mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
chg: [microsoft-activity-group] updated to map the new funky Microsoft "taxonomy"
Script to generate the cluster is the following, UUIDv5 based on standard misp-stix source UUIDv4. ~~~python lcluster = [] for v in data: cluster = {} cluster['value'] = v['threat_actor'] cluster['meta'] = {} cluster['meta']['sector'] = v['sector'] cluster['meta']['synonyms'] = v['synonyms'] cluster['meta']['refs'] = [] cluster['meta']['refs'].append('https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide') _uuid = uuid.uuid5(uuid.UUID("76beed5f-7251-457e-8c2a-b45f7b589d3d"), "{}".format(cluster['value'])) cluster['uuid'] = str(_uuid) lcluster.append(cluster) ~~~ Relationships might be added in a later stage to map with the MISP threat actor galaxy.
This commit is contained in:
parent
76ff618d60
commit
ccc8f0f801
1 changed files with 865 additions and 1 deletions
|
@ -319,7 +319,871 @@
|
||||||
],
|
],
|
||||||
"uuid": "d7247cf9-13b6-4781-b789-a5f33521633b",
|
"uuid": "d7247cf9-13b6-4781-b789-a5f33521633b",
|
||||||
"value": "NOBELIUM"
|
"value": "NOBELIUM"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "China",
|
||||||
|
"synonyms": [
|
||||||
|
"APT41",
|
||||||
|
"BARIUM"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "2fc42ffc-dd1a-560e-ac97-05e8fa27bbe5",
|
||||||
|
"value": "Brass Typhoon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "China",
|
||||||
|
"synonyms": [
|
||||||
|
"CHROMIUM",
|
||||||
|
"ControlX"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "3f8b7c98-7484-523f-9d58-181274e6fc8f",
|
||||||
|
"value": "Charcoal Typhoon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "China",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0322"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "0bebd962-191a-5671-b5b0-f6de7c8180fc",
|
||||||
|
"value": "Circle Typhoon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "China",
|
||||||
|
"synonyms": [
|
||||||
|
"APT40",
|
||||||
|
"GADOLINIUM",
|
||||||
|
"Kryptonite Panda",
|
||||||
|
"Leviathan",
|
||||||
|
"TEMP.Periscope"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "dbc45b46-5b64-50d4-b0f1-d7de888d4e85",
|
||||||
|
"value": "Gingham Typhoon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "China",
|
||||||
|
"synonyms": [
|
||||||
|
"GALLIUM"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "ae4036de-c901-5f21-808a-f5c071ef509b",
|
||||||
|
"value": "Granite Typhoon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "China",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0234"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "aa45a89c-4c2b-5f6b-9a3d-51abccaa9623",
|
||||||
|
"value": "Lilac Typhoon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "China",
|
||||||
|
"synonyms": [
|
||||||
|
"APT5",
|
||||||
|
"Keyhole Panda",
|
||||||
|
"MANGANESE",
|
||||||
|
"TABCTENG"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "fa562b27-d3ff-5e7c-9079-c957eb01a0e0",
|
||||||
|
"value": "Mulberry Typhoon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "China",
|
||||||
|
"synonyms": [
|
||||||
|
"APT15",
|
||||||
|
"NICKEL",
|
||||||
|
"Vixen Panda",
|
||||||
|
"ke3chang"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "66571167-13fe-5817-93e0-54ae8f206fdc",
|
||||||
|
"value": "Nylon Typhoon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "China",
|
||||||
|
"synonyms": [
|
||||||
|
"APT30",
|
||||||
|
"LotusBlossom",
|
||||||
|
"RADIUM"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "b3c378fc-1ce3-5a46-a32e-f55a584c6536",
|
||||||
|
"value": "Raspberry Typhoon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "China",
|
||||||
|
"synonyms": [
|
||||||
|
"HAFNIUM"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "9728610a-17cb-5cac-9322-ef19ae296a29",
|
||||||
|
"value": "Silk Typhoon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "China",
|
||||||
|
"synonyms": [
|
||||||
|
"APT31",
|
||||||
|
"ZIRCONIUM"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "27eb4928-b3e6-5ae1-bbb6-f73bce8d7c69",
|
||||||
|
"value": "Violet Typhoon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Financially motivated",
|
||||||
|
"synonyms": [
|
||||||
|
"Bronze Starlight",
|
||||||
|
"DEV-0401",
|
||||||
|
"Emperor Dragonfly"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "43fe584d-88e5-5f2b-a9fd-a866e62040bb",
|
||||||
|
"value": "Cinnamon Tempest"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Financially motivated",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0950",
|
||||||
|
"FIN11",
|
||||||
|
"TA505"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "b27dcdee-14b1-5842-86b3-32eacec94584",
|
||||||
|
"value": "Lace Tempest"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Financially motivated",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0206",
|
||||||
|
"Purple Vallhund"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "1b1524f4-16b0-5b85-aea4-844babea4ccb",
|
||||||
|
"value": "Mustard Tempest"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Financially motivated",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0193",
|
||||||
|
"UNC2053",
|
||||||
|
"Wizard Spider"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "120dc1ae-e850-5059-a4fb-520748ca6881",
|
||||||
|
"value": "Periwinkle Tempest"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Financially motivated",
|
||||||
|
"synonyms": [
|
||||||
|
"Choziosi loader",
|
||||||
|
"Chrome Loader",
|
||||||
|
"ClickPirate",
|
||||||
|
"DEV-0796"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "3c9a0350-8d17-5624-872c-fe44969a5888",
|
||||||
|
"value": "Phlox Tempest"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Financially motivated",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0237",
|
||||||
|
"FIN12"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "567ea386-a78f-5550-ae7c-9c9eacdf45af",
|
||||||
|
"value": "Pistachio Tempest"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Financially motivated",
|
||||||
|
"synonyms": [
|
||||||
|
"Carbon Spider",
|
||||||
|
"ELBRUS",
|
||||||
|
"FIN7"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "9471ad21-0553-5483-bf7c-e6ad9c062c79",
|
||||||
|
"value": "Sangria Tempest"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Financially motivated",
|
||||||
|
"synonyms": [
|
||||||
|
"CHIMBORAZO",
|
||||||
|
"TA505"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "c85120d0-c397-5d30-9d57-3b019090acd5",
|
||||||
|
"value": "Spandex Tempest"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Financially motivated",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0537",
|
||||||
|
"LAPSUS$"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "d4dfb329-822c-5db3-a078-a8c0f77924da",
|
||||||
|
"value": "Strawberry Tempest"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Financially motivated",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0832"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "a01da064-988c-5ad3-92c6-9537adb6a5f0",
|
||||||
|
"value": "Vanilla Tempest"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Financially motivated",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0504"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "0662a721-a92e-50b3-a5ac-0c4142ac9aeb",
|
||||||
|
"value": "Velvet Tempest"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Financially motivated",
|
||||||
|
"synonyms": [
|
||||||
|
"PARINACOTA",
|
||||||
|
"Wadhrama"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "5939e42e-06d0-5719-8072-62f0fc0821e8",
|
||||||
|
"value": "Wine Tempest"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Group in development",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0257",
|
||||||
|
"UNC1151"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "60ac9e2c-b3b2-5c6b-913e-935952e14c28",
|
||||||
|
"value": "Storm-0257"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Iran",
|
||||||
|
"synonyms": [
|
||||||
|
"NEPTUNIUM",
|
||||||
|
"Vice Leaker"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "b06ff51a-77e7-5b7f-9938-4a2d37bce5a4",
|
||||||
|
"value": "Cotton Sandstorm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Iran",
|
||||||
|
"synonyms": [
|
||||||
|
"CURIUM",
|
||||||
|
"TA456",
|
||||||
|
"Tortoise Shell"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "b76e22b0-26a4-50ca-b876-09bc90a81b3b",
|
||||||
|
"value": "Crimson Sandstorm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Iran",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0228"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "badacab7-5097-5817-8516-d8a72de2a71b",
|
||||||
|
"value": "Cuboid Sandstorm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Iran",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0343"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "395473c6-be98-5369-82d1-cdbc97b3fddc",
|
||||||
|
"value": "Gray Sandstorm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Iran",
|
||||||
|
"synonyms": [
|
||||||
|
