mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
Merge pull request #563 from r0ny123/patch-1
This commit is contained in:
Steve Clement
GitHub
commit
df6bed3d3a
1 changed files with 15 additions and 64 deletions
|
|
@ -606,13 +606,6 @@
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
],
|
],
|
||||||
"type": "similar"
|
"type": "similar"
|
||||||
},
|
|
||||||
{
|
|
||||||
"dest-uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b",
|
|
||||||
"tags": [
|
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
|
||||||
],
|
|
||||||
"type": "similar"
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c",
|
"uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c",
|
||||||
|
|
@ -982,15 +975,11 @@
|
||||||
"http://www.crowdstrike.com/blog/cyber-deterrence-in-action-a-story-of-one-long-hurricane-panda-campaign/",
|
"http://www.crowdstrike.com/blog/cyber-deterrence-in-action-a-story-of-one-long-hurricane-panda-campaign/",
|
||||||
"https://www.crowdstrike.com/blog/crowdstrike-discovers-use-64-bit-zero-day-privilege-escalation-exploit-cve-2014-4113-hurricane-panda/",
|
"https://www.crowdstrike.com/blog/crowdstrike-discovers-use-64-bit-zero-day-privilege-escalation-exploit-cve-2014-4113-hurricane-panda/",
|
||||||
"https://www.crowdstrike.com/blog/storm-chasing/",
|
"https://www.crowdstrike.com/blog/storm-chasing/",
|
||||||
"https://www.crowdstrike.com/blog/cyber-deterrence-in-action-a-story-of-one-long-hurricane-panda-campaign/",
|
"https://www.crowdstrike.com/blog/cyber-deterrence-in-action-a-story-of-one-long-hurricane-panda-campaign/"
|
||||||
"https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf"
|
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Black Vine",
|
"Black Vine",
|
||||||
"TEMP.Avengers",
|
"TEMP.Avengers"
|
||||||
"Zirconium",
|
|
||||||
"APT 31",
|
|
||||||
"APT31"
|
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
|
@ -1555,16 +1544,11 @@
|
||||||
"cfr-type-of-incident": "Espionage",
|
"cfr-type-of-incident": "Espionage",
|
||||||
"country": "CN",
|
"country": "CN",
|
||||||
"refs": [
|
"refs": [
|
||||||
"http://www.crowdstrike.com/blog/whois-samurai-panda/",
|
"http://www.crowdstrike.com/blog/whois-samurai-panda/"
|
||||||
"https://www.cfr.org/interactive/cyber-operations/sykipot",
|
|
||||||
"https://www.secureworks.com/research/threat-profiles/bronze-edison"
|
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"PLA Navy",
|
"PLA Navy",
|
||||||
"APT4",
|
"Wisp Team"
|
||||||
"APT 4",
|
|
||||||
"Wisp Team",
|
|
||||||
"BRONZE EDISON"
|
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
|
@ -1581,13 +1565,6 @@
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
],
|
],
|
||||||
"type": "similar"
|
"type": "similar"
|
||||||
},
|
|
||||||
{
|
|
||||||
"dest-uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b",
|
|
||||||
"tags": [
|
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
|
||||||
],
|
|
||||||
"type": "similar"
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7",
|
"uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7",
|
||||||
|
|
@ -5151,36 +5128,17 @@
|
||||||
"https://www.alienvault.com/open-threat-exchange/blog/new-sykipot-developments",
|
"https://www.alienvault.com/open-threat-exchange/blog/new-sykipot-developments",
|
||||||
"http://blog.trendmicro.com/trendlabs-security-intelligence/sykipot-now-targeting-us-civil-aviation-sector-information/",
|
"http://blog.trendmicro.com/trendlabs-security-intelligence/sykipot-now-targeting-us-civil-aviation-sector-information/",
|
||||||
"https://www.sans.org/reading-room/whitepapers/malicious/detailed-analysis-sykipot-smartcard-proxy-variant-33919",
|
"https://www.sans.org/reading-room/whitepapers/malicious/detailed-analysis-sykipot-smartcard-proxy-variant-33919",
|
||||||
"https://www.cfr.org/interactive/cyber-operations/sykipot"
|
"https://www.cfr.org/interactive/cyber-operations/sykipot",
|
||||||
|
"https://www.secureworks.com/research/threat-profiles/bronze-edison"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"PLA Navy",
|
"PLA Navy",
|
||||||
|
"APT4",
|
||||||
|
"APT 4",
|
||||||
|
"BRONZE EDISON",
|
||||||
"Sykipot"
|
"Sykipot"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
|
||||||
{
|
|
||||||
"dest-uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648",
|
|
||||||
"tags": [
|
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
|
||||||
],
|
|
||||||
"type": "similar"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"dest-uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c",
|
|
||||||
"tags": [
|
