mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
[threat actor] Break Cleaver aliases into respective entries
This commit is contained in:
Mathieu Beligon
parent
d63c990dad
commit
693eed8d78
1 changed files with 26 additions and 25 deletions
|
|
@ -2107,38 +2107,30 @@
|
||||||
"cfr-type-of-incident": "Espionage",
|
"cfr-type-of-incident": "Espionage",
|
||||||
"country": "IR",
|
"country": "IR",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.cfr.org/interactive/cyber-operations/magic-hound",
|
|
||||||
"https://www.secureworks.com/research/the-curious-case-of-mia-ash",
|
"https://www.secureworks.com/research/the-curious-case-of-mia-ash",
|
||||||
"https://www.cfr.org/interactive/cyber-operations/operation-cleaver",
|
"\"https://www.cfr.org/interactive/cyber-operations/operation-cleaver",
|
||||||
"https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf",
|
|
||||||
"http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/",
|
"http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/",
|
||||||
"https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing",
|
"https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing",
|
||||||
"https://unit42.paloaltonetworks.com/unit42-magic-hound-campaign-attacks-saudi-targets/",
|
|
||||||
"https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations",
|
"https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations",
|
||||||
"https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/",
|
"https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/",
|
||||||
"https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf",
|
"https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf",
|
||||||
"https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf",
|
"https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf",
|
||||||
"https://attack.mitre.org/groups/G0059/",
|
|
||||||
"https://attack.mitre.org/groups/G0003/",
|
"https://attack.mitre.org/groups/G0003/",
|
||||||
"https://xorl.wordpress.com/2021/05/06/iran-cyber-operations-groups/"
|
"https://xorl.wordpress.com/2021/05/06/iran-cyber-operations-groups/",
|
||||||
|
"https://www.secureworks.com/research/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles",
|
||||||
|
"https://know.netenrich.com/threatintel/threat_actor/Cutting%20Kitten",
|
||||||
|
"https://www.cfr.org/cyber-operations/operation-cleaver",
|
||||||
|
"https://securityaffairs.co/wordpress/33682/cyber-crime/ali-baba-apt-middle-east.html",
|
||||||
|
"https://scadahacker.com/library/Documents/Cyber_Events/Cylance%20-%20Operation%20Cleaver%20Report.pdf"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Operation Cleaver",
|
"Operation Cleaver",
|
||||||
|
"Op Cleaver",
|
||||||
"Tarh Andishan",
|
"Tarh Andishan",
|
||||||
"Alibaba",
|
"Alibaba",
|
||||||
"2889",
|
|
||||||
"TG-2889",
|
"TG-2889",
|
||||||
"Threat Group 2889",
|
|
||||||
"Cobalt Gypsy",
|
"Cobalt Gypsy",
|
||||||
"Rocket_Kitten",
|
|
||||||
"Cutting Kitten",
|
"Cutting Kitten",
|
||||||
"Group 41",
|
|
||||||
"Magic Hound",
|
|
||||||
"APT35",
|
|
||||||
"APT 35",
|
|
||||||
"TEMP.Beanie",
|
|
||||||
"Ghambar",
|
|
||||||
"G0059",
|
|
||||||
"G0003"
|
"G0003"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|
@ -2185,13 +2177,6 @@
|
||||||
],
|
],
|
||||||
"type": "similar"
|
"type": "similar"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
|
|
||||||
"tags": [
|
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
|
||||||
],
|
|
||||||
"type": "similar"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
|
"dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
|
||||||
"tags": [
|
"tags": [
|
||||||
|
|
@ -5867,13 +5852,29 @@
|
||||||
"attribution-confidence": "50",
|
"attribution-confidence": "50",
|
||||||
"country": "IR",
|
"country": "IR",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf"
|
"https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf",
|
||||||
|
"https://attack.mitre.org/groups/G0059/",
|
||||||
|
"https://www.cfr.org/interactive/cyber-operations/magic-hound",
|
||||||
|
"https://unit42.paloaltonetworks.com/unit42-magic-hound-campaign-attacks-saudi-targets/",
|
||||||
|
"https://securityaffairs.co/wordpress/56348/intelligence/magic-hound-campaign.html",
|
||||||
|
"https://www.cfr.org/cyber-operations/apt-35"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"APT 35",
|
"APT 35",
|
||||||
"Newscaster Team"
|
"Newscaster Team",
|
||||||
|
"Magic Hound",
|
||||||
|
"G0059"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "b8967b3c-3bc9-11e8-8701-8b1ead8c099e",
|
"uuid": "b8967b3c-3bc9-11e8-8701-8b1ead8c099e",
|
||||||
"value": "APT35"
|
"value": "APT35"
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue