mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
Y en a un peut plus je vous le mets quand meme ?
This commit is contained in:
parent
57befd7259
commit
44a99d066a
1 changed files with 101 additions and 27 deletions
|
@ -1488,7 +1488,8 @@
|
|||
"Sneaky Panda",
|
||||
"Elderwood",
|
||||
"Elderwood Gang",
|
||||
"SIG22"
|
||||
"SIG22",
|
||||
"G0066"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -2744,7 +2745,8 @@
|
|||
"Quedagh",
|
||||
"Voodoo Bear",
|
||||
"TEMP.Noble",
|
||||
"Iron Viking"
|
||||
"Iron Viking",
|
||||
"G0034"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -2864,7 +2866,8 @@
|
|||
"GOLD NIAGARA",
|
||||
"Calcium",
|
||||
"ATK32",
|
||||
"G0046"
|
||||
"G0046",
|
||||
"G0008"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -2977,7 +2980,8 @@
|
|||
"https://attack.mitre.org/groups/G0085/"
|
||||
],
|
||||
"synonyms": [
|
||||
"FIN4"
|
||||
"FIN4",
|
||||
"G0085"
|
||||
]
|
||||
},
|
||||
"uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57",
|
||||
|
@ -3375,7 +3379,8 @@
|
|||
"https://attack.mitre.org/groups/G0038/"
|
||||
],
|
||||
"synonyms": [
|
||||
"FruityArmor"
|
||||
"FruityArmor",
|
||||
"G0038"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -3470,6 +3475,9 @@
|
|||
"https://attack.mitre.org/wiki/Groups",
|
||||
"https://unit42.paloaltonetworks.com/scarlet-mimic-years-long-espionage-targets-minority-activists/",
|
||||
"https://attack.mitre.org/groups/G0029/"
|
||||
],
|
||||
"synonyms": [
|
||||
"G0029"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -3493,6 +3501,9 @@
|
|||
"https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/",
|
||||
"https://attack.mitre.org/wiki/Groups",
|
||||
"https://attack.mitre.org/groups/G0033/"
|
||||
],
|
||||
"synonyms": [
|
||||
"G0033"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -3535,7 +3546,9 @@
|
|||
],
|
||||
"synonyms": [
|
||||
"Moafee",
|
||||
"BRONZE OVERBROOK"
|
||||
"BRONZE OVERBROOK",
|
||||
"G0017",
|
||||
"G0002"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -3586,7 +3599,8 @@
|
|||
"synonyms": [
|
||||
"Strider",
|
||||
"Sauron",
|
||||
"Project Sauron"
|
||||
"Project Sauron",
|
||||
"G0041"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -3635,7 +3649,8 @@
|
|||
"https://www.cfr.org/interactive/cyber-operations/apt-30"
|
||||
],
|
||||
"synonyms": [
|
||||
"APT30"
|
||||
"APT30",
|
||||
"G0013"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -3691,6 +3706,9 @@
|
|||
"refs": [
|
||||
"https://securelist.com/apt-style-bank-robberies-increase-with-metel-gcman-and-carbanak-2-0-attacks/73638/",
|
||||
"https://attack.mitre.org/groups/G0036/"
|
||||
],
|
||||
"synonyms": [
|
||||
"G0036"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -3714,6 +3732,9 @@
|
|||
"https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=62e325ae-f551-4855-b9cf-28a7d52d1534&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments",
|
||||
"https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7a60af1f-7786-446c-976b-7c71a16e9d3b&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments",
|
||||
"https://attack.mitre.org/groups/G0039/"
|
||||
],
|
||||
"synonyms": [
|
||||
"G0039"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -4014,7 +4035,8 @@
|
|||
"Operation Molerats",
|
||||
"Extreme Jackal",
|
||||
"Moonlight",
|
||||
"ALUMINUM SARATOGA"
|
||||
"ALUMINUM SARATOGA",
|
||||
"G0021"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -4041,7 +4063,9 @@
|
|||
"https://attack.mitre.org/groups/G0056/"
|
||||
],
|
||||
"synonyms": [
|
||||
"StrongPity"
|
||||
"StrongPity",
|
||||
"G0055",
|
||||
"G0056"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -4216,7 +4240,8 @@
|
|||
"Lamberts",
|
||||
"EQGRP",
|
||||
"Longhorn",
|
||||
"PLATINUM TERMINAL"
|
||||
"PLATINUM TERMINAL",
|
||||
"G0020"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -4287,7 +4312,8 @@
|
|||
"synonyms": [
|
||||
"Primitive Bear",
|
||||
"Shuckworm",
|
||||
"ACTINIUM"
|
||||
"ACTINIUM",
|
||||
"G0047"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -4487,6 +4513,7 @@
|
|||
"cfr-type-of-incident": "Espionage",
|
||||
"country": "VN",
|
||||
"refs": [
|
||||
"https://attack.mitre.org/groups/G0050/",
|
||||
"https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html",
|
||||
"https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/",
|
||||
"https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/",
|
||||
|
@ -4657,9 +4684,7 @@
|
|||
"since": "2017",
|
||||
"synonyms": [
|
||||
"LeafMiner",
|
||||
"Raspite",
|
||||
"ATK113",
|
||||
"G0061"
|
||||
"Raspite"
|
||||
],
|
||||
"victimology": "Electric utility sector"
|
||||
},
|
||||
|
@ -4676,6 +4701,10 @@
|
|||
"https://afyonluoglu.org/PublicWebFiles/Reports-TR/2017%20FireEye%20M-Trends%20Report.pdf",
|
||||
"https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html",
|
||||
"https://attack.mitre.org/groups/G0061"
|
||||
],
|
||||
"synonyms": [
|
||||
"ATK113",
|
||||
"G0061"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -4718,6 +4747,7 @@
|
|||
],
|
||||
"cfr-type-of-incident": "Espionage",
|
||||
"refs": [
|
||||
"https://attack.mitre.org/groups/G0095/",
|
||||
"https://securelist.com/el-machete/66108/",
|
||||
"https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.html",
|
||||
"https://www.cfr.org/interactive/cyber-operations/machete",
|
||||
|
@ -4727,7 +4757,8 @@
|
|||
"synonyms": [
|
||||
"Machete",
|
||||
"machete-apt",
|
||||
"APT-C-43"
|
||||
"APT-C-43",
|
||||
"G0095"
|
||||
]
|
||||
},
|
||||
"uuid": "827c17e0-c3f5-4ad1-a4f4-30a40ed0a2d3",
|
||||
|
@ -4758,7 +4789,8 @@
|
|||
"Cobalt Group",
|
||||
"Cobalt Gang",
|
||||
"GOLD KINGSWOOD",
|
||||
"COBALT SPIDER"
|
||||
"COBALT SPIDER",
|
||||
"G0080"
|
||||
]
|
||||
},
|
||||
"uuid": "01967480-c49b-4d4a-a7fa-aef0eaf535fe",
|
||||
|
@ -4771,6 +4803,9 @@
|
|||
"refs": [
|
||||
"https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts",
|
||||
"https://attack.mitre.org/groups/G0062/"
|
||||
],
|
||||
"synonyms": [
|
||||
"G0062"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -4901,7 +4936,8 @@
|
|||
"Nian",
|
||||
"BRONZE BUTLER",
|
||||
"REDBALDKNIGHT",
|
||||
"STALKER PANDA"
|
||||
"STALKER PANDA",
|
||||
"G0060"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -5064,7 +5100,8 @@
|
|||
"https://attack.mitre.org/groups/G0052/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Slayer Kitten"
|
||||
"Slayer Kitten",
|
||||
"G0052"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -5216,7 +5253,8 @@
|
|||
"Velvet Chollima",
|
||||
"Black Banshee",
|
||||
"Thallium",
|
||||
"Operation Stolen Pencil"
|
||||
"Operation Stolen Pencil",
|
||||
"G0086"
|
||||
]
|
||||
},
|
||||
"uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||
|
@ -5616,6 +5654,9 @@
|
|||
"https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments",
|
||||
"https://www.cfr.org/interactive/cyber-operations/sowbug",
|
||||
"https://attack.mitre.org/groups/G0054/"
|
||||
],
|
||||
"synonyms": [
|
||||
"G0054"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -5723,7 +5764,11 @@
|
|||
"country": "LB",
|
||||
"refs": [
|
||||
"https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
|
||||
"https://research.checkpoint.com/2020/bandook-signed-delivered",
|
||||
"https://attack.mitre.org/groups/G0070/"
|
||||
],
|
||||
"synonyms": [
|
||||
"G0070"
|
||||
]
|
||||
},
|
||||
"uuid": "3d449c83-4426-431a-b06a-cb4f8a0fca94",
|
||||
|
@ -6177,7 +6222,8 @@
|
|||
"synonyms": [
|
||||
"Rancor group",
|
||||
"Rancor",
|
||||
"Rancor Group"
|
||||
"Rancor Group",
|
||||
"G0075"
|
||||
]
|
||||
},
|
||||
"uuid": "79c7c7e0-79d5-11e8-9b9c-1ff96be20c0b",
|
||||
|
@ -6235,7 +6281,8 @@
|
|||
"https://attack.mitre.org/groups/G0079/"
|
||||
],
|
||||
"synonyms": [
|
||||
"LazyMeerkat"
|
||||
"LazyMeerkat",
|
||||
"G0079"
|
||||
]
|
||||
},
|
||||
"uuid": "ce2c2dfd-2445-4fbc-a747-9e7092e383f9",
|
||||
|
@ -6444,7 +6491,8 @@
|
|||
