Merge pull request #819 from danielplohmann/patch-29

adding Google names for RU threat actors
This commit is contained in:
Alexandre Dulaunoy 2023-02-16 14:43:05 +01:00 committed by GitHub
commit d609ff16c0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -2160,7 +2160,8 @@
"https://www.bleepingcomputer.com/news/security/russian-hackers-use-fake-nato-training-docs-to-breach-govt-networks/", "https://www.bleepingcomputer.com/news/security/russian-hackers-use-fake-nato-training-docs-to-breach-govt-networks/",
"https://quointelligence.eu/2020/09/apt28-zebrocy-malware-campaign-nato-theme/", "https://quointelligence.eu/2020/09/apt28-zebrocy-malware-campaign-nato-theme/",
"https://unit42.paloaltonetworks.com/atoms/fighting-ursa/", "https://unit42.paloaltonetworks.com/atoms/fighting-ursa/",
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag" "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
], ],
"synonyms": [ "synonyms": [
"Pawn Storm", "Pawn Storm",
@ -2183,7 +2184,8 @@
"TA422", "TA422",
"T-APT-12", "T-APT-12",
"APT-C-20", "APT-C-20",
"UAC-0028" "UAC-0028",
"FROZENLAKE"
] ]
}, },
"related": [ "related": [
@ -2336,7 +2338,8 @@
"https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/", "https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/",
"https://www.secureworks.com/research/threat-profiles/iron-hunter", "https://www.secureworks.com/research/threat-profiles/iron-hunter",
"https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/", "https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/",
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag" "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
], ],
"synonyms": [ "synonyms": [
"Snake", "Snake",
@ -2357,7 +2360,8 @@
"ATK13", "ATK13",
"G0010", "G0010",
"ITG12", "ITG12",
"Blue Python" "Blue Python",
"SUMMIT"
] ]
}, },
"related": [ "related": [
@ -2494,7 +2498,8 @@
"https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine", "https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine",
"https://www.welivesecurity.com/2017/05/23/xdata-ransomware-making-rounds-amid-global-wannacryptor-scare", "https://www.welivesecurity.com/2017/05/23/xdata-ransomware-making-rounds-amid-global-wannacryptor-scare",
"https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine", "https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine",
"https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back" "https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
], ],
"synonyms": [ "synonyms": [
"Quedagh", "Quedagh",
@ -2505,7 +2510,8 @@
"ELECTRUM", "ELECTRUM",
"TeleBots", "TeleBots",
"IRIDIUM", "IRIDIUM",
"Blue Echidna" "Blue Echidna",
"FROZENBARENTS"
] ]
}, },
"related": [ "related": [
@ -8248,11 +8254,13 @@
"https://twitter.com/hatr/status/1377220336597483520", "https://twitter.com/hatr/status/1377220336597483520",
"https://www.mandiant.com/resources/unc1151-linked-to-belarus-government", "https://www.mandiant.com/resources/unc1151-linked-to-belarus-government",
"https://www.bleepingcomputer.com/news/security/meta-ukrainian-officials-military-targeted-by-ghostwriter-hackers", "https://www.bleepingcomputer.com/news/security/meta-ukrainian-officials-military-targeted-by-ghostwriter-hackers",
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag" "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
], ],
"synonyms": [ "synonyms": [
"UNC1151", "UNC1151",
"TA445" "TA445",
"PUSHCHA"
] ]
}, },
"uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5", "uuid": "749aaa11-f0fd-416b-bf6c-112f9b5930a5",
@ -8955,14 +8963,16 @@
"https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/", "https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/",
"https://www.sentinelone.com/blog/threat-actor-uac-0056-targeting-ukraine-with-fake-translation-software/", "https://www.sentinelone.com/blog/threat-actor-uac-0056-targeting-ukraine-with-fake-translation-software/",
"https://unit42.paloaltonetworks.com/atoms/nascentursa/", "https://unit42.paloaltonetworks.com/atoms/nascentursa/",
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer" "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer",
"https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/"
], ],
"synonyms": [ "synonyms": [
"UNC2589", "UNC2589",
"TA471", "TA471",
"UAC-0056", "UAC-0056",
"Nascent Ursa", "Nascent Ursa",
"Nodaria" "Nodaria",
"FROZENVISTA"
] ]
}, },
"uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f", "uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f",