From af280fa83a6ac4cb707785d5ccfcdc795dce836f Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 29 Feb 2016 07:50:45 +0100 Subject: [PATCH] More CN-based groups --- elements/apt-groups.json | 58 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 57 insertions(+), 1 deletion(-) diff --git a/elements/apt-groups.json b/elements/apt-groups.json index 9b124e3..64a7ee5 100644 --- a/elements/apt-groups.json +++ b/elements/apt-groups.json @@ -3,7 +3,7 @@ "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "authors": ["Alexandre Dulaunoy", "Florian Roth", "Various"], "type": "APT Groups", - "groups" : ["Comment Crew","Putter Panda","Sofacy","APT 29","Turla Group","Energetic Bear","Sandworm","Anunak","TeamSpy Crew","BuhTrap","Putter Panda","UPS","IXESHE","APT 16","Aurora Panda","Wekby","Axiom","Shell Crew","Naikon","Lotus Blossom","Hurricane Panda","Emissary Panda","Stone Panda","Nightshade Panda","Hellsing","Night Dragon","Mirage","Anchor Panda"], + "groups" : ["Comment Crew","Putter Panda","Sofacy","APT 29","Turla Group","Energetic Bear","Sandworm","Anunak","TeamSpy Crew","BuhTrap","Putter Panda","UPS","IXESHE","APT 16","Aurora Panda","Wekby","Axiom","Shell Crew","Naikon","Lotus Blossom","Hurricane Panda","Emissary Panda","Stone Panda","Nightshade Panda","Hellsing","Night Dragon","Mirage","Anchor Panda","NetTraveler","Ice Fog","HiddenLynx","Beijing Group","Pirate Panda","Radio Panda","Dagger Panda","Samurai Panda","Impersonating Panda","Violin Panda","Toxic Panda","Temper Panda"], "details" : [ { "group": "Comment Crew", @@ -115,6 +115,62 @@ "country": "CN" }, { + "group": "NetTraveler", + "refs": ["https://securelist.com/blog/research/35936/nettraveler-is-running-red-star-apt-attacks-compromise-high-profile-victims/"], + "country": "CN" + }, + { + "group": "Ice Fog", + "refs": ["https://securelist.com/blog/research/57331/the-icefog-apt-a-tale-of-cloak-and-three-daggers/"], + "country": "CN", + "synomyns": ["IceFog"] + }, + { + "group": "HiddenLynx", + "refs": ["http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf"], + "country": "CN" + }, + { + "group": "Beijing Group", + "country": "CN" + }, + { + "group": "Pirate Panda", + "country": "CN" + }, + { + "group": "Radio Panda", + "country": "CN" + }, + { + "group": "Dagger Panda", + "country": "CN" + }, + { + "group": "Samurai Panda", + "refs": ["http://www.crowdstrike.com/blog/whois-samurai-panda/"], + "country": "CN", + "synonyms": ["PLA Navy","APT4","APT 4"] + }, + { + "group": "Impersonating Panda", + "country": "CN" + }, + { + "group": "Violin Panda", + "country": "CN" + }, + { + "group": "Toxic Panda", + "country": "CN" + }, + { + "group": "Temper Panda", + "refs": ["https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html"], + "country": "CN", + "synonyms": ["Admin338","Team338"] + }, + { "group": "Sofacy", "description": "The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat.", "refs": ["https://en.wikipedia.org/wiki/Sofacy_Group"],