update threat actor galaxy

This commit is contained in:
Deborah Servili 2019-06-17 16:36:42 +02:00
parent b966369933
commit 431e7a36c1
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1

View file

@ -1097,24 +1097,34 @@
"cfr-type-of-incident": "Espionage", "cfr-type-of-incident": "Espionage",
"country": "CN", "country": "CN",
"refs": [ "refs": [
"http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/", "https://unit42.paloaltonetworks.com/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/",
"https://www.cfr.org/interactive/cyber-operations/apt-10", "https://www.cfr.org/interactive/cyber-operations/apt-10",
"https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf", "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf",
"https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf" "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf",
"https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html",
"https://www.eweek.com/security/chinese-nation-state-hackers-target-u.s-in-operation-tradesecret",
"https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-cyber-espionage-campaign/",
"https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf",
"https://www.accenture.com/t20180423T055005Z_w_/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf",
"https://www.us-cert.gov/sites/default/files/publications/IR-ALERT-MED-17-093-01C-Intrusions_Affecting_Multiple_Victims_Across_Multiple_Sectors.pdf",
"https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html",
"https://www.fbi.gov/news/stories/chinese-hackers-indicted-122018",
"https://attack.mitre.org/groups/G0045/"
], ],
"synonyms": [ "synonyms": [
"APT10", "APT10",
"APT 10", "APT 10",
"MenuPass", "MenuPass",
"Menupass Team", "Menupass Team",
"menuPass",
"menuPass Team",
"happyyongzi", "happyyongzi",
"POTASSIUM", "POTASSIUM",
"DustStorm", "DustStorm",
"Red Apollo", "Red Apollo",
"CVNX", "CVNX",
"HOGFISH", "HOGFISH",
"Cloud Hopper", "Cloud Hopper"
"Stone Panda"
] ]
}, },
"related": [ "related": [
@ -3233,7 +3243,8 @@
"refs": [ "refs": [
"https://citizenlab.org/2016/05/stealth-falcon/", "https://citizenlab.org/2016/05/stealth-falcon/",
"https://www.cfr.org/interactive/cyber-operations/stealth-falcon", "https://www.cfr.org/interactive/cyber-operations/stealth-falcon",
"https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/" "https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/",
"https://attack.mitre.org/groups/G0038/"
], ],
"synonyms": [ "synonyms": [
"FruityArmor" "FruityArmor"
@ -3518,7 +3529,10 @@
"country": "US", "country": "US",
"refs": [ "refs": [
"https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/", "https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/",
"https://www.cfr.org/interactive/cyber-operations/project-sauron" "https://www.cfr.org/interactive/cyber-operations/project-sauron",
"https://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets",
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07190154/The-ProjectSauron-APT_research_KL.pdf",
"https://attack.mitre.org/groups/G0041/"
], ],
"synonyms": [ "synonyms": [
"Strider", "Strider",
@ -3648,7 +3662,8 @@
"country": "CN", "country": "CN",
"refs": [ "refs": [
"http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates", "http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates",
"http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks" "http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks",
"https://attack.mitre.org/groups/G0039/"
] ]
}, },
"related": [ "related": [
@ -4640,7 +4655,8 @@
"attribution-confidence": "50", "attribution-confidence": "50",
"country": "CN", "country": "CN",
"refs": [ "refs": [
"https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts#.WS3IBVFV4no.twitter" "https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts",
"https://attack.mitre.org/groups/G0062/"
] ]
}, },
"related": [ "related": [
@ -5458,7 +5474,8 @@
"cfr-type-of-incident": "Espionage", "cfr-type-of-incident": "Espionage",
"refs": [ "refs": [
"https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments", "https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments",
"https://www.cfr.org/interactive/cyber-operations/sowbug" "https://www.cfr.org/interactive/cyber-operations/sowbug",
"https://attack.mitre.org/groups/G0054/"
] ]
}, },
"related": [ "related": [
@ -6811,7 +6828,12 @@
"meta": { "meta": {
"refs": [ "refs": [
"https://www.bleepingcomputer.com/news/security/ta505-group-adopts-new-servhelper-backdoor-and-flawedgrace-rat/", "https://www.bleepingcomputer.com/news/security/ta505-group-adopts-new-servhelper-backdoor-and-flawedgrace-rat/",
"https://www.proofpoint.com/sites/default/files/ta505_timeline_final4_0.png" "https://www.proofpoint.com/sites/default/files/ta505_timeline_final4_0.png",
"https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter",
"https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware",
"https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors'%20Tools_Report.pdf",
"https://threatpost.com/ta505-servhelper-malware/140792/"
"https://blog.yoroi.company/research/the-stealthy-email-stealer-in-the-ta505-arsenal/"
] ]
}, },
"uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f", "uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f",
@ -7053,7 +7075,9 @@
"meta": { "meta": {
"refs": [ "refs": [
"https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/", "https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/",
"https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/" "https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/",
"https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia",
"https://attack.mitre.org/groups/G0086/"
] ]
}, },
"uuid": "769aeaa6-d193-4e90-a818-d74c6ff7b845", "uuid": "769aeaa6-d193-4e90-a818-d74c6ff7b845",