"APT34",
|
||||||
|
"Cobalt Gypsy",
|
||||||
|
"EUROPIUM",
|
||||||
|
"OilRig"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "b6260d6d-a2f7-5b79-8132-5c456a225f53",
|
||||||
|
"value": "Hazel Sandstorm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Iran",
|
||||||
|
"synonyms": [
|
||||||
|
"Fox Kitten",
|
||||||
|
"PioneerKitten",
|
||||||
|
"RUBIDIUM",
|
||||||
|
"UNC757"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "0757856a-1313-57d8-bb6c-f4c537e110da",
|
||||||
|
"value": "Lemon Sandstorm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Iran",
|
||||||
|
"synonyms": [
|
||||||
|
"MERCURY",
|
||||||
|
"MuddyWater",
|
||||||
|
"SeedWorm",
|
||||||
|
"Static Kitten",
|
||||||
|
"TEMP.Zagros"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "da68ca6d-250f-50f1-a585-240475fdbb35",
|
||||||
|
"value": "Mango Sandstorm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Iran",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0500",
|
||||||
|
"Moses Staff"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "ef415059-e150-5324-877e-44b65ab022f5",
|
||||||
|
"value": "Marigold Sandstorm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Iran",
|
||||||
|
"synonyms": [
|
||||||
|
"APT35",
|
||||||
|
"Charming Kitten",
|
||||||
|
"PHOSPHORUS"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "400cd1b8-52b7-5a5c-984f-9b4af35ea231",
|
||||||
|
"value": "Mint Sandstorm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Iran",
|
||||||
|
"synonyms": [
|
||||||
|
"APT33",
|
||||||
|
"HOLMIUM",
|
||||||
|
"Refined Kitten"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "4c0f085a-70b1-5ee6-a45a-dc368f03e701",
|
||||||
|
"value": "Peach Sandstorm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Iran",
|
||||||
|
"synonyms": [
|
||||||
|
"AMERICIUM",
|
||||||
|
"Agrius",
|
||||||
|
"BlackShadow",
|
||||||
|
"Deadwood",
|
||||||
|
"SharpBoys"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "cca311c0-dc91-5aee-b282-5e412040dac3",
|
||||||
|
"value": "Pink Sandstorm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Iran",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0146",
|
||||||
|
"ZeroCleare"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "562049d7-78f5-5a65-b7db-c509c9f483f7",
|
||||||
|
"value": "Pumpkin Sandstorm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Iran",
|
||||||
|
"synonyms": [
|
||||||
|
"BOHRIUM"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "4426d375-1435-5ccc-8c1f-f8688bd11f80",
|
||||||
|
"value": "Smoke Sandstorm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Lebanon",
|
||||||
|
"synonyms": [
|
||||||
|
"POLONIUM"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "ce5357da-0e15-5022-bd4f-74aa689d0b2e",
|
||||||
|
"value": "Plaid Rain"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "North Korea",
|
||||||
|
"synonyms": [
|
||||||
|
"Labyrinth Chollima",
|
||||||
|
"Lazarus",
|
||||||
|
"ZINC"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "9630b0aa-ee9e-5b58-9f79-cf7fa8d291a8",
|
||||||
|
"value": "Diamond Sleet"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "North Korea",
|
||||||
|
"synonyms": [
|
||||||
|
"Kimsuky",
|
||||||
|
"THALLIUM",
|
||||||
|
"Velvet Chollima"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "44be06b1-e17a-5ea6-a0a2-067933a7af77",
|
||||||
|
"value": "Emerald Sleet"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "North Korea",
|
||||||
|
"synonyms": [
|
||||||
|
"Konni",
|
||||||
|
"OSMIUM"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "5163b2d9-7521-5225-a7a8-88d881fbc406",
|
||||||
|
"value": "Opal Sleet"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "North Korea",
|
||||||
|
"synonyms": [
|
||||||
|
"LAWRENCIUM"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "1c5c67ad-c241-5103-99d0-daab5a554b0d",
|
||||||
|
"value": "Pearl Sleet"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "North Korea",
|
||||||
|
"synonyms": [
|
||||||
|
"CERIUM"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "c29e7262-6a6f-501d-8c00-57f75f2172a3",
|
||||||
|
"value": "Ruby Sleet"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "North Korea",
|
||||||
|
"synonyms": [
|
||||||
|
"BlueNoroff",
|
||||||
|
"COPERNICIUM",
|
||||||
|
"Genie Spider"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "3a32c54d-d86a-55de-b16a-d9a08a5cf49b",
|
||||||
|
"value": "Sapphire Sleet"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "North Korea",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0530",
