mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
update threat actor galaxy
This commit is contained in:
parent
b966369933
commit
431e7a36c1
1 changed files with 35 additions and 11 deletions
|
@ -1097,24 +1097,34 @@
|
||||||
"cfr-type-of-incident": "Espionage",
|
"cfr-type-of-incident": "Espionage",
|
||||||
"country": "CN",
|
"country": "CN",
|
||||||
"refs": [
|
"refs": [
|
||||||
"http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/",
|
"https://unit42.paloaltonetworks.com/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/",
|
||||||
"https://www.cfr.org/interactive/cyber-operations/apt-10",
|
"https://www.cfr.org/interactive/cyber-operations/apt-10",
|
||||||
"https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf",
|
"https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf",
|
||||||
"https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf"
|
"https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf",
|
||||||
|
"https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html",
|
||||||
|
"https://www.eweek.com/security/chinese-nation-state-hackers-target-u.s-in-operation-tradesecret",
|
||||||
|
"https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-cyber-espionage-campaign/",
|
||||||
|
"https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf",
|
||||||
|
"https://www.accenture.com/t20180423T055005Z_w_/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf",
|
||||||
|
"https://www.us-cert.gov/sites/default/files/publications/IR-ALERT-MED-17-093-01C-Intrusions_Affecting_Multiple_Victims_Across_Multiple_Sectors.pdf",
|
||||||
|
"https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html",
|
||||||
|
"https://www.fbi.gov/news/stories/chinese-hackers-indicted-122018",
|
||||||
|
"https://attack.mitre.org/groups/G0045/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"APT10",
|
"APT10",
|
||||||
"APT 10",
|
"APT 10",
|
||||||
"MenuPass",
|
"MenuPass",
|
||||||
"Menupass Team",
|
"Menupass Team",
|
||||||
|
"menuPass",
|
||||||
|
"menuPass Team",
|
||||||
"happyyongzi",
|
"happyyongzi",
|
||||||
"POTASSIUM",
|
"POTASSIUM",
|
||||||
"DustStorm",
|
"DustStorm",
|
||||||
"Red Apollo",
|
"Red Apollo",
|
||||||
"CVNX",
|
"CVNX",
|
||||||
"HOGFISH",
|
"HOGFISH",
|
||||||
"Cloud Hopper",
|
"Cloud Hopper"
|
||||||
"Stone Panda"
|
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -3233,7 +3243,8 @@
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://citizenlab.org/2016/05/stealth-falcon/",
|
"https://citizenlab.org/2016/05/stealth-falcon/",
|
||||||
"https://www.cfr.org/interactive/cyber-operations/stealth-falcon",
|
"https://www.cfr.org/interactive/cyber-operations/stealth-falcon",
|
||||||
"https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/"
|
"https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/",
|
||||||
|
"https://attack.mitre.org/groups/G0038/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"FruityArmor"
|
"FruityArmor"
|
||||||
|
@ -3518,7 +3529,10 @@
|
||||||
"country": "US",
|
"country": "US",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/",
|
"https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/",
|
||||||
"https://www.cfr.org/interactive/cyber-operations/project-sauron"
|
"https://www.cfr.org/interactive/cyber-operations/project-sauron",
|
||||||
|
"https://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets",
|
||||||
|
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07190154/The-ProjectSauron-APT_research_KL.pdf",
|
||||||
|
"https://attack.mitre.org/groups/G0041/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Strider",
|
"Strider",
|
||||||
|
@ -3648,7 +3662,8 @@
|
||||||
"country": "CN",
|
"country": "CN",
|
||||||
"refs": [
|
"refs": [
|
||||||
"http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates",
|
"http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates",
|
||||||
"http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks"
|
"http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks",
|
||||||
|
"https://attack.mitre.org/groups/G0039/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -4640,7 +4655,8 @@
|
||||||
"attribution-confidence": "50",
|
"attribution-confidence": "50",
|
||||||
"country": "CN",
|
"country": "CN",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts#.WS3IBVFV4no.twitter"
|
"https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts",
|
||||||
|
"https://attack.mitre.org/groups/G0062/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -5458,7 +5474,8 @@
|
||||||
"cfr-type-of-incident": "Espionage",
|
"cfr-type-of-incident": "Espionage",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments",
|
"https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments",
|
||||||
"https://www.cfr.org/interactive/cyber-operations/sowbug"
|
"https://www.cfr.org/interactive/cyber-operations/sowbug",
|
||||||
|
"https://attack.mitre.org/groups/G0054/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -6811,7 +6828,12 @@
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.bleepingcomputer.com/news/security/ta505-group-adopts-new-servhelper-backdoor-and-flawedgrace-rat/",
|
"https://www.bleepingcomputer.com/news/security/ta505-group-adopts-new-servhelper-backdoor-and-flawedgrace-rat/",
|
||||||
"https://www.proofpoint.com/sites/default/files/ta505_timeline_final4_0.png"
|
"https://www.proofpoint.com/sites/default/files/ta505_timeline_final4_0.png",
|
||||||
|
"https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter",
|
||||||
|
"https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware",
|
||||||
|
"https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors'%20Tools_Report.pdf",
|
||||||
|
"https://threatpost.com/ta505-servhelper-malware/140792/"
|
||||||
|
"https://blog.yoroi.company/research/the-stealthy-email-stealer-in-the-ta505-arsenal/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f",
|
"uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f",
|
||||||
|
@ -7053,7 +7075,9 @@
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/",
|
"https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/",
|
||||||
"https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/"
|
"https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/",
|
||||||
|
"https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia",
|
||||||
|
"https://attack.mitre.org/groups/G0086/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "769aeaa6-d193-4e90-a818-d74c6ff7b845",
|
"uuid": "769aeaa6-d193-4e90-a818-d74c6ff7b845",
|
||||||
|
|
Loading…
Reference in a new issue