Merge pull request #660 from r0ny123/patch-1

References for APT40, APT31 & HAFNIUM
This commit is contained in:
Alexandre Dulaunoy 2021-07-21 22:19:53 +02:00 committed by GitHub
commit 8f0a1642e0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -5751,7 +5751,19 @@
"https://www.secureworks.com/research/threat-profiles/bronze-mohawk", "https://www.secureworks.com/research/threat-profiles/bronze-mohawk",
"https://www.mycert.org.my/portal/advisory?id=MA-774.022020", "https://www.mycert.org.my/portal/advisory?id=MA-774.022020",
"https://www.elastic.co/blog/advanced-techniques-used-in-malaysian-focused-apt-campaign", "https://www.elastic.co/blog/advanced-techniques-used-in-malaysian-focused-apt-campaign",
"https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/" "https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/",
"https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion",
"https://www.justice.gov/opa/press-release/file/1412916/download",
"https://www.justice.gov/opa/press-release/file/1412921/download",
"https://us-cert.cisa.gov/ncas/alerts/aa21-200a",
"https://us-cert.cisa.gov/ncas/alerts/aa21-200b",
"https://www.canada.ca/en/global-affairs/news/2021/07/statement-on-chinas-cyber-campaigns.html",
"https://www.ncsc.gov.uk/news/uk-allies-hold-chinese-state-responsible-for-pervasive-pattern-of-hacking",
"https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking",
"https://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks",
"https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-joins-international-partners-attribution-malicious-cyber-activity-china",
"https://www.mofa.go.jp/press/danwa/press6e_000312.html",
"https://www.consilium.europa.eu/en/press/press-releases/2021/07/19/declaration-by-the-high-representative-on-behalf-of-the-eu-urging-china-to-take-action-against-malicious-cyber-activities-undertaken-from-its-territory"
], ],
"synonyms": [ "synonyms": [
"TEMP.Periscope", "TEMP.Periscope",
@ -7205,7 +7217,18 @@
"https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains", "https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains",
"https://www.secureworks.com/research/threat-profiles/bronze-vinewood", "https://www.secureworks.com/research/threat-profiles/bronze-vinewood",
"https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report", "https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report",
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf" "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf",
"https://research.checkpoint.com/2021/the-story-of-jian",
"https://supo.fi/-/suojelupoliisi-tunnisti-eduskuntaan-kohdistuneen-kybervakoiluoperaation-apt31-ksi",
"https://poliisi.fi/-/eduskunnan-tietojarjestelmiin-kohdistuneen-tietomurron-tutkinnassa-selvitetaan-yhteytta-apt31-toimijaan",
"https://pst.no/alle-artikler/pressemeldinger/etterforskningen-av-datanettverksoperasjonen-mot-fylkesmannsembetene-er-avsluttet",
"https://www.nrk.no/norge/pst_-har-etterretning-om-at-kinesisk-gruppe-stod-bak-dataangrep-mot-statsforvaltere-1.15540601",
"https://www.ncsc.gov.uk/news/uk-allies-hold-chinese-state-responsible-for-pervasive-pattern-of-hacking",
"https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking",
"https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-joins-international-partners-attribution-malicious-cyber-activity-china",
"https://www.consilium.europa.eu/en/press/press-releases/2021/07/19/declaration-by-the-high-representative-on-behalf-of-the-eu-urging-china-to-take-action-against-malicious-cyber-activities-undertaken-from-its-territory/",
"https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-003",
"https://twitter.com/bkMSFT/status/1417823714922610689"
], ],
"synonyms": [ "synonyms": [
"APT 31", "APT 31",
@ -8383,7 +8406,10 @@
"https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/master/Execution/exchange-iis-worker-dropping-webshell.md", "https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/master/Execution/exchange-iis-worker-dropping-webshell.md",
"https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server", "https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server",
"https://www.nextron-systems.com/2021/03/06/scan-for-hafnium-exploitation-evidence-with-thor-lite", "https://www.nextron-systems.com/2021/03/06/scan-for-hafnium-exploitation-evidence-with-thor-lite",
"https://www.thedailybeast.com/how-chinas-devastating-microsoft-hack-puts-us-all-at-risk" "https://www.thedailybeast.com/how-chinas-devastating-microsoft-hack-puts-us-all-at-risk",
"https://www.rnz.co.nz/news/political/447239/government-points-finger-at-china-over-cyber-attacks",
"https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking",
"https://www.foreignminister.gov.au/minister/marise-payne/media-release/australia-joins-international-partners-attribution-malicious-cyber-activity-china"
] ]
}, },
"uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5", "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",