From ccc8f0f8018fece44f3afd18375894b16948da88 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 19 Apr 2023 10:47:11 +0200 Subject: [PATCH] chg: [microsoft-activity-group] updated to map the new funky Microsoft "taxonomy" Script to generate the cluster is the following, UUIDv5 based on standard misp-stix source UUIDv4. ~~~python lcluster = [] for v in data: cluster = {} cluster['value'] = v['threat_actor'] cluster['meta'] = {} cluster['meta']['sector'] = v['sector'] cluster['meta']['synonyms'] = v['synonyms'] cluster['meta']['refs'] = [] cluster['meta']['refs'].append('https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide') _uuid = uuid.uuid5(uuid.UUID("76beed5f-7251-457e-8c2a-b45f7b589d3d"), "{}".format(cluster['value'])) cluster['uuid'] = str(_uuid) lcluster.append(cluster) ~~~ Relationships might be added in a later stage to map with the MISP threat actor galaxy. --- clusters/microsoft-activity-group.json | 866 ++++++++++++++++++++++++- 1 file changed, 865 insertions(+), 1 deletion(-) diff --git a/clusters/microsoft-activity-group.json b/clusters/microsoft-activity-group.json index 012e1bd..1cf8757 100644 --- a/clusters/microsoft-activity-group.json +++ b/clusters/microsoft-activity-group.json @@ -319,7 +319,871 @@ ], "uuid": "d7247cf9-13b6-4781-b789-a5f33521633b", "value": "NOBELIUM" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "China", + "synonyms": [ + "APT41", + "BARIUM" + ] + }, + "uuid": "2fc42ffc-dd1a-560e-ac97-05e8fa27bbe5", + "value": "Brass Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "China", + "synonyms": [ + "CHROMIUM", + "ControlX" + ] + }, + "uuid": "3f8b7c98-7484-523f-9d58-181274e6fc8f", + "value": "Charcoal Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "China", + "synonyms": [ + "DEV-0322" + ] + }, + "uuid": "0bebd962-191a-5671-b5b0-f6de7c8180fc", + "value": "Circle Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "China", + "synonyms": [ + "APT40", + "GADOLINIUM", + "Kryptonite Panda", + "Leviathan", + "TEMP.Periscope" + ] + }, + "uuid": "dbc45b46-5b64-50d4-b0f1-d7de888d4e85", + "value": "Gingham Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "China", + "synonyms": [ + "GALLIUM" + ] + }, + "uuid": "ae4036de-c901-5f21-808a-f5c071ef509b", + "value": "Granite Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "China", + "synonyms": [ + "DEV-0234" + ] + }, + "uuid": "aa45a89c-4c2b-5f6b-9a3d-51abccaa9623", + "value": "Lilac Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "China", + "synonyms": [ + "APT5", + "Keyhole Panda", + "MANGANESE", + "TABCTENG" + ] + }, + "uuid": "fa562b27-d3ff-5e7c-9079-c957eb01a0e0", + "value": "Mulberry Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "China", + "synonyms": [ + "APT15", + "NICKEL", + "Vixen Panda", + "ke3chang" + ] + }, + "uuid": "66571167-13fe-5817-93e0-54ae8f206fdc", + "value": "Nylon Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "China", + "synonyms": [ + "APT30", + "LotusBlossom", + "RADIUM" + ] + }, + "uuid": "b3c378fc-1ce3-5a46-a32e-f55a584c6536", + "value": "Raspberry Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "China", + "synonyms": [ + "HAFNIUM" + ] + }, + "uuid": "9728610a-17cb-5cac-9322-ef19ae296a29", + "value": "Silk Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "China", + "synonyms": [ + "APT31", + "ZIRCONIUM" + ] + }, + "uuid": "27eb4928-b3e6-5ae1-bbb6-f73bce8d7c69", + "value": "Violet Typhoon" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "Bronze Starlight", + "DEV-0401", + "Emperor Dragonfly" + ] + }, + "uuid": "43fe584d-88e5-5f2b-a9fd-a866e62040bb", + "value": "Cinnamon Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "DEV-0950", + "FIN11", + "TA505" + ] + }, + "uuid": "b27dcdee-14b1-5842-86b3-32eacec94584", + "value": "Lace Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "DEV-0206", + "Purple Vallhund" + ] + }, + "uuid": "1b1524f4-16b0-5b85-aea4-844babea4ccb", + "value": "Mustard Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "DEV-0193", + "UNC2053", + "Wizard Spider" + ] + }, + "uuid": "120dc1ae-e850-5059-a4fb-520748ca6881", + "value": "Periwinkle Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "Choziosi loader", + "Chrome