misp-galaxy/clusters/mitre-pre-attack-intrusion-set.json

359 lines
No EOL
12 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"authors": [
"MITRE"
],
"category": "actor",
"description": "Name of ATT&CK Group",
"name": "Pre Attack - intrusion Set",
"source": "https://github.com/mitre/cti",
"type": "mitre-pre-attack-intrusion-set",
"uuid": "1fdc8fa2-1708-11e8-99a3-67b4efc13c4f",
"values": [
{
"description": "APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. (Citation: FireEye EPS Awakens Part 2)",
"meta": {
"external_id": "G0023",
"refs": [
"https://attack.mitre.org/wiki/Group/G0023",
"https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html"
],
"synonyms": [
"APT16"
]
},
"related": [
{
"dest-uuid": "3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
"value": "APT16 - G0023"
},
{
"description": "APT28 is a threat group that has been attributed to the Russian government. (Citation: FireEye APT28) (Citation: SecureWorks TG-4127) (Citation: FireEye APT28) January 2017 (Citation: GRIZZLY STEPPE JAR) This group reportedly compromised the Democratic National Committee in April 2016. (Citation: Crowdstrike DNC June 2016)",
"meta": {
"external_id": "G0007",
"refs": [
"https://attack.mitre.org/wiki/Group/G0007",
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/",
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf",
"https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign"
],
"synonyms": [
"APT28",
"Sednit",
"Sofacy",
"Pawn Storm",
"Fancy Bear",
"STRONTIUM",
"Tsar Team",
"Threat Group-4127",
"TG-4127"
]
},
"related": [
{
"dest-uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "62b8c999-dcc0-4755-bd69-09442d9359f5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
"value": "APT28 - G0007"
},
{
"description": "Cleaver is a threat group that has been attributed to Iranian actors and is responsible for activity tracked as Operation Cleaver. (Citation: Cylance Cleaver) Strong circumstantial evidence suggests Cleaver is linked to Threat Group 2889 (TG-2889). (Citation: Dell Threat Group 2889)",
"meta": {
"external_id": "G0003",
"refs": [
"https://attack.mitre.org/wiki/Group/G0003",
"https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance%20Operation%20Cleaver%20Report.pdf",
"http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/"
],
"synonyms": [
"Cleaver",
"TG-2889",
"Threat Group 2889"
]
},
"related": [
{
"dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
"value": "Cleaver - G0003"
},
{
"description": "APT12 is a threat group that has been attributed to China. (Citation: Meyers Numbered Panda)",
"meta": {
"external_id": "G0005",
"refs": [
"https://attack.mitre.org/wiki/Group/G0005",
"http://www.crowdstrike.com/blog/whois-numbered-panda/"
],
"synonyms": [
"APT12",
"IXESHE",
"DynCalc",
"Numbered Panda",
"DNSCALC"
]
},
"related": [
{
"dest-uuid": "48146604-6693-4db1-bd94-159744726514",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "8beac7c2-48d2-4cd9-9b15-6c452f38ac06",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "ad4f146f-e3ec-444a-ba71-24bffd7f0f8e",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
"value": "APT12 - G0005"
},
{
"description": "APT1 is a Chinese threat group that has been attributed to the 2nd Bureau of the Peoples Liberation Army (PLA) General Staff Departments (GSD) 3rd Department, commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398. (Citation: Mandiant APT1)",
"meta": {
"external_id": "G0006",
"refs": [
"https://attack.mitre.org/wiki/Group/G0006",
"https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf"
],
"synonyms": [
"APT1",
"Comment Crew",
"Comment Group",
"Comment Panda"
]
},
"related": [
{
"dest-uuid": "1cb7e1cc-d695-42b1-92f4-fd0112a3c9be",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
"value": "APT1 - G0006"
},
{
"description": "Night Dragon is a campaign name for activity involving threat group that has conducted activity originating primarily in China. (Citation: McAfee Night Dragon) The activity from this group is also known as Musical Chairs. (Citation: Arbor Musical Chairs Feb 2018)",
"meta": {
"external_id": "G0014",
"refs": [
"https://attack.mitre.org/wiki/Group/G0014",
"https://securingtomorrow.mcafee.com/wp-content/uploads/2011/02/McAfee%20NightDragon%20wp%20draft%20to%20customersv1-1.pdf",
"https://www.arbornetworks.com/blog/asert/musical-chairs-playing-tetris/"
],
"synonyms": [
"Night Dragon",
"Musical Chairs"
]
},
"related": [
{
"dest-uuid": "b3714d59-b61e-4713-903a-9b4f04ae7f3d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
"value": "Night Dragon - G0014"
},
{
"description": "APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. (Citation: FireEye APT17)",
"meta": {
"external_id": "G0025",
"refs": [
"https://attack.mitre.org/wiki/Group/G0025",
"https://www2.fireeye.com/rs/fireye/images/APT17%20Report.pdf"
],
"synonyms": [
"APT17",
"Deputy Dog"
]
},
"related": [
{
"dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
"value": "APT17 - G0025"
}
],
"version": 7
}