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf"
|
||||
],
|
||||
"synonyms": [
|
||||
"LOTUS PANDA"
|
||||
"LOTUS PANDA",
|
||||
"G0076"
|
||||
]
|
||||
},
|
||||
"uuid": "98be4300-a9ef-11e8-9a95-bb9221083cfc",
|
||||
|
@ -6472,7 +6520,8 @@
|
|||
"cfr-type-of-incident": "Espionage",
|
||||
"country": "PK",
|
||||
"refs": [
|
||||
"https://www.cfr.org/interactive/cyber-operations/stealth-mango-and-tangelo"
|
||||
"https://www.cfr.org/interactive/cyber-operations/stealth-mango-and-tangelo",
|
||||
"https://attack.mitre.org/groups/G0076"
|
||||
],
|
||||
"synonyms": [
|
||||
"ATK78",
|
||||
|
@ -6599,7 +6648,8 @@
|
|||
"cfr-type-of-incident": "Espionage",
|
||||
"country": "RU",
|
||||
"refs": [
|
||||
"https://www.cfr.org/interactive/cyber-operations/cloud-atlas"
|
||||
"https://www.cfr.org/interactive/cyber-operations/cloud-atlas",
|
||||
"https://attack.mitre.org/groups/G0100/"
|
||||
],
|
||||
"synonyms": [
|
||||
"ATK116",
|
||||
|
@ -7034,7 +7084,8 @@
|
|||
"synonyms": [
|
||||
"Chafer",
|
||||
"REMIX KITTEN",
|
||||
"COBALT HICKMAN"
|
||||
"COBALT HICKMAN",
|
||||
"G0087"
|
||||
]
|
||||
},
|
||||
"uuid": "c2c64bd3-a325-446f-91a8-b4c0f173a30b",
|
||||
|
@ -7362,6 +7413,9 @@
|
|||
"https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/",
|
||||
"https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html",
|
||||
"https://attack.mitre.org/groups/G0063/"
|
||||
],
|
||||
"synonyms": [
|
||||
"G0063"
|
||||
]
|
||||
},
|
||||
"uuid": "8fbd195f-5e03-4e85-8ca5-4f1dff300bec",
|
||||
|
@ -7395,6 +7449,9 @@
|
|||
"refs": [
|
||||
"https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?",
|
||||
"https://attack.mitre.org/groups/G0053/"
|
||||
],
|
||||
"synonyms": [
|
||||
"G0053"
|
||||
]
|
||||
},
|
||||
"uuid": "44dc2f9c-8c28-11e9-9b9a-7fdced8cbf70",
|
||||
|
@ -7417,6 +7474,9 @@
|
|||
"refs": [
|
||||
"https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin10.pdf",
|
||||
"https://attack.mitre.org/groups/G0051/"
|
||||
],
|
||||
"synonyms": [
|
||||
"G0051"
|
||||
]
|
||||
},
|
||||
"uuid": "f2d02410-8c2c-11e9-8df1-a31c1fb33d79",
|
||||
|
@ -7456,6 +7516,9 @@
|
|||
"refs": [
|
||||
"https://www.securityweek.com/iranian-actor-group5-targeting-syrian-opposition",
|
||||
"https://attack.mitre.org/groups/G0043/"
|
||||
],
|
||||
"synonyms": [
|
||||
"G0043"
|
||||
]
|
||||
},
|
||||
"uuid": "bc8390aa-8c4e-11e9-a9cb-e37c361210af",
|
||||
|
@ -7467,6 +7530,9 @@
|
|||
"refs": [
|
||||
"https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/",
|
||||
"https://attack.mitre.org/groups/G0072/"
|
||||
],
|
||||
"synonyms": [
|
||||
"G0072"
|
||||
]
|
||||
},
|
||||
"uuid": "2d82a18e-8c53-11e9-b0ec-536b62fa3d86",
|
||||
|
@ -7489,6 +7555,9 @@
|
|||
"refs": [
|
||||
"https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf",
|
||||
"https://attack.mitre.org/groups/G0048/"
|
||||
],
|
||||
"synonyms": [
|
||||
"G0048"
|
||||
]
|
||||
},
|
||||
"uuid": "88100602-8e8b-11e9-bb7c-1bf20b58e305",
|
||||
|
@ -7520,6 +7589,9 @@
|
|||
"refs": [
|
||||
"https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf",
|
||||
"https://attack.mitre.org/groups/G0015/"
|
||||
],
|
||||
"synonyms": [
|
||||
"G0015"
|
||||
]
|
||||
},
|
||||
"uuid": "e6669606-91ad-11e9-b6f5-374843911989",
|
||||
|
@ -8507,6 +8579,7 @@
|
|||
"attribution-confidence": "100",
|
||||
"country": "CN",
|
||||
"refs": [
|
||||
"https://attack.mitre.org/groups/G0125/",
|
||||
"https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers",
|
||||
"https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/",
|
||||
"https://www.splunk.com/en_us/blog/security/detecting-hafnium-exchange-server-zero-day-activity-in-splunk.html",
|
||||
|
@ -8532,7 +8605,8 @@
|
|||
],
|
||||
"synonyms": [
|
||||
"ATK233",
|
||||
"G0125"
|
||||
"G0125",
|
||||
"Operation Exchange Marauder"
|
||||
]
|
||||
},
|
||||
"uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",
|
||||
|
|
Loading…
Reference in a new issue