MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-30 02:37:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #906 from Mathieu4141/threat-actors/253231ea-d8c6-47f5-a1c6-a5e1500a9c3a

Browse source 
[threat actors] Add some aliases
This commit is contained in:
Alexandre Dulaunoy 2023-12-14 23:27:15 +01:00 committed by GitHub
commit 8ec38b97e4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
clusters/threat-actor.json
View file

@ -2798,7 +2798,9 @@
"https://www.welivesecurity.com/2017/05/23/xdata-ransomware-making-rounds-amid-global-wannacryptor-scare", "https://www.welivesecurity.com/2017/05/23/xdata-ransomware-making-rounds-amid-global-wannacryptor-scare",
"https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine", "https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine",
"https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back", "https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/" "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/",
"https://www.recordedfuture.com/russia-nexus-uac-0113-emulating-telecommunication-providers-in-ukraine",
"https://cert.gov.ua/article/405538"
], ],
"synonyms": [ "synonyms": [
"Quedagh", "Quedagh",
@ -2810,7 +2812,8 @@
"TeleBots", "TeleBots",
"IRIDIUM", "IRIDIUM",
"Blue Echidna", "Blue Echidna",
"FROZENBARENTS" "FROZENBARENTS",
"UAC-0113"
], ],
"targeted-sector": [ "targeted-sector": [
"Electric", "Electric",
@ -4748,14 +4751,16 @@
"https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations", "https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations",
"https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign", "https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign",
"https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf", "https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf",
"https://www.darkreading.com/attacks-breaches/russian-apt-bluecharlie-swaps-infrastructure-to-evade-detection" "https://www.darkreading.com/attacks-breaches/russian-apt-bluecharlie-swaps-infrastructure-to-evade-detection",
"https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/"
], ],
"synonyms": [ "synonyms": [
"COLDRIVER", "COLDRIVER",
"SEABORGIUM", "SEABORGIUM",
"TA446", "TA446",
"GOSSAMER BEAR", "GOSSAMER BEAR",
"BlueCharlie" "BlueCharlie",
"Star Blizzard"
], ],
"targeted-sector": [ "targeted-sector": [
"Government, Administration", "Government, Administration",
@ -11975,7 +11980,13 @@
"meta": { "meta": {
"refs": [ "refs": [
"https://www.team-cymru.com/post/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor", "https://www.team-cymru.com/post/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor",
"https://otx.alienvault.com/pulse/62cfe4ef3415be5f83be81d1" "https://otx.alienvault.com/pulse/62cfe4ef3415be5f83be81d1",
"https://team-cymru.com/blog/2022/07/12/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor/",
"https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/"
],
"synonyms": [
"Aggah",
"TH-157"
] ]
}, },
"related": [ "related": [