}, },
@ -5607,7 +5673,9 @@
"Static Kitten", "Static Kitten",
"Seedworm", "Seedworm",
"MERCURY", "MERCURY",
"COBALT ULSTER" "COBALT ULSTER",
"G0069",
"ATK51"
] ]
}, },
"related": [ "related": [
@ -5716,7 +5784,9 @@
"Red Eyes", "Red Eyes",
"Ricochet Chollima", "Ricochet Chollima",
"ScarCruft", "ScarCruft",
"Venus 121" "Venus 121",
"ATK4",
"G0067"
] ]
}, },
"related": [ "related": [
@ -5803,7 +5873,9 @@
"APT40", "APT40",
"BRONZE MOHAWK", "BRONZE MOHAWK",
"GADOLINIUM", "GADOLINIUM",
"Kryptonite Panda" "Kryptonite Panda",
"G0065",
"ATK29"
] ]
}, },
"related": [ "related": [
@ -6145,7 +6217,9 @@
], ],
"synonyms": [ "synonyms": [
"Gorgon Group", "Gorgon Group",
"Subaat" "Subaat",
"ATK92",
"G0078"
] ]
}, },
"uuid": "e47c2c4d-706b-4098-92a2-b93e7103e131", "uuid": "e47c2c4d-706b-4098-92a2-b93e7103e131",
@ -6393,6 +6467,10 @@
"India", "India",
"United States" "United States"
], ],
"synonyms": [
"ATK78",
"G0076"
],
"cfr-target-category": [ "cfr-target-category": [
"Government", "Government",
"Civil society" "Civil society"
@ -6524,7 +6602,11 @@
"country": "RU", "country": "RU",
"refs": [ "refs": [
"https://www.cfr.org/interactive/cyber-operations/cloud-atlas" "https://www.cfr.org/interactive/cyber-operations/cloud-atlas"
] ],
"synonyms": [
"ATK116",
"G0100"
]
}, },
"uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126", "uuid": "1572f618-bcb3-11e8-841b-1fd7f9cfe126",
"value": "Cloud Atlas" "value": "Cloud Atlas"
@ -6826,7 +6908,9 @@
"GRACEFUL SPIDER", "GRACEFUL SPIDER",
"GOLD TAHOE", "GOLD TAHOE",
"Dudear", "Dudear",
"TEMP.Warlock" "TEMP.Warlock",
"G0092",
"ATK103"
] ]
}, },
"uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f", "uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f",
@ -7452,7 +7536,9 @@
"https://attack.mitre.org/groups/G0088/" "https://attack.mitre.org/groups/G0088/"
], ],
"synonyms": [ "synonyms": [
"Xenotime" "Xenotime",
"G0088",
"ATK91"
] ]
}, },
"uuid": "90abfc42-91c6-11e9-89b1-af58de8f7ec2", "uuid": "90abfc42-91c6-11e9-89b1-af58de8f7ec2",
@ -8445,7 +8531,11 @@
"https://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks", "https://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks",
"https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking", "https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking",
"https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-joins-international-partners-attribution-malicious-cyber-activity-china" "https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-joins-international-partners-attribution-malicious-cyber-activity-china"
] ],
"synonyms": [
"ATK233",
"G0125"
]
}, },
"uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5", "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",
"value": "HAFNIUM" "value": "HAFNIUM"
@ -8702,7 +8792,9 @@
], ],
"synonyms": [ "synonyms": [
"Shakthak", "Shakthak",
"TA551" "TA551",
"ATK2361",
"G01271"
] ]
}, },
"uuid": "36e8c848-4d20-47ea-9fc2-31aa17bf82d1", "uuid": "36e8c848-4d20-47ea-9fc2-31aa17bf82d1",
@ -9335,5 +9427,5 @@
"value": "RansomHouse" "value": "RansomHouse"
} }
], ],
"version": 227 "version": 228
} }