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
|
||||||
],
|
|
||||||
"type": "similar"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"dest-uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7",
|
|
||||||
"tags": [
|
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
|
||||||
],
|
|
||||||
"type": "similar"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b",
|
"uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b",
|
||||||
"value": "Maverick Panda"
|
"value": "Maverick Panda"
|
||||||
},
|
},
|
||||||
|
|
@ -7220,17 +7178,6 @@
|
||||||
"uuid": "7e37be6b-5a94-45f3-bdeb-f494c520eee3",
|
"uuid": "7e37be6b-5a94-45f3-bdeb-f494c520eee3",
|
||||||
"value": "Salty Spider"
|
"value": "Salty Spider"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"description": "This adversary is suspected of continuing to target upstream providers (e.g., law firms and managed service providers) to support additional intrusions against high-profile assets. In 2018, CrowdStrike observed this adversary using spear-phishing, URL 'web bugs' and scheduled tasks to automate credential harvesting.",
|
|
||||||
"meta": {
|
|
||||||
"refs": [
|
|
||||||
"https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/",
|
|
||||||
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"uuid": "d7a41ada-6687-4a6b-8b5c-396808cdd758",
|
|
||||||
"value": "Judgment Panda"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"description": "In the first quarter of 2018, CrowdStrike Intelligence identified NOMAD PANDA activity targeting Central Asian nations with exploit documents built with the 8.t tool.",
|
"description": "In the first quarter of 2018, CrowdStrike Intelligence identified NOMAD PANDA activity targeting Central Asian nations with exploit documents built with the 8.t tool.",
|
||||||
"meta": {
|
"meta": {
|
||||||
|
|
@ -7422,21 +7369,25 @@
|
||||||
"value": "Silent Librarian"
|
"value": "Silent Librarian"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"description": "FireEye characterizes APT31 as an actor specialized on intellectual property theft, focusing on data and projects that make a particular organization competetive in its field. Based on available data (April 2016), FireEye assesses that APT31 conducts network operations at the behest of the Chinese Government.",
|
"description": "FireEye characterizes APT31 as an actor specialized on intellectual property theft, focusing on data and projects that make a particular organization competetive in its field. Based on available data (April 2016), FireEye assesses that APT31 conducts network operations at the behest of the Chinese Government. Also according to Crowdstrike, this adversary is suspected of continuing to target upstream providers (e.g., law firms and managed service providers) to support additional intrusions against high-profile assets. In 2018, CrowdStrike observed this adversary using spear-phishing, URL “web bugs” and scheduled tasks to automate credential harvesting.",
|
||||||
"meta": {
|
"meta": {
|
||||||
"country": "CN",
|
"country": "CN",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/",
|
"https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/",
|
||||||
"https://duo.com/decipher/apt-groups-moving-down-the-supply-chain",
|
"https://duo.com/decipher/apt-groups-moving-down-the-supply-chain",
|
||||||
|
"https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf",
|
||||||
"https://redalert.nshc.net/2019/12/03/threat-actor-targeting-hong-kong-activists",
|
"https://redalert.nshc.net/2019/12/03/threat-actor-targeting-hong-kong-activists",
|
||||||
"https://twitter.com/bkMSFT/status/1201876664667582466",
|
"https://twitter.com/bkMSFT/status/1201876664667582466",
|
||||||
"https://www.secureworks.com/research/bronz-vinewood-uses-hanaloader-to-target-government-supply-chain",
|
"https://www.secureworks.com/research/bronz-vinewood-uses-hanaloader-to-target-government-supply-chain",
|
||||||
"https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains",
|
"https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains",
|
||||||
"https://www.secureworks.com/research/threat-profiles/bronze-vinewood"
|
"https://www.secureworks.com/research/threat-profiles/bronze-vinewood",
|
||||||
|
"https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report",
|
||||||
|
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"APT 31",
|
"APT 31",
|
||||||
"ZIRCONIUM",
|
"ZIRCONIUM",
|
||||||
|
"JUDGMENT PANDA",
|
||||||
"BRONZE VINEWOOD"
|
"BRONZE VINEWOOD"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue