MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 16:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

update threat actors meta

Browse source
This commit is contained in:
Delta-Sierra 2022-03-18 16:41:10 +01:00
parent 957327383d
commit 97690426bf
1 changed files with 143 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

177
clusters/threat-actor.json
View file

@ -67,7 +67,8 @@
"Brown Fox", "Brown Fox",
"GIF89a", "GIF89a",
"ShadyRAT", "ShadyRAT",
"Shanghai Group" "Shanghai Group",
"G0006"
] ]
}, },
"related": [ "related": [
@ -278,8 +279,10 @@
"MSUpdater", "MSUpdater",
"4HCrew", "4HCrew",
"SULPHUR", "SULPHUR",
"Sulphur",
"SearchFire", "SearchFire",
"TG-6952" "TG-6952",
"G0024"
] ]
}, },
"related": [ "related": [
@ -325,7 +328,9 @@
"Buckeye", "Buckeye",
"Boyusec", "Boyusec",
"BORON", "BORON",
"BRONZE MAYFAIR" "BRONZE MAYFAIR",
"Bronze Mayfair",
"G0022"
] ]
}, },
"related": [ "related": [
@ -425,12 +430,16 @@
"BeeBus", "BeeBus",
"Group 22", "Group 22",
"DynCalc", "DynCalc",
"DynCALC",
"Calc Team", "Calc Team",
"DNSCalc", "DNSCalc",
"Crimson Iron", "Crimson Iron",
"APT12", "APT12",
"APT 12", "APT 12",
"BRONZE GLOBE" "BRONZE GLOBE",
"Bronze GLOBE",
"G0005",
"CTG-8223"
] ]
}, },
"related": [ "related": [
@ -465,7 +474,8 @@
], ],
"synonyms": [ "synonyms": [
"APT16", "APT16",
"SVCMONDR" "SVCMONDR",
"G0023"
] ]
}, },
"uuid": "1f73e14f-b882-4032-a565-26dc653b0daf", "uuid": "1f73e14f-b882-4032-a565-26dc653b0daf",
@ -504,7 +514,17 @@
"Hidden Lynx", "Hidden Lynx",
"Tailgater Team", "Tailgater Team",
"Dogfish", "Dogfish",
"BRONZE KEYSTONE" "BRONZE KEYSTONE",
"Bronze KEYSTONE",
"TEMP.Avengers",
"Sneaky Panda",
"Barium",
"G0025",
"G0066",
"TG-8153",
"ATK 2",
"Elderwood",
"Group 72"
] ]
}, },
"related": [ "related": [
@ -564,8 +584,11 @@
"TG-0416", "TG-0416",
"APT 18", "APT 18",
"SCANDIUM", "SCANDIUM",
"Scandium",
"G0026",
"PLA Navy", "PLA Navy",
"APT18" "APT18",
"Wekby"
] ]
}, },
"related": [ "related": [
@ -726,12 +749,20 @@
"Deep Panda", "Deep Panda",
"WebMasters", "WebMasters",
"APT 19", "APT 19",
"APT19",
"KungFu Kittens", "KungFu Kittens",
"Black Vine", "Black Vine",
"Group 13", "Group 13",
"PinkPanther", "PinkPanther",
"Sh3llCr3w", "Sh3llCr3w",
"BRONZE FIRESTONE" "BRONZE FIRESTONE",
"Bronze FIRESTONE",
"Sunshop Group",
"C0d0s0",
"G0009",
"G0073",
"TG-3551",
"Pupa"
] ]
}, },
"related": [ "related": [
@ -1103,12 +1134,21 @@
"menuPass Team", "menuPass Team",
"happyyongzi", "happyyongzi",
"POTASSIUM", "POTASSIUM",
"Potassium",
"DustStorm", "DustStorm",
"Red Apollo", "Red Apollo",
"CVNX", "CVNX",
"HOGFISH", "HOGFISH",
"Hogfish",
"Cloud Hopper", "Cloud Hopper",
"BRONZE RIVERSIDE" "BRONZE RIVERSIDE",
"TA 429",
"G0045",
"ITG01",
"Bronze RIVERSIDE",
"CTG-5938",
"ATK 41",
"Cicada"
] ]
}, },
"related": [ "related": [
@ -1132,9 +1172,10 @@
], ],
"synonyms": [ "synonyms": [
"APT 9", "APT 9",
"Flowerlady/Flowershow", "APT9",
"Flowerlady", "Flowerlady",
"Flowershow" "Flowershow",
"Group 27 "
] ]
}, },
"uuid": "401dd2c9-bd4f-4814-bb87-701e38f18d45", "uuid": "401dd2c9-bd4f-4814-bb87-701e38f18d45",
