mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
commit
876ae24454
1 changed files with 32 additions and 8 deletions
|
@ -170,7 +170,7 @@
|
||||||
"https://blogs.technet.microsoft.com/mmpc/2016/06/09/reverse-engineering-dubnium-2"
|
"https://blogs.technet.microsoft.com/mmpc/2016/06/09/reverse-engineering-dubnium-2"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"value": "darkhotel"
|
"value": "DarkHotel"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -470,7 +470,10 @@
|
||||||
"PittyTiger",
|
"PittyTiger",
|
||||||
"MANGANESE"
|
"MANGANESE"
|
||||||
],
|
],
|
||||||
"country": "CN"
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"http://blog.airbuscybersecurity.com/post/2014/07/The-Eye-of-the-Tiger2"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"value": "Pitty Panda",
|
"value": "Pitty Panda",
|
||||||
"description": "The Pitty Tiger group has been active since at least 2011. They have been seen using HeartBleed vulnerability in order to directly get valid credentials"
|
"description": "The Pitty Tiger group has been active since at least 2011. They have been seen using HeartBleed vulnerability in order to directly get valid credentials"
|
||||||
|
@ -545,6 +548,9 @@
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
"country": "CN",
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/"
|
||||||
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"APT20",
|
"APT20",
|
||||||
"APT 20",
|
"APT 20",
|
||||||
|
@ -583,6 +589,9 @@
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
"country": "CN",
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india"
|
||||||
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"APT23",
|
"APT23",
|
||||||
"KeyBoy"
|
"KeyBoy"
|
||||||
|
@ -599,6 +608,9 @@
|
||||||
"AjaxSecurityTeam",
|
"AjaxSecurityTeam",
|
||||||
"Ajax Security Team",
|
"Ajax Security Team",
|
||||||
"Group 26"
|
"Group 26"
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"value": "Flying Kitten",
|
"value": "Flying Kitten",
|
||||||
|
@ -628,6 +640,9 @@
|
||||||
"Parastoo",
|
"Parastoo",
|
||||||
"Group 83",
|
"Group 83",
|
||||||
"Newsbeef"
|
"Newsbeef"
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
"https://en.wikipedia.org/wiki/Operation_Newscaster"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"value": "Charming Kitten",
|
"value": "Charming Kitten",
|
||||||
|
@ -831,6 +846,9 @@
|
||||||
"Carbon Spider"
|
"Carbon Spider"
|
||||||
],
|
],
|
||||||
"country": "RU",
|
"country": "RU",
|
||||||
|
"refs": [
|
||||||
|
"https://en.wikipedia.org/wiki/Carbanak"
|
||||||
|
],
|
||||||
"motive": "Cybercrime"
|
"motive": "Cybercrime"
|
||||||
},
|
},
|
||||||
"description": "Groups targeting financial organizations or people with significant financial assets.",
|
"description": "Groups targeting financial organizations or people with significant financial assets.",
|
||||||
|
@ -931,7 +949,10 @@
|
||||||
"Appin",
|
"Appin",
|
||||||
"OperationHangover"
|
"OperationHangover"
|
||||||
],
|
],
|
||||||
"country": "IN"
|
"country": "IN",
|
||||||
|
"refs": [
|
||||||
|
"http://enterprise-manage.norman.c.bitbit.net/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"value": "Viceroy Tiger"
|
"value": "Viceroy Tiger"
|
||||||
},
|
},
|
||||||
|
@ -958,6 +979,9 @@
|
||||||
"value": "SNOWGLOBE",
|
"value": "SNOWGLOBE",
|
||||||
"meta": {
|
"meta": {
|
||||||
"country": "FR",
|
"country": "FR",
|
||||||
|
"refs": [
|
||||||
|
"https://securelist.com/blog/research/69114/animals-in-the-apt-farm/"
|
||||||
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Animal Farm"
|
"Animal Farm"
|
||||||
]
|
]
|
||||||
|
@ -1135,12 +1159,12 @@
|
||||||
"https://attack.mitre.org/wiki/Group/G0013"
|
"https://attack.mitre.org/wiki/Group/G0013"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"APT 30"
|
"APT30"
|
||||||
],
|
],
|
||||||
"country": "CN"
|
"country": "CN"
|
||||||
},
|
},
|
||||||
"value": "APT30",
|
"value": "APT 30",
|
||||||
"description": "APT30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches."
|
"description": "APT 30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -1398,5 +1422,5 @@
|
||||||
],
|
],
|
||||||
"description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
|
"description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
|
||||||
"uuid": "7cdff317-a673-4474-84ec-4f1754947823",
|
"uuid": "7cdff317-a673-4474-84ec-4f1754947823",
|
||||||
"version": 16
|
"version": 17
|
||||||
}
|
}
|
Loading…
Reference in a new issue