MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 08:47:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat-actors] Merge Axiom into APT17

Browse source
This commit is contained in:
Mathieu Beligon 2022-08-25 13:49:07 -07:00
parent 7f82616c10
commit 9b714dcd76
1 changed files with 19 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

96
clusters/threat-actor.json
View file

@ -486,7 +486,17 @@
"attribution-confidence": "50",
"cfr-suspected-state-sponsor": "China",
"cfr-suspected-victims": [
"United States"
"United States",
"Netherlands",
"Italy",
"Japan",
"United Kingdom",
"Belgium",
"Russia",
"Indonesia",
"Germany",
"Switzerland",
"China"
],
"cfr-target-category": [
"Government",
@ -504,7 +514,10 @@
"https://web.archive.org/web/20130920000343/https://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire",
"https://www.recordedfuture.com/hidden-lynx-analysis/",
"https://www.secureworks.com/research/threat-profiles/bronze-keystone",
"https://attack.mitre.org/groups/G0025/"
"https://attack.mitre.org/groups/G0025/",
"cfr.org/cyber-operations/axiom",
"https://attack.mitre.org/groups/G0001/",
"https://www.youtube.com/watch?v=NFJqD-LcpIg"
],
"synonyms": [
"APT 17",
@ -515,7 +528,9 @@
"Tailgater Team",
"Dogfish",
"BRONZE KEYSTONE",
"G0025"
"G0025",
"Group72",
"G0001"
]
},
"related": [
@ -526,13 +541,6 @@
],
"type": "similar"
},
{
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff",
"tags": [
@ -600,72 +608,6 @@
"uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c",
"value": "Wekby"
},
{
"description": "Axiom is a suspected Chinese cyber espionage group that has targeted the aerospace, defense, government, manufacturing, and media sectors since at least 2008. Some reporting suggests a degree of overlap between Axiom and Winnti Group but the two groups appear to be distinct based on differences in reporting on TTPs and targeting.",
"meta": {
"attribution-confidence": "50",
"cfr-suspected-state-sponsor": "China",
"cfr-suspected-victims": [
"United States",
"Netherlands",
"Italy",
"Japan",
"United Kingdom",
"Belgium",
"Russia",
"Indonesia",
"Germany",
"Switzerland",
"China"
],
"cfr-target-category": [
"Government",
"Private sector"
],
"cfr-type-of-incident": "Espionage",
"country": "CN",
"refs": [
"cfr.org/cyber-operations/axiom",
"https://attack.mitre.org/groups/G0001/"
],
"synonyms": [
"Group72",
"G0001"
]
},
"related": [
{
"dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "9c124874-042d-48cd-b72b-ccdc51ecbbd6",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
"value": "Axiom"
},
{
"description": "Adversary group targeting financial, technology, non-profit organisations.",
"meta": {
@ -7672,7 +7614,7 @@
"type": "uses"
},
{
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
"dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],