@ -1233,7 +1274,12 @@
"Lurid", "Lurid",
"Social Network Team", "Social Network Team",
"Royal APT", "Royal APT",
"BRONZE PALACE" "BRONZE PALACE",
"Bronze PALACE",
"G0004",
"Bronze DAVENPORT",
"Bronze IDLEWOOD",
"CTG-9246"
] ]
}, },
"uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8", "uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8",
@ -1266,7 +1312,8 @@
"APT14", "APT14",
"APT 14", "APT 14",
"QAZTeam", "QAZTeam",
"ALUMINUM" "ALUMINUM",
"Aluminum"
] ]
}, },
"related": [ "related": [
@ -2817,7 +2864,17 @@
"GOLD NIAGARA", "GOLD NIAGARA",
"Calcium", "Calcium",
"Carbanak", "Carbanak",
"FIN 7" "FIN 7",
"ELBRUS",
"G0046",
"ITG14",
"Magecart Group 7",
"Gold NIAGARA",
"Anunak",
"ATK 32",
"APT-C-11",
"Navigator",
"TelePort Crew"
] ]
}, },
"related": [ "related": [
@ -2932,7 +2989,8 @@
"synonyms": [ "synonyms": [
"FIN4", "FIN4",
"FIN 4", "FIN 4",
"Wolf Spider" "Wolf Spider",
"G0085"
] ]
}, },
"uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57", "uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57",
@ -3682,7 +3740,14 @@
"MageCart Group 6", "MageCart Group 6",
"White Giant", "White Giant",
"GOLD FRANKLIN", "GOLD FRANKLIN",
"FIN 6" "FIN 6",
"G0037",
"ITG08",
"Magecart Group 6",
"Gold FRANKLIN",
"White Giant",
"ATK 88",
"APT-C-01"
] ]
}, },
"related": [ "related": [
@ -4607,7 +4672,9 @@
"https://attack.mitre.org/groups/G0061" "https://attack.mitre.org/groups/G0061"
], ],
"synonyms": [ "synonyms": [
"FIN 8" "FIN 8",
"G0061",
"ATK113"
] ]
}, },
"related": [ "related": [
@ -4705,7 +4772,8 @@
"https://attack.mitre.org/groups/G0062/" "https://attack.mitre.org/groups/G0062/"
], ],
"synonyms": [ "synonyms": [
"TA 459" "TA 459",
"G0062"
] ]
}, },
"related": [ "related": [
@ -4775,6 +4843,7 @@
{ {
"description": "We have observed one APT group, which we call APT5, particularly focused on telecommunications and technology companies. More than half of the organizations we have observed being targeted or breached by APT5 operate in these sectors. Several times, APT5 has targeted organizations and personnel based in Southeast Asia. APT5 has been active since at least 2007. It appears to be a large threat group that consists of several subgroups, often with distinct tactics and infrastructure. APT5 has targeted or breached organizations across multiple industries, but its focus appears to be on telecommunications and technology companies, especially information about satellite communications. \nAPT5 targeted the network of an electronics firm that sells products for both industrial and military applications. The group subsequently stole communications related to the firms business relationship with a national military, including inventories and memoranda about specific products they provided. \nIn one case in late 2014, APT5 breached the network of an international telecommunications company. The group used malware with keylogging capabilities to monitor the computer of an executive who manages the companys relationships with other telecommunications companies", "description": "We