mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 09:17:20 +00:00
Merge branch 'main' of github.com:MISP/misp-galaxy into main
This commit is contained in:
commit
6438befaf2
2 changed files with 53 additions and 3 deletions
|
@ -9037,6 +9037,35 @@
|
||||||
"uuid": "d45dd940-b38d-4b2c-9f2f-3e4a0eac841c",
|
"uuid": "d45dd940-b38d-4b2c-9f2f-3e4a0eac841c",
|
||||||
"value": "MosesStaff"
|
"value": "MosesStaff"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"description": "The group’s existence came to light during Context’s investigation of a number of attacks against multinational enterprises that compromise smaller engineering services and consultancies working in their supply chains.",
|
||||||
|
"meta": {
|
||||||
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"https://www.computerweekly.com/news/252471769/New-threat-group-behind-Airbus-cyber-attacks-claim-researchers",
|
||||||
|
"https://www.contextis.com/en/news/context-identifies-new-avivore-threat-group",
|
||||||
|
"https://www.contextis.com/en/blog/avivore"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "8045fc09-13d6-4f90-b239-ed5060b9297b",
|
||||||
|
"value": "Avivore"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "The Bitter threat group initially started using RAT tools in their campaigns, as the first Bitter versions, for Android released in 2014 were based on the AndroRAT framework. Over time, they switched to a custom version that has been known as BitterRAT ever since.",
|
||||||
|
"meta": {
|
||||||
|
"country": "IN",
|
||||||
|
"refs": [
|
||||||
|
"https://www.bitdefender.com/files/News/CaseStudies/study/352/Bitdefender-PR-Whitepaper-BitterAPT-creat4571-en-EN-GenericUse.pdf"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"Bitter",
|
||||||
|
"T-APT-17",
|
||||||
|
"APT-C-08"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "1e9bd6fe-e009-41ce-8e92-ad78c73ee772",
|
||||||
|
"value": "HAZY TIGER"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"description": "An actor group conducting large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements.",
|
"description": "An actor group conducting large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements.",
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -9051,6 +9080,24 @@
|
||||||
},
|
},
|
||||||
"uuid": "d9e5be22-1a04-4956-af6c-37af02330980",
|
"uuid": "d9e5be22-1a04-4956-af6c-37af02330980",
|
||||||
"value": "LAPSUS"
|
"value": "LAPSUS"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Scarab APT was first spotted in 2015, but is believed to have been active since at least 2012, conducting surgical attacks against a small number of individuals across the world, including Russia and the United States. The backdoor deployed by Scarab in their campaigns is most commonly known as Scieron.",
|
||||||
|
"meta": {
|
||||||
|
"cfr-suspected-victims": [
|
||||||
|
"Russia",
|
||||||
|
"Ukraine",
|
||||||
|
"United States"
|
||||||
|
],
|
||||||
|
"cfr-type-of-incident": "Espionage",
|
||||||
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"https://web.archive.org/web/20150124025612/http://www.symantec.com:80/connect/blogs/scarab-attackers-took-aim-select-russian-targets-2012",
|
||||||
|
"https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "ef59014b-79bb-408f-97f1-3c585a240ca7",
|
||||||
|
"value": "Scarab"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 215
|
"version": 215
|
||||||
|
|
|
@ -3,6 +3,8 @@
|
||||||
"icon": "map",
|
"icon": "map",
|
||||||
"kill_chain_order": {
|
"kill_chain_order": {
|
||||||
"mitre-attack": [
|
"mitre-attack": [
|
||||||
|
"reconnaissance",
|
||||||
|
"resource-development",
|
||||||
"initial-access",
|
"initial-access",
|
||||||
"execution",
|
"execution",
|
||||||
"persistence",
|
"persistence",
|
||||||
|
@ -18,16 +20,17 @@
|
||||||
],
|
],
|
||||||
"mitre-mobile-attack": [
|
"mitre-mobile-attack": [
|
||||||
"initial-access",
|
"initial-access",
|
||||||
|
"execution",
|
||||||
"persistence",
|
"persistence",
|
||||||
"privilege-escalation",
|
"privilege-escalation",
|
||||||
"defense-evasion",
|
"defense-evasion",
|
||||||
"credential-access",
|
"credential-access",
|
||||||
"discovery",
|
"discovery",
|
||||||
"lateral-movement",
|
"lateral-movement",
|
||||||
"effects",
|
|
||||||
"collection",
|
"collection",
|
||||||
"exfiltration",
|
|
||||||
"command-and-control",
|
"command-and-control",
|
||||||
|
"exfiltration",
|
||||||
|
"impact",
|
||||||
"network-effects",
|
"network-effects",
|
||||||
"remote-service-effects"
|
"remote-service-effects"
|
||||||
],
|
],
|
||||||
|
@ -53,5 +56,5 @@
|
||||||
"namespace": "mitre-attack",
|
"namespace": "mitre-attack",
|
||||||
"type": "mitre-attack-pattern",
|
"type": "mitre-attack-pattern",
|
||||||
"uuid": "c4e851fa-775f-11e7-8163-b774922098cd",
|
"uuid": "c4e851fa-775f-11e7-8163-b774922098cd",
|
||||||
"version": 8
|
"version": 9
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue