mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
update threat actors
This commit is contained in:
parent
f4cf3464ce
commit
f48167ce77
1 changed files with 21 additions and 4 deletions
|
@ -1760,14 +1760,25 @@
|
||||||
"https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf",
|
"https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf",
|
||||||
"https://securelist.com/blog/software/74503/freezer-paper-around-free-meat/",
|
"https://securelist.com/blog/software/74503/freezer-paper-around-free-meat/",
|
||||||
"https://www.verfassungsschutz.de/download/broschuere-2016-10-bfv-cyber-brief-2016-04.pdf",
|
"https://www.verfassungsschutz.de/download/broschuere-2016-10-bfv-cyber-brief-2016-04.pdf",
|
||||||
"https://www.cfr.org/interactive/cyber-operations/newscaster"
|
"https://www.cfr.org/interactive/cyber-operations/newscaster",
|
||||||
|
"https://www.washingtontimes.com/news/2014/may/29/iranian-hackers-sucker-punch-us-defense-heads-crea/",
|
||||||
|
"https://securelist.com/freezer-paper-around-free-meat/74503/",
|
||||||
|
"https://www.scmagazine.com/home/security-news/cybercrime/hbo-breach-accomplished-with-hard-work-by-hacker-poor-security-practices-by-victim/",
|
||||||
|
"http://www.arabnews.com/node/1195681/media",
|
||||||
|
"https://cyware.com/news/iranian-apt-charming-kitten-impersonates-clearsky-the-security-firm-that-uncovered-its-campaigns-7fea0b4f",
|
||||||
|
"https://blog.certfa.com/posts/the-return-of-the-charming-kitten/",
|
||||||
|
"https://www.justice.gov/opa/pr/former-us-counterintelligence-agent-charged-espionage-behalf-iran-four-iranians-charged-cyber",
|
||||||
|
"https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/",
|
||||||
|
"https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf",
|
||||||
|
"https://attack.mitre.org/groups/G0058/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Newscaster",
|
"Newscaster",
|
||||||
"Parastoo",
|
"Parastoo",
|
||||||
"iKittens",
|
"iKittens",
|
||||||
"Group 83",
|
"Group 83",
|
||||||
"Newsbeef"
|
"Newsbeef",
|
||||||
|
"NewsBeef"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -6503,10 +6514,16 @@
|
||||||
"description": "APT39 was created to bring together previous activities and methods used by this actor, and its activities largely align with a group publicly referred to as \"Chafer.\" However, there are differences in what has been publicly reported due to the variances in how organizations track activity. APT39 primarily leverages the SEAWEED and CACHEMONEY backdoors along with a specific variant of the POWBAT backdoor. While APT39's targeting scope is global, its activities are concentrated in the Middle East. APT39 has prioritized the telecommunications sector, with additional targeting of the travel industry and IT firms that support it and the high-tech industry.",
|
"description": "APT39 was created to bring together previous activities and methods used by this actor, and its activities largely align with a group publicly referred to as \"Chafer.\" However, there are differences in what has been publicly reported due to the variances in how organizations track activity. APT39 primarily leverages the SEAWEED and CACHEMONEY backdoors along with a specific variant of the POWBAT backdoor. While APT39's targeting scope is global, its activities are concentrated in the Middle East. APT39 has prioritized the telecommunications sector, with additional targeting of the travel industry and IT firms that support it and the high-tech industry.",
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html"
|
"https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html",
|
||||||
|
"https://www.symantec.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions",
|
||||||
|
"https://unit42.paloaltonetworks.com/new-python-based-payload-mechaflounder-used-by-chafer/",
|
||||||
|
"https://securelist.com/chafer-used-remexi-malware/89538/",
|
||||||
|
"https://www.symantec.com/connect/blogs/iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets",
|
||||||
|
"https://attack.mitre.org/groups/G0087/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"APT 39"
|
"APT 39",
|
||||||
|
"Chafer"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "c2c64bd3-a325-446f-91a8-b4c0f173a30b",
|
"uuid": "c2c64bd3-a325-446f-91a8-b4c0f173a30b",
|
||||||
|
|
Loading…
Reference in a new issue