MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 08:47:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat actor] Break Cleaver aliases into respective entries

Browse source
This commit is contained in:
Mathieu Beligon 2022-07-04 14:03:36 +02:00
parent d63c990dad
commit 693eed8d78
1 changed files with 26 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
clusters/threat-actor.json
View file

@ -2107,38 +2107,30 @@
"cfr-type-of-incident": "Espionage",
"country": "IR",
"refs": [
"https://www.cfr.org/interactive/cyber-operations/magic-hound",
"https://www.secureworks.com/research/the-curious-case-of-mia-ash",
"https://www.cfr.org/interactive/cyber-operations/operation-cleaver",
"https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf",
"\"https://www.cfr.org/interactive/cyber-operations/operation-cleaver",
"http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/",
"https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing",
"https://unit42.paloaltonetworks.com/unit42-magic-hound-campaign-attacks-saudi-targets/",
"https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations",
"https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/",
"https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf",
"https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf",
"https://attack.mitre.org/groups/G0059/",
"https://attack.mitre.org/groups/G0003/",
"https://xorl.wordpress.com/2021/05/06/iran-cyber-operations-groups/"
"https://xorl.wordpress.com/2021/05/06/iran-cyber-operations-groups/",
"https://www.secureworks.com/research/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles",
"https://know.netenrich.com/threatintel/threat_actor/Cutting%20Kitten",
"https://www.cfr.org/cyber-operations/operation-cleaver",
"https://securityaffairs.co/wordpress/33682/cyber-crime/ali-baba-apt-middle-east.html",
"https://scadahacker.com/library/Documents/Cyber_Events/Cylance%20-%20Operation%20Cleaver%20Report.pdf"
],
"synonyms": [
"Operation Cleaver",
"Op Cleaver",
"Tarh Andishan",
"Alibaba",
"2889",
"TG-2889",
"Threat Group 2889",
"Cobalt Gypsy",
"Rocket_Kitten",
"Cutting Kitten",
"Group 41",
"Magic Hound",
"APT35",
"APT 35",
"TEMP.Beanie",
"Ghambar",
"G0059",
"G0003"
]
},
@ -2185,13 +2177,6 @@
],
"type": "similar"
},
{
"dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
"tags": [
@ -5867,13 +5852,29 @@
"attribution-confidence": "50",
"country": "IR",
"refs": [
"https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf"
"https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf",
"https://attack.mitre.org/groups/G0059/",
"https://www.cfr.org/interactive/cyber-operations/magic-hound",
"https://unit42.paloaltonetworks.com/unit42-magic-hound-campaign-attacks-saudi-targets/",
"https://securityaffairs.co/wordpress/56348/intelligence/magic-hound-campaign.html",
"https://www.cfr.org/cyber-operations/apt-35"
],
"synonyms": [
"APT 35",
"Newscaster Team"
"Newscaster Team",
"Magic Hound",
"G0059"
]
},
"related": [
{
"dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "b8967b3c-3bc9-11e8-8701-8b1ead8c099e",
"value": "APT35"
},