mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
Merge pull request #819 from danielplohmann/patch-29
adding Google names for RU threat actors
This commit is contained in:
commit
d609ff16c0
1 changed files with 20 additions and 10 deletions
|
@ -2160,7 +2160,8 @@
|
||||||
"https://www.bleepingcomputer.com/news/security/russian-hackers-use-fake-nato-training-docs-to-breach-govt-networks/",
|
"https://www.bleepingcomputer.com/news/security/russian-hackers-use-fake-nato-training-docs-to-breach-govt-networks/",
|
||||||
"https://quointelligence.eu/2020/09/apt28-zebrocy-malware-campaign-nato-theme/",
|
"https://quointelligence.eu/2020/09/apt28-zebrocy-malware-campaign-nato-theme/",
|
||||||
"https://unit42.paloaltonetworks.com/atoms/fighting-ursa/",
|
"https://unit42.paloaltonetworks.com/atoms/fighting-ursa/",
|
||||||
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag"
|
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
|
||||||
|
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Pawn Storm",
|
"Pawn Storm",
|
||||||
|
@ -2183,7 +2184,8 @@
|
||||||
"TA422",
|
"TA422",
|
||||||
"T-APT-12",
|
"T-APT-12",
|
||||||
"APT-C-20",
|
"APT-C-20",
|
||||||
"UAC-0028"
|
"UAC-0028",
|
||||||
|
"FROZENLAKE"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -2336,7 +2338,8 @@
|
||||||
"https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/",
|
"https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/",
|
||||||
"https://www.secureworks.com/research/threat-profiles/iron-hunter",
|
"https://www.secureworks.com/research/threat-profiles/iron-hunter",
|
||||||
"https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/",
|
"https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/",
|
||||||
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag"
|
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
|
||||||
|
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Snake",
|
"Snake",
|
||||||
|
@ -2357,7 +2360,8 @@
|
||||||
"ATK13",
|
"ATK13",
|
||||||
"G0010",
|
"G0010",
|
||||||
"ITG12",
|
"ITG12",
|
||||||
"Blue Python"
|
"Blue Python",
|
||||||
|
"SUMMIT"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -2494,7 +2498,8 @@
|
||||||
"https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine",
|
"https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine",
|
||||||
"https://www.welivesecurity.com/2017/05/23/xdata-ransomware-making-rounds-amid-global-wannacryptor-scare",
|
"https://www.welivesecurity.com/2017/05/23/xdata-ransomware-making-rounds-amid-global-wannacryptor-scare",
|
||||||
"https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine",
|
"https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine",
|
||||||
"https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back"
|
"https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back",
|
||||||
|
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Quedagh",
|
"Quedagh",
|
||||||
|
@ -2505,7 +2510,8 @@
|
||||||
"ELECTRUM",
|
"ELECTRUM",
|
||||||
"TeleBots",
|
"TeleBots",
|
||||||
"IRIDIUM",
|
"IRIDIUM",
|
||||||
"Blue Echidna"
|
"Blue Echidna",
|
||||||
|
"FROZENBARENTS"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -8248,11 +8254,13 @@
|
||||||
"https://twitter.com/hatr/status/1377220336597483520",
|
"https://twitter.com/hatr/status/1377220336597483520",
|
||||||
"https://www.mandiant.com/resources/unc1151-linked-to-belarus-government",
|
"https://www.mandiant.com/resources/unc1151-linked-to-belarus-government",
|
||||||
"https://www.bleepingcomputer.com/news/security/meta-ukrainian-officials-military-targeted-by-ghostwriter-hackers",
|
"https://www.bleepingcomputer.com/news/security/meta-ukrainian-officials-military-targeted-by-ghostwriter-hackers",
|
||||||
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag"
|
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
|
||||||
|
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"UNC1151",
|
"UNC1151",
|
||||||
"TA445"
|
"TA445",
|
||||||
|
"PUSHCHA"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5",
|
"uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5",
|
||||||
|
@ -8955,14 +8963,16 @@
|
||||||
"https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/",
|
"https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/",
|
||||||
"https://www.sentinelone.com/blog/threat-actor-uac-0056-targeting-ukraine-with-fake-translation-software/",
|
"https://www.sentinelone.com/blog/threat-actor-uac-0056-targeting-ukraine-with-fake-translation-software/",
|
||||||
"https://unit42.paloaltonetworks.com/atoms/nascentursa/",
|
"https://unit42.paloaltonetworks.com/atoms/nascentursa/",
|
||||||
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer"
|
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer",
|
||||||
|
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"UNC2589",
|
"UNC2589",
|
||||||
"TA471",
|
"TA471",
|
||||||
"UAC-0056",
|
"UAC-0056",
|
||||||
"Nascent Ursa",
|
"Nascent Ursa",
|
||||||
"Nodaria"
|
"Nodaria",
|
||||||
|
"FROZENVISTA"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f",
|
"uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f",
|
||||||
|
|
Loading…
Reference in a new issue