Loader", + "ClickPirate", + "DEV-0796" + ] + }, + "uuid": "3c9a0350-8d17-5624-872c-fe44969a5888", + "value": "Phlox Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "DEV-0237", + "FIN12" + ] + }, + "uuid": "567ea386-a78f-5550-ae7c-9c9eacdf45af", + "value": "Pistachio Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "Carbon Spider", + "ELBRUS", + "FIN7" + ] + }, + "uuid": "9471ad21-0553-5483-bf7c-e6ad9c062c79", + "value": "Sangria Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "CHIMBORAZO", + "TA505" + ] + }, + "uuid": "c85120d0-c397-5d30-9d57-3b019090acd5", + "value": "Spandex Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "DEV-0537", + "LAPSUS$" + ] + }, + "uuid": "d4dfb329-822c-5db3-a078-a8c0f77924da", + "value": "Strawberry Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "DEV-0832" + ] + }, + "uuid": "a01da064-988c-5ad3-92c6-9537adb6a5f0", + "value": "Vanilla Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "DEV-0504" + ] + }, + "uuid": "0662a721-a92e-50b3-a5ac-0c4142ac9aeb", + "value": "Velvet Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Financially motivated", + "synonyms": [ + "PARINACOTA", + "Wadhrama" + ] + }, + "uuid": "5939e42e-06d0-5719-8072-62f0fc0821e8", + "value": "Wine Tempest" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Group in development", + "synonyms": [ + "DEV-0257", + "UNC1151" + ] + }, + "uuid": "60ac9e2c-b3b2-5c6b-913e-935952e14c28", + "value": "Storm-0257" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Iran", + "synonyms": [ + "NEPTUNIUM", + "Vice Leaker" + ] + }, + "uuid": "b06ff51a-77e7-5b7f-9938-4a2d37bce5a4", + "value": "Cotton Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Iran", + "synonyms": [ + "CURIUM", + "TA456", + "Tortoise Shell" + ] + }, + "uuid": "b76e22b0-26a4-50ca-b876-09bc90a81b3b", + "value": "Crimson Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Iran", + "synonyms": [ + "DEV-0228" + ] + }, + "uuid": "badacab7-5097-5817-8516-d8a72de2a71b", + "value": "Cuboid Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Iran", + "synonyms": [ + "DEV-0343" + ] + }, + "uuid": "395473c6-be98-5369-82d1-cdbc97b3fddc", + "value": "Gray Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Iran", + "synonyms": [ + "APT34", + "Cobalt Gypsy", + "EUROPIUM", + "OilRig" + ] + }, + "uuid": "b6260d6d-a2f7-5b79-8132-5c456a225f53", + "value": "Hazel Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Iran", + "synonyms": [ + "Fox Kitten", + "PioneerKitten", + "RUBIDIUM", + "UNC757" + ] + }, + "uuid": "0757856a-1313-57d8-bb6c-f4c537e110da", + "value": "Lemon Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Iran", + "synonyms": [ + "MERCURY", + "MuddyWater", + "SeedWorm", + "Static Kitten", + "TEMP.Zagros" + ] + }, + "uuid": "da68ca6d-250f-50f1-a585-240475fdbb35", + "value": "Mango Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Iran", + "synonyms": [ + "DEV-0500", + "Moses Staff" + ] + }, + "uuid": "ef415059-e150-5324-877e-44b65ab022f5", + "value": "Marigold Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Iran", + "synonyms": [ + "APT35", + "Charming Kitten", + "PHOSPHORUS" + ] + }, + "uuid": "400cd1b8-52b7-5a5c-984f-9b4af35ea231", + "value": "Mint Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Iran", + "synonyms": [ + "APT33", + "HOLMIUM", + "Refined Kitten" + ] + }, + "uuid": "4c0f085a-70b1-5ee6-a45a-dc368f03e701", + "value": "Peach Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Iran", + "synonyms": [ + "AMERICIUM", + "Agrius", + "BlackShadow", + "Deadwood", + "SharpBoys" + ] + }, + "uuid": "cca311c0-dc91-5aee-b282-5e412040dac3", + "value": "Pink Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Iran", + "synonyms": [ + "DEV-0146", + "ZeroCleare" + ] + }, + "uuid": "562049d7-78f5-5a65-b7db-c509c9f483f7", + "value": "Pumpkin Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Iran", + "synonyms": [ + "BOHRIUM" + ] + }, + "uuid": "4426d375-1435-5ccc-8c1f-f8688bd11f80", + "value": "Smoke Sandstorm" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Lebanon", + "synonyms": [ + "POLONIUM" + ] + }, + "uuid": "ce5357da-0e15-5022-bd4f-74aa689d0b2e", + "value": "Plaid Rain" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "North Korea", + "synonyms": [ + "Labyrinth Chollima", + "Lazarus", + "ZINC" + ] + }, + "uuid": "9630b0aa-ee9e-5b58-9f79-cf7fa8d291a8", + "value": "Diamond