have observed one APT group, which we call APT5, particularly focused on telecommunications and technology companies. More than half of the organizations we have observed being targeted or breached by APT5 operate in these sectors. Several times, APT5 has targeted organizations and personnel based in Southeast Asia. APT5 has been active since at least 2007. It appears to be a large threat group that consists of several subgroups, often with distinct tactics and infrastructure. APT5 has targeted or breached organizations across multiple industries, but its focus appears to be on telecommunications and technology companies, especially information about satellite communications. \nAPT5 targeted the network of an electronics firm that sells products for both industrial and military applications. The group subsequently stole communications related to the firms business relationship with a national military, including inventories and memoranda about specific products they provided. \nIn one case in late 2014, APT5 breached the network of an international telecommunications company. The group used malware with keylogging capabilities to monitor the computer of an executive who manages the companys relationships with other telecommunications companies",
"meta": { "meta": {
"country": "CN",
"refs": [ "refs": [
"https://www.fireeye.com/current-threats/apt-groups.html", "https://www.fireeye.com/current-threats/apt-groups.html",
"https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-southeast-asia-threat-landscape.pdf", "https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-southeast-asia-threat-landscape.pdf",
@ -4782,7 +4851,19 @@
], ],
"synonyms": [ "synonyms": [
"MANGANESE", "MANGANESE",
"BRONZE FLEETWOOD" "BRONZE FLEETWOOD",
"APT 5",
"UNC2630",
"Poisoned Flight",
"Keyhole Panda",
"Pitty Panda",
"Manganese",
"G0011",
"Bronze FLEETWOOD",
"TG-2754",
"PittyTiger",
"DPD",
"TEMP.Bottle"
] ]
}, },
"uuid": "a47b79ae-7a0c-4308-9efc-294af19cc795", "uuid": "a47b79ae-7a0c-4308-9efc-294af19cc795",
@ -5113,7 +5194,11 @@
"APT4", "APT4",
"APT 4", "APT 4",
"BRONZE EDISON", "BRONZE EDISON",
"Sykipot" "Bronze EDISON",
"Sykipot",
"Samurai Panda",
"TG-0623",
"Wisp Team"
] ]
}, },
"uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b", "uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b",
@ -6710,7 +6795,9 @@
"https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/" "https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/"
], ],
"synonyms": [ "synonyms": [
"Indrik Spider" "Indrik Spider",
"G0119",
"Gold DRAKE"
] ]
}, },
"uuid": "658314bc-3bb8-48d2-913a-c528607b75c8", "uuid": "658314bc-3bb8-48d2-913a-c528607b75c8",
@ -6851,7 +6938,13 @@
"Dudear", "Dudear",
"TA 505", "TA 505",
"Graceful Spider", "Graceful Spider",
"TEMP.Warlock" "TEMP.Warlock",
"Chimborazo",
"G0092",
"Hive0065",
"Gold TAHOE",
"ATK 103",
"SectorJ04"
] ]
}, },
"uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f", "uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f",
@ -6914,7 +7007,10 @@
"TA542", "TA542",
