MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Y en a un peut plus je vous le mets quand meme ?

Browse source
This commit is contained in:
Thanat0s 2022-06-11 04:24:04 -04:00
parent 57befd7259
commit 44a99d066a
1 changed files with 101 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

128
clusters/threat-actor.json
View file

@ -1488,7 +1488,8 @@
"Sneaky Panda", "Sneaky Panda",
"Elderwood", "Elderwood",
"Elderwood Gang", "Elderwood Gang",
"SIG22" "SIG22",
"G0066"
] ]
}, },
"related": [ "related": [
@ -2744,7 +2745,8 @@
"Quedagh", "Quedagh",
"Voodoo Bear", "Voodoo Bear",
"TEMP.Noble", "TEMP.Noble",
"Iron Viking" "Iron Viking",
"G0034"
] ]
}, },
"related": [ "related": [
@ -2864,7 +2866,8 @@
"GOLD NIAGARA", "GOLD NIAGARA",
"Calcium", "Calcium",
"ATK32", "ATK32",
"G0046" "G0046",
"G0008"
] ]
}, },
"related": [ "related": [
@ -2977,7 +2980,8 @@
"https://attack.mitre.org/groups/G0085/" "https://attack.mitre.org/groups/G0085/"
], ],
"synonyms": [ "synonyms": [
"FIN4" "FIN4",
"G0085"
] ]
}, },
"uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57", "uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57",
@ -3375,7 +3379,8 @@
"https://attack.mitre.org/groups/G0038/" "https://attack.mitre.org/groups/G0038/"
], ],
"synonyms": [ "synonyms": [
"FruityArmor" "FruityArmor",
"G0038"
] ]
}, },
"related": [ "related": [
@ -3470,6 +3475,9 @@
"https://attack.mitre.org/wiki/Groups", "https://attack.mitre.org/wiki/Groups",
"https://unit42.paloaltonetworks.com/scarlet-mimic-years-long-espionage-targets-minority-activists/", "https://unit42.paloaltonetworks.com/scarlet-mimic-years-long-espionage-targets-minority-activists/",
"https://attack.mitre.org/groups/G0029/" "https://attack.mitre.org/groups/G0029/"
],
"synonyms": [
"G0029"
] ]
}, },
"related": [ "related": [
@ -3493,6 +3501,9 @@
"https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/", "https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/",
"https://attack.mitre.org/wiki/Groups", "https://attack.mitre.org/wiki/Groups",
"https://attack.mitre.org/groups/G0033/" "https://attack.mitre.org/groups/G0033/"
],
"synonyms": [
"G0033"
] ]
}, },
"related": [ "related": [
@ -3535,7 +3546,9 @@
], ],
"synonyms": [ "synonyms": [
"Moafee", "Moafee",
"BRONZE OVERBROOK" "BRONZE OVERBROOK",
"G0017",
"G0002"
] ]
}, },
"related": [ "related": [
@ -3586,7 +3599,8 @@
"synonyms": [ "synonyms": [
"Strider", "Strider",
"Sauron", "Sauron",
"Project Sauron" "Project Sauron",
"G0041"
] ]
}, },
"related": [ "related": [
@ -3635,7 +3649,8 @@
"https://www.cfr.org/interactive/cyber-operations/apt-30" "https://www.cfr.org/interactive/cyber-operations/apt-30"
], ],
"synonyms": [ "synonyms": [
"APT30" "APT30",
"G0013"
] ]
}, },
"related": [ "related": [
@ -3691,6 +3706,9 @@
"refs": [ "refs": [
"https://securelist.com/apt-style-bank-robberies-increase-with-metel-gcman-and-carbanak-2-0-attacks/73638/", "https://securelist.com/apt-style-bank-robberies-increase-with-metel-gcman-and-carbanak-2-0-attacks/73638/",
"https://attack.mitre.org/groups/G0036/" "https://attack.mitre.org/groups/G0036/"
],
"synonyms": [
"G0036"
] ]
}, },
"related": [ "related": [
@ -3714,6 +3732,9 @@
"https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=62e325ae-f551-4855-b9cf-28a7d52d1534&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=62e325ae-f551-4855-b9cf-28a7d52d1534&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments",
"https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7a60af1f-7786-446c-976b-7c71a16e9d3b&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7a60af1f-7786-446c-976b-7c71a16e9d3b&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments",
