MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #765 from Mathieu4141/threat-actors/fix-xenotime

Browse source 
[threat-actors] Remove Xenotime duplicate
This commit is contained in:
Alexandre Dulaunoy 2022-09-13 20:47:03 +02:00 committed by GitHub
commit fe782d93dc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
clusters/threat-actor.json
View file

@ -5708,21 +5708,6 @@
"uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", "uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1",
"value": "CHRYSENE" "value": "CHRYSENE"
}, },
{
"description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
"meta": {
"capabilities": "TRISIS, custom credential harvesting",
"mode-of-operation": "Focused on physical destruction and long-term persistence",
"refs": [
"https://dragos.com/adversaries.html"
],
"since": "2014",
"synonyms": [],
"victimology": "Oil and Gas, Middle East"
},
"uuid": "3dddc77e-a52a-466a-bf1c-1463e352077f",
"value": "XENOTIME"
},
{ {
"description": "ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind ZooPark infect Android devices using several generations of malware we label from v1-v4, with v4 being the most recent version deployed in 2017.", "description": "ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind ZooPark infect Android devices using several generations of malware we label from v1-v4, with v4 being the most recent version deployed in 2017.",
"meta": { "meta": {
@ -7124,16 +7109,22 @@
{ {
"description": "TEMP.Veles is a Russia-based threat group that has targeted critical infrastructure. The group has been observed utilizing TRITON, a malware framework designed to manipulate industrial safety systems.", "description": "TEMP.Veles is a Russia-based threat group that has targeted critical infrastructure. The group has been observed utilizing TRITON, a malware framework designed to manipulate industrial safety systems.",
"meta": { "meta": {
"capabilities": "TRISIS, custom credential harvesting",
"mode-of-operation": "Focused on physical destruction and long-term persistence",
"refs": [ "refs": [
"https://dragos.com/resource/trisis-analyzing-safety-system-targeting-malware/", "https://dragos.com/resource/trisis-analyzing-safety-system-targeting-malware/",
"https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html", "https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html",
"https://attack.mitre.org/groups/G0088/" "https://attack.mitre.org/groups/G0088/",
"https://cyberthreat.thalesgroup.com/attackers/ATK91",
"https://www.dragos.com/threat/xenotime/"
], ],
"since": "2014",
"synonyms": [ "synonyms": [
"Xenotime", "Xenotime",
"G0088", "G0088",
"ATK91" "ATK91"
] ],
"victimology": "Oil and Gas, Middle East"
}, },
"uuid": "90abfc42-91c6-11e9-89b1-af58de8f7ec2", "uuid": "90abfc42-91c6-11e9-89b1-af58de8f7ec2",
"value": "TEMP.Veles" "value": "TEMP.Veles"