|
||||||
|
"H0lyGh0st"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "ab314f1c-8d07-5edb-bb32-64d1105f74ff",
|
||||||
|
"value": "Storm-0530"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Private Sector Offensive Actor",
|
||||||
|
"synonyms": [
|
||||||
|
"Candiru",
|
||||||
|
"SOURGUM"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "1b15288c-ff19-5f52-8c4b-6185de934ff8",
|
||||||
|
"value": "Caramel Tsunami"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Private Sector Offensive Actor",
|
||||||
|
"synonyms": [
|
||||||
|
"DSIRF",
|
||||||
|
"KNOTWEED"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "9a4a662a-84a9-5b86-b241-7c5eef9cea4d",
|
||||||
|
"value": "Denim Tsunami"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Private Sector Offensive Actor",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0336",
|
||||||
|
"NSO Group"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "af54315b-3561-5046-8b9b-c3e9e05c0f77",
|
||||||
|
"value": "Night Tsunami"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Private Sector Offensive Actor",
|
||||||
|
"synonyms": [
|
||||||
|
"CyberRoot",
|
||||||
|
"DEV-0605"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "2263b6c9-861a-5971-b882-9ea4a84fcf74",
|
||||||
|
"value": "Wisteria Tsunami"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Russia",
|
||||||
|
"synonyms": [
|
||||||
|
"ACTINIUM",
|
||||||
|
"Gamaredon",
|
||||||
|
"Primitive Bear",
|
||||||
|
"UNC530"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "fc77a775-d06f-5efc-a6fa-0b2af01902a7",
|
||||||
|
"value": "Aqua Blizzard"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Russia",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0586"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "7f190457-6829-55c4-9b6b-bccdadb747cb",
|
||||||
|
"value": "Cadet Blizzard"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Russia",
|
||||||
|
"synonyms": [
|
||||||
|
"APT28",
|
||||||
|
"Fancy Bear",
|
||||||
|
"STRONTIUM"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "8d84d7b0-7716-5ab3-a3a4-f373dd148347",
|
||||||
|
"value": "Forest Blizzard"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Russia",
|
||||||
|
"synonyms": [
|
||||||
|
"BROMINE",
|
||||||
|
"Crouching Yeti",
|
||||||
|
"Energetic Bear"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "45d0f984-2b63-517b-922a-12924bcf4f68",
|
||||||
|
"value": "Ghost Blizzard"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Russia",
|
||||||
|
"synonyms": [
|
||||||
|
"APT29",
|
||||||
|
"Cozy Bear",
|
||||||
|
"NOBELIUM"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "31982812-c8bf-5e85-b0ba-0c64a7d05d20",
|
||||||
|
"value": "Midnight Blizzard"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Russia",
|
||||||
|
"synonyms": [
|
||||||
|
"IRIDIUM",
|
||||||
|
"Sandworm"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "473eb51c-36cb-5e3a-8347-2f57df809be9",
|
||||||
|
"value": "Seashell Blizzard"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Russia",
|
||||||
|
"synonyms": [
|
||||||
|
"Callisto",
|
||||||
|
"Reuse Team",
|
||||||
|
"SEABORGIUM"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "06630ccd-98ed-5aec-8083-e04c894bd2d6",
|
||||||
|
"value": "Star Blizzard"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Russia",
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0665"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "79f8646f-d127-51b7-b502-b096b445c322",
|
||||||
|
"value": "Sunglow Blizzard"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "South Korea",
|
||||||
|
"synonyms": [
|
||||||
|
"DUBNIUM",
|
||||||
|
"Dark Hotel",
|
||||||
|
"Tapaoux"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "0a4ddab3-a1a6-5372-b11f-5edc25c0e548",
|
||||||
|
"value": "Zigzag Hail"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Turkey",
|
||||||
|
"synonyms": [
|
||||||
|
"SILICON",
|
||||||
|
"Sea Turtle"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "fc91881e-92c0-5a63-a0b9-b253958a594e",
|
||||||
|
"value": "Marbled Dust"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
|
||||||
|
],
|
||||||
|
"sector": "Vietnam",
|
||||||
|
"synonyms": [
|
||||||
|
"APT32",
|
||||||
|
"BISMUTH",
|
||||||
|
"OceanLotus"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "37808cab-cbb3-560b-bebd-375fa328ea1e",
|
||||||
|
"value": "Canvas Cyclone"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 11
|
"version": 12
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue