Merge pull request #819 from danielplohmann/patch-29

adding Google names for RU threat actors
This commit is contained in:
Alexandre Dulaunoy 2023-02-16 14:43:05 +01:00 committed by GitHub
commit d609ff16c0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -2160,7 +2160,8 @@
"https://www.bleepingcomputer.com/news/security/russian-hackers-use-fake-nato-training-docs-to-breach-govt-networks/",
"https://quointelligence.eu/2020/09/apt28-zebrocy-malware-campaign-nato-theme/",
"https://unit42.paloaltonetworks.com/atoms/fighting-ursa/",
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag"
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
],
"synonyms": [
"Pawn Storm",
@ -2183,7 +2184,8 @@
"TA422",
"T-APT-12",
"APT-C-20",
"UAC-0028"
"UAC-0028",
"FROZENLAKE"
]
},
"related": [
@ -2336,7 +2338,8 @@
"https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/",
"https://www.secureworks.com/research/threat-profiles/iron-hunter",
"https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/",
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag"
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
],
"synonyms": [
"Snake",
@ -2357,7 +2360,8 @@
"ATK13",
"G0010",
"ITG12",
"Blue Python"
"Blue Python",
"SUMMIT"
]
},
"related": [
@ -2494,7 +2498,8 @@
"https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine",
"https://www.welivesecurity.com/2017/05/23/xdata-ransomware-making-rounds-amid-global-wannacryptor-scare",
"https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine",
"https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back"
"https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
],
"synonyms": [
"Quedagh",
@ -2505,7 +2510,8 @@
"ELECTRUM",
"TeleBots",
"IRIDIUM",
"Blue Echidna"
"Blue Echidna",
"FROZENBARENTS"
]
},
"related": [
@ -8248,11 +8254,13 @@
"https://twitter.com/hatr/status/1377220336597483520",
"https://www.mandiant.com/resources/unc1151-linked-to-belarus-government",
"https://www.bleepingcomputer.com/news/security/meta-ukrainian-officials-military-targeted-by-ghostwriter-hackers",
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag"
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
],
"synonyms": [
"UNC1151",
"TA445"
"TA445",
"PUSHCHA"
]
},
"uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5",
@ -8955,14 +8963,16 @@
"https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/",
"https://www.sentinelone.com/blog/threat-actor-uac-0056-targeting-ukraine-with-fake-translation-software/",
"https://unit42.paloaltonetworks.com/atoms/nascentursa/",
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer"
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
],
"synonyms": [
"UNC2589",
"TA471",
"UAC-0056",
"Nascent Ursa",
"Nodaria"
"Nodaria",
"FROZENVISTA"
]
},
"uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f",