Merge pull request #945 from danielplohmann/patch-38

adding aliases from UA's H1'2023 report
This commit is contained in:
Alexandre Dulaunoy 2024-03-12 23:06:08 +01:00 committed by GitHub
commit 3f3b7984a8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -2499,7 +2499,8 @@
"https://www.secureworks.com/research/threat-profiles/iron-hemlock", "https://www.secureworks.com/research/threat-profiles/iron-hemlock",
"https://attack.mitre.org/groups/G0016", "https://attack.mitre.org/groups/G0016",
"https://unit42.paloaltonetworks.com/atoms/cloaked-ursa/", "https://unit42.paloaltonetworks.com/atoms/cloaked-ursa/",
"https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf" "https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf",
"https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
], ],
"synonyms": [ "synonyms": [
"Group 100", "Group 100",
@ -2516,7 +2517,8 @@
"TA421", "TA421",
"Blue Kitsune", "Blue Kitsune",
"ITG11", "ITG11",
"BlueBravo" "BlueBravo",
"UAC-0029"
], ],
"targeted-sector": [ "targeted-sector": [
"Think Tanks", "Think Tanks",
@ -2625,7 +2627,8 @@
"https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/", "https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/",
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag", "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/", "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/",
"https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf" "https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf",
"https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
], ],
"synonyms": [ "synonyms": [
"Snake", "Snake",
@ -2649,7 +2652,10 @@
"Blue Python", "Blue Python",
"SUMMIT", "SUMMIT",
"UNC4210", "UNC4210",
"Secret Blizzard" "Secret Blizzard",
"UAC-0144",
"UAC-0024",
"UAC-0003"
], ],
"targeted-sector": [ "targeted-sector": [
"Government, Administration", "Government, Administration",
@ -2814,7 +2820,8 @@
"https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back", "https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/", "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/",
"https://www.recordedfuture.com/russia-nexus-uac-0113-emulating-telecommunication-providers-in-ukraine", "https://www.recordedfuture.com/russia-nexus-uac-0113-emulating-telecommunication-providers-in-ukraine",
"https://cert.gov.ua/article/405538" "https://cert.gov.ua/article/405538",
"https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
], ],
"synonyms": [ "synonyms": [
"Quedagh", "Quedagh",
@ -2828,7 +2835,8 @@
"Blue Echidna", "Blue Echidna",
"FROZENBARENTS", "FROZENBARENTS",
"UAC-0113", "UAC-0113",
"Seashell Blizzard" "Seashell Blizzard",
"UAC-0082"
], ],
"targeted-sector": [ "targeted-sector": [
"Electric", "Electric",
@ -13402,7 +13410,12 @@
"country": "RU", "country": "RU",
"refs": [ "refs": [
"https://www.mandiant.com/resources/blog/gru-rise-telegram-minions", "https://www.mandiant.com/resources/blog/gru-rise-telegram-minions",
"https://www.mandiant.com/resources/blog/gru-disruptive-playbook" "https://www.mandiant.com/resources/blog/gru-disruptive-playbook",
"https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
],
"synonyms": [
"UAC-0100",
"UAC-0106"
] ]
}, },
"uuid": "566752f5-a294-4430-b47e-8e705f9887ea", "uuid": "566752f5-a294-4430-b47e-8e705f9887ea",
@ -13417,7 +13430,11 @@
"https://www.cyfirma.com/?post_type=out-of-band&p=17397", "https://www.cyfirma.com/?post_type=out-of-band&p=17397",
"https://www.reversinglabs.com/blog/the-week-in-security-possible-colonial-pipeline-2.0-ransomware-hurts-small-american-eateries", "https://www.reversinglabs.com/blog/the-week-in-security-possible-colonial-pipeline-2.0-ransomware-hurts-small-american-eateries",
"https://channellife.com.au/story/the-increasing-presence-of-pro-russia-hacktivists", "https://channellife.com.au/story/the-increasing-presence-of-pro-russia-hacktivists",
"https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/" "https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/",
"https://cip.gov.ua/services/cm/api/attachment/download?id=60068"
],
"synonyms": [
"UAC-0109"
] ]
}, },
"uuid": "3689f0e2-6c39-4864-ae0b-cc03e4cb695a", "uuid": "3689f0e2-6c39-4864-ae0b-cc03e4cb695a",
@ -15325,5 +15342,5 @@
"value": "R00tK1T" "value": "R00tK1T"
} }
], ],
"version": 303 "version": 304
} }