add cfr data

This commit is contained in:
Deborah Servili 2018-08-27 15:29:16 +02:00
parent d1940b6a69
commit f14dd27315
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1
3 changed files with 183 additions and 12 deletions

View file

@ -4464,7 +4464,16 @@
] ]
}, },
"uuid": "72c37e24-4ead-11e8-8f08-db3ec8f8db86§", "uuid": "72c37e24-4ead-11e8-8f08-db3ec8f8db86§",
"value": "HenBox" "value": "HenBox",
"related": [
{
"dest-uuid": "36ee04f4-a9df-11e8-b92b-d7ddfd3a8896",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
]
}, },
{ {
"description": "Cybercriminals are currently developing a new strain of malware targeting Android devices which blends the features of a banking trojan, keylogger, and mobile ransomware.", "description": "Cybercriminals are currently developing a new strain of malware targeting Android devices which blends the features of a banking trojan, keylogger, and mobile ransomware.",
@ -4487,5 +4496,5 @@
"value": "Skygofree" "value": "Skygofree"
} }
], ],
"version": 11 "version": 12
} }

View file

@ -203,6 +203,29 @@
}, },
"uuid": "2d19c573-252b-49d8-8c2e-3b529b91e72d", "uuid": "2d19c573-252b-49d8-8c2e-3b529b91e72d",
"value": "ZIRCONIUM" "value": "ZIRCONIUM"
},
{
"value": "https://www.cfr.org/interactive/cyber-operations/mythic-leopard",
"description": "This threat actor uses social engineering and spear phishing to target military and defense organizations in India, for the purpose of espionage.",
"meta": {
"refs": [
"https://www.cfr.org/interactive/cyber-operations/mythic-leopard"
],
"cfr-suspected-victims": [
"India"
],
"cfr-suspected-state-sponsor": "Pakistan",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Government",
"Private sector"
],
"synonyms": [
"C-Major",
"Transparent Tribe"
]
},
"uuid": "2a410eea-a9da-11e8-b404-37b7060746c8"
} }
], ],
"version": 5 "version": 5

