From 9b714dcd767df5bbea8b199989550768de16e13f Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Thu, 25 Aug 2022 13:49:07 -0700 Subject: [PATCH] [threat-actors] Merge Axiom into APT17 --- clusters/threat-actor.json | 96 ++++++++------------------------------ 1 file changed, 19 insertions(+), 77 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 0a155ae..745ad68 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -486,7 +486,17 @@ "attribution-confidence": "50", "cfr-suspected-state-sponsor": "China", "cfr-suspected-victims": [ - "United States" + "United States", + "Netherlands", + "Italy", + "Japan", + "United Kingdom", + "Belgium", + "Russia", + "Indonesia", + "Germany", + "Switzerland", + "China" ], "cfr-target-category": [ "Government", @@ -504,7 +514,10 @@ "https://web.archive.org/web/20130920000343/https://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire", "https://www.recordedfuture.com/hidden-lynx-analysis/", "https://www.secureworks.com/research/threat-profiles/bronze-keystone", - "https://attack.mitre.org/groups/G0025/" + "https://attack.mitre.org/groups/G0025/", + "cfr.org/cyber-operations/axiom", + "https://attack.mitre.org/groups/G0001/", + "https://www.youtube.com/watch?v=NFJqD-LcpIg" ], "synonyms": [ "APT 17", @@ -515,7 +528,9 @@ "Tailgater Team", "Dogfish", "BRONZE KEYSTONE", - "G0025" + "G0025", + "Group72", + "G0001" ] }, "related": [ @@ -526,13 +541,6 @@ ], "type": "similar" }, - { - "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, { "dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", "tags": [ @@ -600,72 +608,6 @@ "uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c", "value": "Wekby" }, - { - "description": "Axiom is a suspected Chinese cyber espionage group that has targeted the aerospace, defense, government, manufacturing, and media sectors since at least 2008. Some reporting suggests a degree of overlap between Axiom and Winnti Group but the two groups appear to be distinct based on differences in reporting on TTPs and targeting.", - "meta": { - "attribution-confidence": "50", - "cfr-suspected-state-sponsor": "China", - "cfr-suspected-victims": [ - "United States", - "Netherlands", - "Italy", - "Japan", - "United Kingdom", - "Belgium", - "Russia", - "Indonesia", - "Germany", - "Switzerland", - "China" - ], - "cfr-target-category": [ - "Government", - "Private sector" - ], - "cfr-type-of-incident": "Espionage", - "country": "CN", - "refs": [ - "cfr.org/cyber-operations/axiom", - "https://attack.mitre.org/groups/G0001/" - ], - "synonyms": [ - "Group72", - "G0001" - ] - }, - "related": [ - { - "dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "9c124874-042d-48cd-b72b-ccdc51ecbbd6", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], - "uuid": "24110866-cb22-4c85-a7d2-0413e126694b", - "value": "Axiom" - }, { "description": "Adversary group targeting financial, technology, non-profit organisations.", "meta": { @@ -7672,7 +7614,7 @@ "type": "uses" }, { - "dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b", + "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", "tags": [ "estimative-language:likelihood-probability=\"very-likely\"" ],