"GOLD CRESTWOOD", "GOLD CRESTWOOD",
"Mummy Spider", "Mummy Spider",
"TA 542" "TA 542",
"Gold CRESTWOOD",
"ATK104",
"Mealybug"
] ]
}, },
"uuid": "c93281be-f6cd-4cd0-a5a3-defde9d77d8b", "uuid": "c93281be-f6cd-4cd0-a5a3-defde9d77d8b",
@ -7247,7 +7343,10 @@
"COBALT DICKENS", "COBALT DICKENS",
"Mabna Institute", "Mabna Institute",
"TA407", "TA407",
"TA 407" "TA 407",
"Yellow Nabu",
"SilentLibrarian",
"Silent Librarian"
] ]
}, },
"uuid": "5059b44d-2753-4977-b987-4922f09afe6b", "uuid": "5059b44d-2753-4977-b987-4922f09afe6b",
@ -7348,7 +7447,8 @@
"https://attack.mitre.org/groups/G0053/" "https://attack.mitre.org/groups/G0053/"
], ],
"synonyms": [ "synonyms": [
"FIN 5" "FIN 5",
"G0053"
] ]
}, },
"uuid": "44dc2f9c-8c28-11e9-9b9a-7fdced8cbf70", "uuid": "44dc2f9c-8c28-11e9-9b9a-7fdced8cbf70",
@ -7376,7 +7476,8 @@
"https://attack.mitre.org/groups/G0051/" "https://attack.mitre.org/groups/G0051/"
], ],
"synonyms": [ "synonyms": [
"FIN 10" "FIN 10",
"G0051"
] ]
}, },
"uuid": "f2d02410-8c2c-11e9-8df1-a31c1fb33d79", "uuid": "f2d02410-8c2c-11e9-8df1-a31c1fb33d79",
@ -7657,7 +7758,8 @@
"synonyms": [ "synonyms": [
"Temp.Hex", "Temp.Hex",
"Vicious Panda", "Vicious Panda",
"TA 428" "TA 428",
"Bronze DUDLEY"
] ]
}, },
"uuid": "5533d062-18ab-4c70-9472-0eac03f95a1d", "uuid": "5533d062-18ab-4c70-9472-0eac03f95a1d",
@ -7780,7 +7882,8 @@
], ],
"synonyms": [ "synonyms": [
"LookBack", "LookBack",
"TA 410" "TA 410",
"TALONITE"
] ]
}, },
"uuid": "5cd95926-0098-435e-892d-9c9f61763ad7", "uuid": "5cd95926-0098-435e-892d-9c9f61763ad7",
@ -8092,7 +8195,8 @@
"GOLD ESSEX", "GOLD ESSEX",
"TA544", "TA544",
"TA 544", "TA 544",
"Narwhal Spider" "Narwhal Spider",
"Gold ESSEX"
] ]
}, },
"uuid": "fda9cdea-0017-495e-879d-0f348db2aa07", "uuid": "fda9cdea-0017-495e-879d-0f348db2aa07",
@ -8384,7 +8488,8 @@
"TEMP.Warlock", "TEMP.Warlock",
"FIN 11", "FIN 11",
"UNC902", "UNC902",
"Graceful Spider" "Graceful Spider",
"Gold Evergreen"
] ]
}, },
"uuid": "c01aadc6-1087-4e8e-8d5c-a27eba409fe3", "uuid": "c01aadc6-1087-4e8e-8d5c-a27eba409fe3",
@ -8540,7 +8645,8 @@
"synonyms": [ "synonyms": [
"UNC1151", "UNC1151",
"TA 445", "TA 445",
"TA445" "TA445",
"UAC-0051"
] ]
}, },
"uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5", "uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5",
@ -8759,7 +8865,8 @@
"Shakthak", "Shakthak",
"TA551", "TA551",
"TA 551", "TA 551",
"Lunar Spider" "Lunar Spider",
"G0127"
] ]
}, },
"uuid": "36e8c848-4d20-47ea-9fc2-31aa17bf82d1", "uuid": "36e8c848-4d20-47ea-9fc2-31aa17bf82d1",
@ -9058,7 +9165,8 @@
], ],
"synonyms": [ "synonyms": [
"Scully Spider", "Scully Spider",
"TA 547" "TA 547",
"TH-163"
] ]
}, },
"uuid": "29fbc8d4-1e6e-4edc-9887-bdf47f36e4c1", "uuid": "29fbc8d4-1e6e-4edc-9887-bdf47f36e4c1",
@ -9071,7 +9179,8 @@
"https://www.thaicert.or.th/downloads/files/Threat_Group_Cards_v2.0.pdf" "https://www.thaicert.or.th/downloads/files/Threat_Group_Cards_v2.0.pdf"
], ],
"synonyms": [ "synonyms": [
"TH-163" "TH-163",
"TA 554"
] ]
}, },
"uuid": "36f1a1b8-e03a-484f-95a3-005345679cbe", "uuid": "36f1a1b8-e03a-484f-95a3-005345679cbe",