Merge pull request #945 from danielplohmann/patch-38

adding aliases from UA's H1'2023 report
This commit is contained in:
Alexandre Dulaunoy 2024-03-12 23:06:08 +01:00 committed by GitHub
commit 3f3b7984a8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -2499,7 +2499,8 @@
"https://www.secureworks.com/research/threat-profiles/iron-hemlock",
"https://attack.mitre.org/groups/G0016",
"https://unit42.paloaltonetworks.com/atoms/cloaked-ursa/",
"https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf"
"https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf",
"https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
],
"synonyms": [
"Group 100",
@ -2516,7 +2517,8 @@
"TA421",
"Blue Kitsune",
"ITG11",
"BlueBravo"
"BlueBravo",
"UAC-0029"
],
"targeted-sector": [
"Think Tanks",
@ -2625,7 +2627,8 @@
"https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/",
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/",
"https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf"
"https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf",
"https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
],
"synonyms": [
"Snake",
@ -2649,7 +2652,10 @@
"Blue Python",
"SUMMIT",
"UNC4210",
"Secret Blizzard"
"Secret Blizzard",
"UAC-0144",
"UAC-0024",
"UAC-0003"
],
"targeted-sector": [
"Government, Administration",
@ -2814,7 +2820,8 @@
"https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/",
"https://www.recordedfuture.com/russia-nexus-uac-0113-emulating-telecommunication-providers-in-ukraine",
"https://cert.gov.ua/article/405538"
"https://cert.gov.ua/article/405538",
"https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
],
"synonyms": [
"Quedagh",
@ -2828,7 +2835,8 @@
"Blue Echidna",
"FROZENBARENTS",
"UAC-0113",
"Seashell Blizzard"
"Seashell Blizzard",
"UAC-0082"
],
"targeted-sector": [
"Electric",
@ -13402,7 +13410,12 @@
"country": "RU",
"refs": [
"https://www.mandiant.com/resources/blog/gru-rise-telegram-minions",
"https://www.mandiant.com/resources/blog/gru-disruptive-playbook"
"https://www.mandiant.com/resources/blog/gru-disruptive-playbook",
"https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
],
"synonyms": [
"UAC-0100",
"UAC-0106"
]
},
"uuid": "566752f5-a294-4430-b47e-8e705f9887ea",
@ -13417,7 +13430,11 @@
"https://www.cyfirma.com/?post_type=out-of-band&p=17397",
"https://www.reversinglabs.com/blog/the-week-in-security-possible-colonial-pipeline-2.0-ransomware-hurts-small-american-eateries",
"https://channellife.com.au/story/the-increasing-presence-of-pro-russia-hacktivists",
"https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/"
"https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/",
"https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
],
"synonyms": [
"UAC-0109"
]
},
"uuid": "3689f0e2-6c39-4864-ae0b-cc03e4cb695a",
@ -15325,5 +15342,5 @@
"value": "R00tK1T"
}
],
"version": 303
"version": 304
}