Sleet" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "North Korea", + "synonyms": [ + "Kimsuky", + "THALLIUM", + "Velvet Chollima" + ] + }, + "uuid": "44be06b1-e17a-5ea6-a0a2-067933a7af77", + "value": "Emerald Sleet" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "North Korea", + "synonyms": [ + "Konni", + "OSMIUM" + ] + }, + "uuid": "5163b2d9-7521-5225-a7a8-88d881fbc406", + "value": "Opal Sleet" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "North Korea", + "synonyms": [ + "LAWRENCIUM" + ] + }, + "uuid": "1c5c67ad-c241-5103-99d0-daab5a554b0d", + "value": "Pearl Sleet" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "North Korea", + "synonyms": [ + "CERIUM" + ] + }, + "uuid": "c29e7262-6a6f-501d-8c00-57f75f2172a3", + "value": "Ruby Sleet" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "North Korea", + "synonyms": [ + "BlueNoroff", + "COPERNICIUM", + "Genie Spider" + ] + }, + "uuid": "3a32c54d-d86a-55de-b16a-d9a08a5cf49b", + "value": "Sapphire Sleet" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "North Korea", + "synonyms": [ + "DEV-0530", + "H0lyGh0st" + ] + }, + "uuid": "ab314f1c-8d07-5edb-bb32-64d1105f74ff", + "value": "Storm-0530" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Private Sector Offensive Actor", + "synonyms": [ + "Candiru", + "SOURGUM" + ] + }, + "uuid": "1b15288c-ff19-5f52-8c4b-6185de934ff8", + "value": "Caramel Tsunami" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Private Sector Offensive Actor", + "synonyms": [ + "DSIRF", + "KNOTWEED" + ] + }, + "uuid": "9a4a662a-84a9-5b86-b241-7c5eef9cea4d", + "value": "Denim Tsunami" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Private Sector Offensive Actor", + "synonyms": [ + "DEV-0336", + "NSO Group" + ] + }, + "uuid": "af54315b-3561-5046-8b9b-c3e9e05c0f77", + "value": "Night Tsunami" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Private Sector Offensive Actor", + "synonyms": [ + "CyberRoot", + "DEV-0605" + ] + }, + "uuid": "2263b6c9-861a-5971-b882-9ea4a84fcf74", + "value": "Wisteria Tsunami" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Russia", + "synonyms": [ + "ACTINIUM", + "Gamaredon", + "Primitive Bear", + "UNC530" + ] + }, + "uuid": "fc77a775-d06f-5efc-a6fa-0b2af01902a7", + "value": "Aqua Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Russia", + "synonyms": [ + "DEV-0586" + ] + }, + "uuid": "7f190457-6829-55c4-9b6b-bccdadb747cb", + "value": "Cadet Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Russia", + "synonyms": [ + "APT28", + "Fancy Bear", + "STRONTIUM" + ] + }, + "uuid": "8d84d7b0-7716-5ab3-a3a4-f373dd148347", + "value": "Forest Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Russia", + "synonyms": [ + "BROMINE", + "Crouching Yeti", + "Energetic Bear" + ] + }, + "uuid": "45d0f984-2b63-517b-922a-12924bcf4f68", + "value": "Ghost Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Russia", + "synonyms": [ + "APT29", + "Cozy Bear", + "NOBELIUM" + ] + }, + "uuid": "31982812-c8bf-5e85-b0ba-0c64a7d05d20", + "value": "Midnight Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Russia", + "synonyms": [ + "IRIDIUM", + "Sandworm" + ] + }, + "uuid": "473eb51c-36cb-5e3a-8347-2f57df809be9", + "value": "Seashell Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Russia", + "synonyms": [ + "Callisto", + "Reuse Team", + "SEABORGIUM" + ] + }, + "uuid": "06630ccd-98ed-5aec-8083-e04c894bd2d6", + "value": "Star Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Russia", + "synonyms": [ + "DEV-0665" + ] + }, + "uuid": "79f8646f-d127-51b7-b502-b096b445c322", + "value": "Sunglow Blizzard" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "South Korea", + "synonyms": [ + "DUBNIUM", + "Dark Hotel", + "Tapaoux" + ] + }, + "uuid": "0a4ddab3-a1a6-5372-b11f-5edc25c0e548", + "value": "Zigzag Hail" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Turkey", + "synonyms": [ + "SILICON", + "Sea Turtle" + ] + }, + "uuid": "fc91881e-92c0-5a63-a0b9-b253958a594e", + "value": "Marbled Dust" + }, + { + "meta": { + "refs": [ + "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" + ], + "sector": "Vietnam", + "synonyms": [ + "APT32", + "BISMUTH", + "OceanLotus" + ] + }, + "uuid": "37808cab-cbb3-560b-bebd-375fa328ea1e", + "value": "Canvas Cyclone" } ], - "version": 11 + "version": 12 }