This commit is contained in:
Deborah Servili 2019-03-11 08:51:16 +01:00
commit 33dbda1e1e
3 changed files with 45 additions and 5 deletions

View file

@ -161,7 +161,7 @@
]
},
"uuid": "54976d3e-7e6f-4863-9338-bc9e5041b9f2",
"value": "Hacking candidate laptops or email accounts"
"value": "Hacking/misconfiguration of government servers, communication networks, or endpoints"
},
{
"description": "Hacking government websites, spreading misinformation on the election process, registered parties/candidates, or results",
@ -332,5 +332,5 @@
"value": "Defacement, DoS or overload of websites or other systems used for publication of the results"
}
],
"version": 1
"version": 2
}

View file

@ -5087,10 +5087,14 @@
"refs": [
"https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets",
"https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html",
"https://www.cfr.org/interactive/cyber-operations/leviathan"
"https://www.cfr.org/interactive/cyber-operations/leviathan",
"https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html"
],
"synonyms": [
"TEMP.Periscope"
"TEMP.Periscope",
"TEMP.Jumper",
"APT 40",
"APT40"
]
},
"related": [
@ -6414,6 +6418,32 @@
},
"uuid": "9ba291f2-b107-402d-9083-3128395ff26e",
"value": "Operation Kabar Cobra"
},
{
"description": "Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.",
"meta": {
"refs": [
"https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/"
],
"synonyms": [
"Blind Eagle"
]
},
"uuid": "ae1c64ff-5a37-4291-97f8-ea402c63efd0",
"value": "APT-C-36"
},
{
"description": "Resecuritys research indicates that the attack on Parliament is a part of a multi-year cyberespionage campaign orchestrated by a nation-state actor whom we are calling IRIDIUM. This actor targets sensitive government, diplomatic, and military resources in the countries comprising the Five Eyes intelligence alliance (which includes Australia, Canada, New Zealand, the United Kingdom and the United States)",
"meta": {
"attribution-confidence": "10",
"country": "IR",
"refs": [
"https://resecurity.com/blog/parliament_races/",
"https://www.nbcnews.com/politics/national-security/iranian-backed-hackers-stole-data-major-u-s-government-contractor-n980986"
]
},
"uuid": "29cfe970-5446-4cfc-a2da-00e9f49e02ba",
"value": "IRIDIUM"
}
],
"version": 96

View file

@ -7562,7 +7562,17 @@
},
"uuid": "f0fc5ab9-4973-42b3-a2f6-25ff551b5566",
"value": "StealthWorker"
},
{
"description": "The SLUB backdoor is a custom one written in the C++ programming language, statically linking curl library to perform multiple HTTP requests. Other statically-linked libraries are boost (for extracting commands from gist snippets) and JsonCpp (for parsing slack channel communication).",
"meta": {
"refs": [
"https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/"
]
},
"uuid": "bb6492fa-36b5-4f4a-a787-e718e7f9997f",
"value": "SLUB Backdoor"
}
],
"version": 111
"version": 112
}