"https://attack.mitre.org/groups/G0039/" "https://attack.mitre.org/groups/G0039/"
],
"synonyms": [
"G0039"
] ]
}, },
"related": [ "related": [
@ -4014,7 +4035,8 @@
"Operation Molerats", "Operation Molerats",
"Extreme Jackal", "Extreme Jackal",
"Moonlight", "Moonlight",
"ALUMINUM SARATOGA" "ALUMINUM SARATOGA",
"G0021"
] ]
}, },
"related": [ "related": [
@ -4041,7 +4063,9 @@
"https://attack.mitre.org/groups/G0056/" "https://attack.mitre.org/groups/G0056/"
], ],
"synonyms": [ "synonyms": [
"StrongPity" "StrongPity",
"G0055",
"G0056"
] ]
}, },
"related": [ "related": [
@ -4216,7 +4240,8 @@
"Lamberts", "Lamberts",
"EQGRP", "EQGRP",
"Longhorn", "Longhorn",
"PLATINUM TERMINAL" "PLATINUM TERMINAL",
"G0020"
] ]
}, },
"related": [ "related": [
@ -4287,7 +4312,8 @@
"synonyms": [ "synonyms": [
"Primitive Bear", "Primitive Bear",
"Shuckworm", "Shuckworm",
"ACTINIUM" "ACTINIUM",
"G0047"
] ]
}, },
"related": [ "related": [
@ -4487,6 +4513,7 @@
"cfr-type-of-incident": "Espionage", "cfr-type-of-incident": "Espionage",
"country": "VN", "country": "VN",
"refs": [ "refs": [
"https://attack.mitre.org/groups/G0050/",
"https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html", "https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html",
"https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/", "https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/",
"https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/", "https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/",
@ -4657,9 +4684,7 @@
"since": "2017", "since": "2017",
"synonyms": [ "synonyms": [
"LeafMiner", "LeafMiner",
"Raspite", "Raspite"
"ATK113",
"G0061"
], ],
"victimology": "Electric utility sector" "victimology": "Electric utility sector"
}, },
@ -4676,6 +4701,10 @@
"https://afyonluoglu.org/PublicWebFiles/Reports-TR/2017%20FireEye%20M-Trends%20Report.pdf", "https://afyonluoglu.org/PublicWebFiles/Reports-TR/2017%20FireEye%20M-Trends%20Report.pdf",
"https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html", "https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html",
"https://attack.mitre.org/groups/G0061" "https://attack.mitre.org/groups/G0061"
],
"synonyms": [
"ATK113",
"G0061"
] ]
}, },
"related": [ "related": [
@ -4718,6 +4747,7 @@
], ],
"cfr-type-of-incident": "Espionage", "cfr-type-of-incident": "Espionage",
"refs": [ "refs": [
"https://attack.mitre.org/groups/G0095/",
"https://securelist.com/el-machete/66108/", "https://securelist.com/el-machete/66108/",
"https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.html", "https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.html",
"https://www.cfr.org/interactive/cyber-operations/machete", "https://www.cfr.org/interactive/cyber-operations/machete",
@ -4727,7 +4757,8 @@
"synonyms": [ "synonyms": [
"Machete", "Machete",
"machete-apt", "machete-apt",
"APT-C-43" "APT-C-43",
"G0095"
] ]
}, },
"uuid": "827c17e0-c3f5-4ad1-a4f4-30a40ed0a2d3", "uuid": "827c17e0-c3f5-4ad1-a4f4-30a40ed0a2d3",
@ -4758,7 +4789,8 @@
"Cobalt Group", "Cobalt Group",
"Cobalt Gang", "Cobalt Gang",
"GOLD KINGSWOOD", "GOLD KINGSWOOD",
"COBALT SPIDER" "COBALT SPIDER",
"G0080"
] ]
}, },
"uuid": "01967480-c49b-4d4a-a7fa-aef0eaf535fe", "uuid": "01967480-c49b-4d4a-a7fa-aef0eaf535fe",
@ -4771,6 +4803,9 @@
"refs": [ "refs": [
"https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts", "https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts",
"https://attack.mitre.org/groups/G0062/" "https://attack.mitre.org/groups/G0062/"
],
"synonyms": [
"G0062"
] ]
}, },
"related": [ "related": [
@ -4901,7 +4936,8 @@
"Nian", "Nian",
"BRONZE BUTLER", "BRONZE BUTLER",
"REDBALDKNIGHT", "REDBALDKNIGHT",
"STALKER PANDA" "STALKER PANDA",
"G0060"
] ]
}, },
"related": [ "related": [
@ -5064,7 +5100,8 @@
"https://attack.mitre.org/groups/G0052/" "https://attack.mitre.org/groups/G0052/"
], ],
"synonyms": [ "synonyms": [
"Slayer Kitten" "Slayer Kitten",
"G0052"
] ]
}, },
"related": [ "related": [
@ -5216,7 +5253,8 @@
"Velvet Chollima", "Velvet Chollima",
"Black Banshee", "Black Banshee",
"Thallium", "Thallium",
"Operation Stolen Pencil" "Operation Stolen Pencil",
"G0086"
] ]
}, },
"uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3", "uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
@ -5616,6 +5654,9 @@
"https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments", "https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments",
"https://www.cfr.org/interactive/cyber-operations/sowbug", "https://www.cfr.org/interactive/cyber-operations/sowbug",
"https://attack.mitre.org/groups/G0054/" "https://attack.mitre.org/groups/G0054/"
],
"synonyms": [
"G0054"
] ]
}, },
"related": [ "related": [
@ -5723,7 +5764,11 @@
"country": "LB", "country": "LB",
"refs": [ "refs": [
"https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
"https://research.checkpoint.com/2020/bandook-signed-delivered",
"https://attack.mitre.org/groups/G0070/" "https://attack.mitre.org/groups/G0070/"
],
"synonyms": [
"G0070"
] ]
}, },
"uuid": "3d449c83-4426-431a-b06a-cb4f8a0fca94", "uuid": "3d449c83-4426-431a-b06a-cb4f8a0fca94",
@ -6177,7 +6222,8 @@
"synonyms": [ "synonyms": [
"Rancor group", "Rancor group",
"Rancor", "Rancor",
"Rancor Group" "Rancor Group",
"G0075"
] ]
}, },
"uuid": "79c7c7e0-79d5-11e8-9b9c-1ff96be20c0b", "uuid": "79c7c7e0-79d5-11e8-9b9c-1ff96be20c0b",
@ -6235,7 +6281,8 @@
"https://attack.mitre.org/groups/G0079/" "https://attack.mitre.org/groups/G0079/"
], ],
"synonyms": [ "synonyms": [
"LazyMeerkat" "LazyMeerkat",
"G0079"
] ]
}, },
"uuid": "ce2c2dfd-2445-4fbc-a747-9e7092e383f9", "uuid": "ce2c2dfd-2445-4fbc-a747-9e7092e383f9",
@ -6444,7 +6491,8 @@
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf" "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf"
], ],
"synonyms": [ "synonyms": [
"LOTUS PANDA" "LOTUS PANDA",
"G0076"
] ]
}, },
"uuid": "98be4300-a9ef-11e8-9a95-bb9221083cfc", "uuid": "98be4300-a9ef-11e8-9a95-bb9221083cfc",
@ -6472,7 +6520,8 @@
"cfr-type-of-incident": "Espionage", "cfr-type-of-incident": "Espionage",
"country": "PK", "country": "PK",
"refs": [ "refs": [
"https://www.cfr.org/interactive/cyber-operations/stealth-mango-and-tangelo" "https://www.cfr.org/interactive/cyber-operations/stealth-mango-and-tangelo",
"https://attack.mitre.org/groups/G0076"
], ],
"synonyms": [ "synonyms": [
"ATK78", "ATK78",
@ -6599,7 +6648,8 @@
"cfr-type-of-incident": "Espionage", "cfr-type-of-incident": "Espionage",
"country": "RU", "country": "RU",
"refs": [ "refs": [
"https://www.cfr.org/interactive/cyber-operations/cloud-atlas" "https://www.cfr.org/interactive/cyber-operations/cloud-atlas",
"https://attack.mitre.org/groups/G0100/"
], ],
"synonyms": [ "synonyms": [
"ATK116", "ATK116",
@ -7034,7 +7084,8 @@
"synonyms": [ "synonyms": [
"Chafer", "Chafer",
"REMIX KITTEN", "REMIX KITTEN",
"COBALT HICKMAN" "COBALT HICKMAN",
"G0087"
] ]
}, },
"uuid": "c2c64bd3-a325-446f-91a8-b4c0f173a30b", "uuid": "c2c64bd3-a325-446f-91a8-b4c0f173a30b",
@ -7362,6 +7413,9 @@
"https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/", "https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/",
"https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html", "https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html",
"https://attack.mitre.org/groups/G0063/" "https://attack.mitre.org/groups/G0063/"
],
"synonyms": [
"G0063"
] ]
}, },
"uuid": "8fbd195f-5e03-4e85-8ca5-4f1dff300bec", "uuid": "8fbd195f-5e03-4e85-8ca5-4f1dff300bec",
@ -7395,6 +7449,9 @@
"refs": [ "refs": [
"https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?", "https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?",
"https://attack.mitre.org/groups/G0053/" "https://attack.mitre.org/groups/G0053/"
],
"synonyms": [
"G0053"
] ]
}, },
"uuid": "44dc2f9c-8c28-11e9-9b9a-7fdced8cbf70", "uuid": "44dc2f9c-8c28-11e9-9b9a-7fdced8cbf70",
@ -7417,6 +7474,9 @@
"refs": [ "refs": [
"https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin10.pdf", "https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin10.pdf",
"https://attack.mitre.org/groups/G0051/" "https://attack.mitre.org/groups/G0051/"
],
"synonyms": [
"G0051"
] ]
}, },
"uuid": "f2d02410-8c2c-11e9-8df1-a31c1fb33d79", "uuid": "f2d02410-8c2c-11e9-8df1-a31c1fb33d79",
@ -7456,6 +7516,9 @@
"refs": [ "refs": [
"https://www.securityweek.com/iranian-actor-group5-targeting-syrian-opposition", "https://www.securityweek.com/iranian-actor-group5-targeting-syrian-opposition",
"https://attack.mitre.org/groups/G0043/" "https://attack.mitre.org/groups/G0043/"
],
"synonyms": [
"G0043"
] ]
}, },
"uuid": "bc8390aa-8c4e-11e9-a9cb-e37c361210af", "uuid": "bc8390aa-8c4e-11e9-a9cb-e37c361210af",
@ -7467,6 +7530,9 @@
"refs": [ "refs": [
"https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/", "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/",
"https://attack.mitre.org/groups/G0072/" "https://attack.mitre.org/groups/G0072/"
],
"synonyms": [
"G0072"
] ]
}, },
"uuid": "2d82a18e-8c53-11e9-b0ec-536b62fa3d86", "uuid": "2d82a18e-8c53-11e9-b0ec-536b62fa3d86",
@ -7489,6 +7555,9 @@
"refs": [ "refs": [
"https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf", "https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf",
"https://attack.mitre.org/groups/G0048/" "https://attack.mitre.org/groups/G0048/"
],
"synonyms": [
"G0048"
] ]
}, },
"uuid": "88100602-8e8b-11e9-bb7c-1bf20b58e305", "uuid": "88100602-8e8b-11e9-bb7c-1bf20b58e305",
@ -7520,6 +7589,9 @@
"refs": [ "refs": [
"https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf", "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf",
"https://attack.mitre.org/groups/G0015/" "https://attack.mitre.org/groups/G0015/"
],
"synonyms": [
"G0015"
] ]
}, },
"uuid": "e6669606-91ad-11e9-b6f5-374843911989", "uuid": "e6669606-91ad-11e9-b6f5-374843911989",
@ -8507,6 +8579,7 @@
"attribution-confidence": "100", "attribution-confidence": "100",
"country": "CN", "country": "CN",
"refs": [ "refs": [
"https://attack.mitre.org/groups/G0125/",
"https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers", "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers",
"https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/", "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/",
"https://www.splunk.com/en_us/blog/security/detecting-hafnium-exchange-server-zero-day-activity-in-splunk.html", "https://www.splunk.com/en_us/blog/security/detecting-hafnium-exchange-server-zero-day-activity-in-splunk.html",
@ -8532,7 +8605,8 @@
], ],
"synonyms": [ "synonyms": [
"ATK233", "ATK233",
"G0125" "G0125",
"Operation Exchange Marauder"
] ]
}, },
"uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5", "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",