View file

@ -5057,20 +5057,32 @@
"value": "ALLANITE" "value": "ALLANITE"
}, },
{ {
"description": "Adversaries abusing ICS (based on Dragos Inc adversary list).", "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).\nThis threat actor targets organizations involved in oil, gas, and electricity production, primarily in the Gulf region, for espionage purposes. According to one cybersecurity company, the threat actor “compromises a target machine and passes it off to another threat actor for further exploitation.”",
"meta": { "meta": {
"capabilities": "Watering holes, 64-bit malware, covert C2 via IPv6 DNS, ISMDOOR", "capabilities": "Watering holes, 64-bit malware, covert C2 via IPv6 DNS, ISMDOOR",
"mode-of-operation": "IT compromise, information gathering and recon against industrial orgs", "mode-of-operation": "IT compromise, information gathering and recon against industrial orgs",
"refs": [ "refs": [
"https://dragos.com/adversaries.html", "https://dragos.com/adversaries.html",
"https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf" "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf",
"https://www.cfr.org/interactive/cyber-operations/chrysene"
], ],
"since": "2017", "since": "2017",
"synonyms": [ "synonyms": [
"OilRig", "OilRig",
"Greenbug" "Greenbug"
], ],
"victimology": "Oil and Gas, Manufacturing, Europe, MENA, North America" "victimology": "Oil and Gas, Manufacturing, Europe, MENA, North America",
"cfr-suspected-victims": [
"Iraq",
"United Kingdom",
"Pakistan",
"Israel"
],
"cfr-suspected-state-sponsor": "Unknown",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Private sector"
]
}, },
"related": [ "related": [
{ {
@ -5162,20 +5174,29 @@
"value": "CHRYSENE" "value": "CHRYSENE"
}, },
{ {
"description": "Adversaries abusing ICS (based on Dragos Inc adversary list).", "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).\nThis threat actor compromises the networks of companies involved in electric power, specifically looking for intellectual property and information about the companies operations.",
"meta": { "meta": {
"capabilities": "Encoded binaries in documents, evasion techniques", "capabilities": "Encoded binaries in documents, evasion techniques",
"mode-of-operation": "IT compromise with hardened anti-analysis malware against industrial orgs", "mode-of-operation": "IT compromise with hardened anti-analysis malware against industrial orgs",
"refs": [ "refs": [
"https://dragos.com/adversaries.html", "https://dragos.com/adversaries.html",
"https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf" "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf",
"https://www.cfr.org/interactive/cyber-operations/covellite"
], ],
"since": "2017", "since": "2017",
"synonyms": [ "synonyms": [
"Lazarus", "Lazarus",
"Hidden Cobra" "Hidden Cobra"
], ],
"victimology": "Electric Utilities, US" "victimology": "Electric Utilities, US",
"cfr-suspected-victims": [
"United States"
],
"cfr-suspected-state-sponsor": "Unknown",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Private sector"
]
}, },
"related": [ "related": [
{ {
@ -5197,20 +5218,29 @@
"value": "COVELLITE" "value": "COVELLITE"
}, },
{ {
"description": "Adversaries abusing ICS (based on Dragos Inc adversary list).", "description": "Adversaries abusing ICS (based on Dragos Inc adversary list).\nThis threat actor targets industrial control systems in Turkey, Europe, and North America.\n Believed to be linked to Crouching Yeti",
"meta": { "meta": {
"capabilities": "GOODOR, DORSHEL, KARAGANY, Mimikatz", "capabilities": "GOODOR, DORSHEL, KARAGANY, Mimikatz",
"mode-of-operation": "Deep ICS environment information gathering, operator credentials, industrial process details", "mode-of-operation": "Deep ICS environment information gathering, operator credentials, industrial process details",
"refs": [ "refs": [
"https://dragos.com/adversaries.html", "https://dragos.com/adversaries.html",
"https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf" "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf",
"https://www.cfr.org/interactive/cyber-operations/dymalloy"
], ],
"since": "2016", "since": "2016",
"synonyms": [ "synonyms": [
"Dragonfly2", "Dragonfly2",
"Berserker Bear" "Berserker Bear"
], ],
"victimology": "Turkey, Europe, US" "victimology": "Turkey, Europe, US",
"cfr-suspected-victims": [
"Turkey"
],
"cfr-suspected-state-sponsor": "Unknown",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Private sector"
]
}, },
"uuid": "a08ab076-33c1-4350-b021-650c34277f2d", "uuid": "a08ab076-33c1-4350-b021-650c34277f2d",
"value": "DYMALLOY" "value": "DYMALLOY"
@ -5303,6 +5333,26 @@
"Bronze Union", "Bronze Union",
"ZipToken", "ZipToken",
"Iron Tiger" "Iron Tiger"
],
"cfr-suspected-victims": [
"United States",
"Japan",
"Taiwan",
"India",
"Canada",
"China",
"Thailand",
"Israel",
"Australia",
"Republic of Korea",
"Russia",
"Iran"
],
"cfr-suspected-state-sponsor": "Unknown",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Government",
"Private sector"
] ]
}, },
"related": [ "related": [
@ -5561,7 +5611,96 @@
"type": "similar" "type": "similar"
} }
] ]
},
{
"value": "HenBox",
"description": "This threat actor targets Uighurs—a minority ethnic group located primarily in northwestern China—and devices from Chinese mobile phone manufacturer Xiaomi, for espionage purposes.",
"meta": {
"refs": [
"https://www.cfr.org/interactive/cyber-operations/henbox"
],
"cfr-suspected-victims": [
"Uighurs"
],
"cfr-suspected-state-sponsor": "China",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Civil society"
]
},
"uuid": "36ee04f4-a9df-11e8-b92b-d7ddfd3a8896",
"related": [
{
"dest-uuid": "72c37e24-4ead-11e8-8f08-db3ec8f8db86§",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
]
},
{
"value": "Mustang Panda",
"description": "This threat actor targets nongovernmental organizations using Mongolian-themed lures for espionage purposes.",
"meta": {
"refs": [
"https://www.cfr.org/interactive/cyber-operations/mustang-panda"
],
"cfr-suspected-victims": [
"United States"
],
"cfr-suspected-state-sponsor": "China",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Civil society"
]
},
"uuid": "78bf726c-a9e6-11e8-9e43-77249a2f7339"
},
{
"value": "Thrip",
"description": "This threat actor targets organizations in the satellite communications, telecommunications, geospatial-imaging, and defense sectors in the United States and Southeast Asia for espionage purposes.",
"meta": {
"refs": [
"https://www.cfr.org/interactive/cyber-operations/thrip"
],
"cfr-suspected-victims": [
"United States"
],
"cfr-suspected-state-sponsor": "Unknown",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Private sector"
]
},
"uuid": "98be4300-a9ef-11e8-9a95-bb9221083cfc"
},
{
"value": " Stealth Mango and Tangelo ",
"description": "This threat actor targets organizations in the satellite communications, telecommunications, geospatial-imaging, and defense sectors in the United States and Southeast Asia for espionage purposes.",
"meta": {
"refs": [
"https://www.cfr.org/interactive/cyber-operations/stealth-mango-and-tangelo"
],
"cfr-suspected-victims": [
"Pakistan",
"Iraq",
"Australia",
"Afghanistan",
"United Arab Emirates",
"Germany",
"India",
"United States"
],
"cfr-suspected-state-sponsor": "Pakistan",
"cfr-type-of-incident": "Espionage",
"cfr-target-category": [
"Government",
"Civil society"
]
},
"uuid": "f82b352e-a9f8-11e8-8be8-fbcf6eddd58c"
} }
], ],
"version": 54 "version": 55
} }