adding targeted sectors

This commit is contained in:
Delta-Sierra 2023-09-15 10:21:44 +02:00
parent 214ac5d329
commit db23d6eb4c

View file

@ -2982,6 +2982,11 @@
"https://www.kaspersky.com/blog/financial-trojans-2019/25690/", "https://www.kaspersky.com/blog/financial-trojans-2019/25690/",
"https://www.welivesecurity.com/2015/04/09/operation-buhtrap/", "https://www.welivesecurity.com/2015/04/09/operation-buhtrap/",
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf" "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf"
],
"targeted-sector": [
"Bank",
"Payment",
"Finance"
] ]
}, },
"uuid": "b737c51f-b579-49d5-a907-743b2e6d03cb", "uuid": "b737c51f-b579-49d5-a907-743b2e6d03cb",
@ -3002,6 +3007,11 @@
"synonyms": [ "synonyms": [
"FIN4", "FIN4",
"G0085" "G0085"
],
"targeted-sector": [
"Health",
"Finance",
"Pharmacy"
] ]
}, },
"uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57", "uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57",
@ -3020,7 +3030,10 @@
"description": "This group's activity was first observed in November 2013. It leverages a banking Trojan more commonly known as Shylock which aims to compromise online banking credentials and credentials related to Bitcoin wallets.", "description": "This group's activity was first observed in November 2013. It leverages a banking Trojan more commonly known as Shylock which aims to compromise online banking credentials and credentials related to Bitcoin wallets.",
"meta": { "meta": {
"attribution-confidence": "50", "attribution-confidence": "50",
"country": "RU" "country": "RU",
"targeted-sector": [
"Bank"
]
}, },
"uuid": "7dd7a8df-9012-4d14-977f-b3f9f71266b4", "uuid": "7dd7a8df-9012-4d14-977f-b3f9f71266b4",
"value": "SHARK SPIDER" "value": "SHARK SPIDER"
@ -3032,6 +3045,10 @@
"country": "RU", "country": "RU",
"refs": [ "refs": [
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf" "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
],
"targeted-sector": [
"Manufacturing",
"Industrial"
] ]
}, },
"uuid": "db774b7d-a0ee-4375-b24e-fd278f5ab2fd", "uuid": "db774b7d-a0ee-4375-b24e-fd278f5ab2fd",
@ -3264,6 +3281,10 @@
"APT-C-35", "APT-C-35",
"SectorE02", "SectorE02",
"Orange Kala" "Orange Kala"
],
"targeted-sector": [
"Government, Administration",
"Security Service"
] ]
}, },
"related": [ "related": [
@ -3364,6 +3385,14 @@
"synonyms": [ "synonyms": [
"SyrianElectronicArmy", "SyrianElectronicArmy",
"SEA" "SEA"
],
"targeted-sector": [
"Country",
"Defense",
"Opposition",
"Political party",
"News - Media",
"Government, Administration"
] ]
}, },
"uuid": "4265d44e-8372-4ed0-b428-b331a5443d7d", "uuid": "4265d44e-8372-4ed0-b428-b331a5443d7d",
@ -3403,6 +3432,11 @@
"TMP.Lapis", "TMP.Lapis",
"Green Havildar", "Green Havildar",
"COPPER FIELDSTONE" "COPPER FIELDSTONE"
],
"targeted-sector": [
"Activists",
"Civil society",
"Military"
] ]
}, },
"related": [ "related": [
@ -3447,6 +3481,12 @@
"synonyms": [ "synonyms": [
"FruityArmor", "FruityArmor",
"G0038" "G0038"
],
"targeted-sector": [
"Activists",
"Dissidents",
"Journalist",
"Civil society"
] ]
}, },
"related": [ "related": [
@ -3516,6 +3556,10 @@
"G0040", "G0040",
"Orange Athos", "Orange Athos",
"Thirsty Gemini" "Thirsty Gemini"
],
"targeted-sector": [
"Finance",
"Diplomacy"
] ]
}, },
"related": [ "related": [
@ -3558,6 +3602,9 @@
"synonyms": [ "synonyms": [
"G0029", "G0029",
"Golfing Taurus" "Golfing Taurus"
],
"targeted-sector": [
"Activists"
] ]
}, },
"related": [ "related": [
@ -3683,6 +3730,9 @@
"Sauron", "Sauron",
"Project Sauron", "Project Sauron",
"G0041" "G0041"
],
"targeted-sector": [
"Intelligence"
] ]
}, },
"related": [ "related": [
@ -3727,6 +3777,9 @@
], ],
"synonyms": [ "synonyms": [
"G0036" "G0036"
],
"targeted-sector": [
"Bank"
] ]
}, },
"related": [ "related": [
@ -3825,7 +3878,10 @@
"description": "Libyan Scorpions is a malware operation in use since September 2015 and operated by a politically motivated group whose main objective is intelligence gathering, spying on influentials and political figures and operate an espionage campaign within Libya.", "description": "Libyan Scorpions is a malware operation in use since September 2015 and operated by a politically motivated group whose main objective is intelligence gathering, spying on influentials and political figures and operate an espionage campaign within Libya.",
"meta": { "meta": {
"attribution-confidence": "50", "attribution-confidence": "50",
"country": "LY" "country": "LY",
"targeted-sector": [
"Intelligence"
]
}, },
"uuid": "815cbe98-e157-4078-9caa-c5a25dd64731", "uuid": "815cbe98-e157-4078-9caa-c5a25dd64731",
"value": "Libyan Scorpions" "value": "Libyan Scorpions"
@ -3911,6 +3967,15 @@
"ATK40", "ATK40",
"G0049", "G0049",
"Evasive Serpens" "Evasive Serpens"
],
"targeted-sector": [
"Chemical",
"Energy",
"engineering",
"Finance",
"Government, Administration",
"Telecoms",
"Other"
] ]
}, },
"related": [ "related": [
@ -4059,6 +4124,10 @@
], ],
"suspected-victims": [ "suspected-victims": [
"Ukraine" "Ukraine"
],
"targeted-sector": [
"Think Tanks",
"Government, Administration"
] ]
}, },
"uuid": "3d5192f2-f235-46fd-aa68-dd00cc17d632", "uuid": "3d5192f2-f235-46fd-aa68-dd00cc17d632",
@ -4069,6 +4138,9 @@
"meta": { "meta": {
"refs": [ "refs": [
"https://blogs.technet.microsoft.com/mmpc/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/" "https://blogs.technet.microsoft.com/mmpc/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/"
],
"targeted-sector": [
"Energy"
] ]
}, },
"related": [ "related": [