mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-23 07:17:17 +00:00
Merge branch 'Mathieu4141-threat-actors/fix-apt33' into main
This commit is contained in:
commit
627988ae60
1 changed files with 19 additions and 50 deletions
|
@ -1947,7 +1947,19 @@
|
|||
"description": "Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government.",
|
||||
"meta": {
|
||||
"attribution-confidence": "50",
|
||||
"capabilities": "STONEDRILL wiper, variants of TURNEDUP malware",
|
||||
"cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
|
||||
"cfr-suspected-victims": [
|
||||
"United States",
|
||||
"Saudi Arabia",
|
||||
"South Korea"
|
||||
],
|
||||
"cfr-target-category": [
|
||||
"Private sector"
|
||||
],
|
||||
"cfr-type-of-incident": "Espionage",
|
||||
"country": "IR",
|
||||
"mode-of-operation": "IT network limited, information gathering against industrial orgs",
|
||||
"refs": [
|
||||
"https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html",
|
||||
"https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/",
|
||||
|
@ -1955,7 +1967,10 @@
|
|||
"https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage",
|
||||
"https://www.secureworks.com/research/threat-profiles/cobalt-trinity",
|
||||
"https://attack.mitre.org/groups/G0064/",
|
||||
"https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/"
|
||||
"https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/",
|
||||
"https://www.cfr.org/interactive/cyber-operations/apt-33",
|
||||
"https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf",
|
||||
"https://dragos.com/adversaries.html"
|
||||
],
|
||||
"synonyms": [
|
||||
"APT 33",
|
||||
|
@ -1966,7 +1981,8 @@
|
|||
"COBALT TRINITY",
|
||||
"G0064",
|
||||
"ATK35"
|
||||
]
|
||||
],
|
||||
"victimology": "Petrochemical, Aerospace, Saudi Arabia"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
|
@ -6125,53 +6141,6 @@
|
|||
"uuid": "a08ab076-33c1-4350-b021-650c34277f2d",
|
||||
"value": "DYMALLOY"
|
||||
},
|
||||
{
|
||||
"description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
|
||||
"meta": {
|
||||
"attribution-confidence": "50",
|
||||
"capabilities": "STONEDRILL wiper, variants of TURNEDUP malware",
|
||||
"cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
|
||||
"cfr-suspected-victims": [
|
||||
"United States",
|
||||
"Saudi Arabia",
|
||||
"South Korea"
|
||||
],
|
||||
"cfr-target-category": [
|
||||
"Private sector"
|
||||
],
|
||||
"cfr-type-of-incident": "Espionage",
|
||||
"country": "IR",
|
||||
"mode-of-operation": "IT network limited, information gathering against industrial orgs",
|
||||
"refs": [
|
||||
"https://dragos.com/adversaries.html",
|
||||
"https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf",
|
||||
"https://www.cfr.org/interactive/cyber-operations/apt-33"
|
||||
],
|
||||
"since": "2016",
|
||||
"synonyms": [
|
||||
"APT33"
|
||||
],
|
||||
"victimology": "Petrochemical, Aerospace, Saudi Arabia"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "fbd29c89-18ba-4c2d-b792-51c0adee049f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4f69ec6d-cb6b-42af-b8e2-920a2aa4be10",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
],
|
||||
"uuid": "accd848b-b8f4-46ba-a408-9063b35cfbf2",
|
||||
"value": "MAGNALLIUM"
|
||||
},
|
||||
{
|
||||
"description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
|
||||
"meta": {
|
||||
|
@ -10041,5 +10010,5 @@
|
|||
"value": "SLIME29"
|
||||
}
|
||||
],
|
||||
"version": 239
|
||||
"version": 240
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue