mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-25 16:27:19 +00:00
Merge branch 'r0ny123-patch-1'
This commit is contained in:
commit
4ecf8cf6f7
2 changed files with 28 additions and 35 deletions
|
@ -599,7 +599,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
|
||||||
|
|
||||||
[Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
|
[Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
|
||||||
|
|
||||||
Category: *actor* - source: *MISP Project* - total: *782* elements
|
Category: *actor* - source: *MISP Project* - total: *781* elements
|
||||||
|
|
||||||
[[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]
|
[[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]
|
||||||
|
|
||||||
|
|
|
@ -4859,8 +4859,27 @@
|
||||||
"https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations",
|
"https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations",
|
||||||
"https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign",
|
"https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign",
|
||||||
"https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf",
|
"https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf",
|
||||||
"https://www.darkreading.com/attacks-breaches/russian-apt-bluecharlie-swaps-infrastructure-to-evade-detection",
|
"https://www.recordedfuture.com/research/bluecharlie-previously-tracked-as-tag-53-continues-to-deploy-new-infrastructure-in-2023",
|
||||||
"https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/"
|
"https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/",
|
||||||
|
"https://go.recordedfuture.com/hubfs/reports/cta-2022-1205.pdf",
|
||||||
|
"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/blue-callisto-orbits-around-us.html",
|
||||||
|
"https://www.ncsc.gov.uk/files/Advisory-Russian-FSB-cyber-actor-star-blizzard-continues-worldwide-spear-sphishing-campaigns.pdf",
|
||||||
|
"https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-global-elections",
|
||||||
|
"https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics",
|
||||||
|
"https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware",
|
||||||
|
"https://citizenlab.ca/2024/08/sophisticated-phishing-targets-russias-perceived-enemies-around-the-globe/",
|
||||||
|
"https://www.gov.uk/government/news/uk-exposes-attempted-russian-cyber-interference-in-politics-and-democratic-processes",
|
||||||
|
"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/coldwastrel-space.html",
|
||||||
|
"https://citizenlab.ca/2024/10/disrupting-coldriver/",
|
||||||
|
"https://blogs.microsoft.com/on-the-issues/2024/10/03/protecting-democratic-institutions-from-cyber-threats/",
|
||||||
|
"https://www.justice.gov/opa/pr/justice-department-disrupts-russian-intelligence-spear-phishing-efforts",
|
||||||
|
"https://www.justice.gov/opa/pr/two-russian-nationals-working-russias-federal-security-service-charged-global-computer",
|
||||||
|
"https://www.justice.gov/opa/media/1327601/dl?inline",
|
||||||
|
"https://www.noticeofpleadings.com/starblizzard/",
|
||||||
|
"https://edeca.net/post/2024-06-26-an-interesting-callisto-yara-rule",
|
||||||
|
"https://blog.sekoia.io/calisto-show-interests-into-entities-involved-in-ukraine-war-support",
|
||||||
|
"https://blog.sekoia.io/one-year-after-the-cyber-implications-of-the-russo-ukrainian-war/",
|
||||||
|
"https://blog.sekoia.io/calisto-doxxing-sekoia-io-findings-concurs-to-reuters-investigation-on-fsb-related-andrey-korinets/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"COLDRIVER",
|
"COLDRIVER",
|
||||||
|
@ -4868,24 +4887,19 @@
|
||||||
"TA446",
|
"TA446",
|
||||||
"GOSSAMER BEAR",
|
"GOSSAMER BEAR",
|
||||||
"BlueCharlie",
|
"BlueCharlie",
|
||||||
"Star Blizzard"
|
"Star Blizzard",
|
||||||
|
"TAG-53",
|
||||||
|
"IRON FRONTIER",
|
||||||
|
"UNC4057",
|
||||||
|
"Blue Callisto"
|
||||||
],
|
],
|
||||||
"targeted-sector": [
|
"targeted-sector": [
|
||||||
"Government, Administration",
|
"Government Administration",
|
||||||
"Military",
|
"Military",
|
||||||
"Think Tanks",
|
"Think Tanks",
|
||||||
"Journalist"
|
"Journalist"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
|
||||||
{
|
|
||||||
"dest-uuid": "06630ccd-98ed-5aec-8083-e04c894bd2d6",
|
|
||||||
"tags": [
|
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
|
||||||
],
|
|
||||||
"type": "similar"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",
|
"uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",
|
||||||
"value": "Callisto"
|
"value": "Callisto"
|
||||||
},
|
},
|
||||||
|
@ -11665,27 +11679,6 @@
|
||||||
"uuid": "171d0590-be92-443f-addb-af5dc2a8034d",
|
"uuid": "171d0590-be92-443f-addb-af5dc2a8034d",
|
||||||
"value": "Evasive Panda"
|
"value": "Evasive Panda"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"description": "A Russia-linked threat actor tracked as TAG-53 is running phishing campaigns impersonating various defense, aerospace, and logistic companies, according to The Record by Recorded Future. Recorded Future’s Insikt Group identified overlaps with a threat actor tracked by other companies as Callisto Group, COLDRIVER, and SEABORGIUM.",
|
|
||||||
"meta": {
|
|
||||||
"refs": [
|
|
||||||
"https://blog.knowbe4.com/russian-threat-actor-impersonates-aerospace-and-defense-companies",
|
|
||||||
"https://www.recordedfuture.com/exposing-tag-53-credential-harvesting-infrastructure-for-russia-aligned-espionage-operations?utm_campaign=PostBeyond&utm_source=Twitter&utm_medium=359877&utm_term=Exposing+TAG-53%E2%80%99s+Credential+Harvesting+Infrastructure+Used+for+Russia-Aligned+Espionage+Operations",
|
|
||||||
"https://go.recordedfuture.com/hubfs/reports/cta-2022-1205.pdf"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"related": [
|
|
||||||
{
|
|
||||||
"dest-uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",
|
|
||||||
"tags": [
|
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
|
||||||
],
|
|
||||||
"type": "overlaps"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"uuid": "e5865ca1-ec95-43e2-954a-d0f3507a9747",
|
|
||||||
"value": "TAG-53"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"description": "This group of cybercriminals is named Malteiroby SCILabs, they operate and distribute the URSA/Mispadu banking trojan.",
|
"description": "This group of cybercriminals is named Malteiroby SCILabs, they operate and distribute the URSA/Mispadu banking trojan.",
|
||||||
"meta": {
|
"meta": {
|
||||||
|
|
Loading…
Reference in a new issue