mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
Merged STALKER PANDA to Tick
This commit is contained in:
parent
89b9c0c32c
commit
faed812fc9
1 changed files with 5 additions and 15 deletions
|
@ -82,18 +82,6 @@
|
||||||
"uuid": "1cb7e1cc-d695-42b1-92f4-fd0112a3c9be",
|
"uuid": "1cb7e1cc-d695-42b1-92f4-fd0112a3c9be",
|
||||||
"value": "Comment Crew"
|
"value": "Comment Crew"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"description": "The group appears to have close ties to the Chinese National University of Defense and Technology, which is possibly linked to the PLA. Stalker Panda has been observed conducting targeted attacks against Japan, Taiwan, Hong Kong, and the United States. The attacks appear to be centered on political, media, and engineering sectors. The group appears to have been active since around 2010 and they maintain and upgrade their tools regularly.",
|
|
||||||
"meta": {
|
|
||||||
"attribution-confidence": "50",
|
|
||||||
"country": "CN",
|
|
||||||
"refs": [
|
|
||||||
"https://wikileaks.org/vault7/document/2015-08-20150814-256-CSIR-15005-Stalker-Panda/2015-08-20150814-256-CSIR-15005-Stalker-Panda.pdf"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"uuid": "36843742-adf1-427c-a7c0-067d74b4aeaf",
|
|
||||||
"value": "Stalker Panda"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"description": "These attackers were the subject of an extensive report by Symantec in 2011, which termed the attackers Nitro and stated: 'The goal of the attackers appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes. In addition, the same attackers appear to have a lengthy operation history including attacks on other industries and organizations. Attacks on the chemical industry are merely their latest attack wave. As part of our investigations, we were also able to identify and contact one of the attackers to try and gain insights into the motivations behind these attacks.' Palo Alto Networks reported on continued activity by the attackers in 2014. ",
|
"description": "These attackers were the subject of an extensive report by Symantec in 2011, which termed the attackers Nitro and stated: 'The goal of the attackers appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes. In addition, the same attackers appear to have a lengthy operation history including attacks on other industries and organizations. Attacks on the chemical industry are merely their latest attack wave. As part of our investigations, we were also able to identify and contact one of the attackers to try and gain insights into the motivations behind these attacks.' Palo Alto Networks reported on continued activity by the attackers in 2014. ",
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -4774,7 +4762,7 @@
|
||||||
"value": "APT 22"
|
"value": "APT 22"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"description": "This threat actor targets organizations in the critical infrastructure, heavy industry, manufacturing, and international relations sectors for espionage purposes.",
|
"description": "Tick is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group appears to have close ties to the Chinese National University of Defense and Technology, which is possibly linked to the PLA. This threat actor targets organizations in the critical infrastructure, heavy industry, manufacturing, and international relations sectors for espionage purposes. The attacks appear to be centered on political, media, and engineering sectors. STALKER PANDA has been observed conducting targeted attacks against Japan, Taiwan, Hong Kong, and the United States.",
|
||||||
"meta": {
|
"meta": {
|
||||||
"attribution-confidence": "50",
|
"attribution-confidence": "50",
|
||||||
"cfr-suspected-state-sponsor": "China",
|
"cfr-suspected-state-sponsor": "China",
|
||||||
|
@ -4790,6 +4778,7 @@
|
||||||
"cfr-type-of-incident": "Espionage",
|
"cfr-type-of-incident": "Espionage",
|
||||||
"country": "CN",
|
"country": "CN",
|
||||||
"refs": [
|
"refs": [
|
||||||
|
"https://wikileaks.org/vault7/document/2015-08-20150814-256-CSIR-15005-Stalker-Panda/2015-08-20150814-256-CSIR-15005-Stalker-Panda. pdf",
|
||||||
"https://www.symantec.com/connect/blogs/tick-cyberespionage-group-zeros-japan",
|
"https://www.symantec.com/connect/blogs/tick-cyberespionage-group-zeros-japan",
|
||||||
"https://www.secureworks.jp/resources/rp-bronze-butler",
|
"https://www.secureworks.jp/resources/rp-bronze-butler",
|
||||||
"https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-attacks/",
|
"https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-attacks/",
|
||||||
|
@ -4801,8 +4790,9 @@
|
||||||
"https://www.secureworks.com/research/threat-profiles/bronze-butler"
|
"https://www.secureworks.com/research/threat-profiles/bronze-butler"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Bronze Butler",
|
"BRONZE BUTLER",
|
||||||
"RedBaldKnight"
|
"REDBALDKNIGHT",
|
||||||
|
"STALKER PANDA"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
|
Loading…
Reference in a new issue