mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
11175 lines
375 KiB
JSON
11175 lines
375 KiB
JSON
{
|
||
"authors": [
|
||
"MITRE"
|
||
],
|
||
"category": "actor",
|
||
"description": "Name of ATT&CK Group",
|
||
"name": "intrusion Set",
|
||
"source": "https://github.com/mitre/cti",
|
||
"type": "mitre-intrusion-set",
|
||
"uuid": "10df003c-7831-11e7-bdb9-971cdd1218df",
|
||
"values": [
|
||
{
|
||
"description": "[Threat Group-3390](https://attack.mitre.org/groups/G0027) is a Chinese threat group that has extensively used strategic Web compromises to target victims. (Citation: Dell TG-3390) The group has been active since at least 2010 and has targeted organizations in the aerospace, government, defense, technology, energy, and manufacturing sectors. (Citation: SecureWorks BRONZE UNION June 2017) (Citation: Securelist LuckyMouse June 2018)",
|
||
"meta": {
|
||
"external_id": "G0027",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0027",
|
||
"https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage",
|
||
"http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/",
|
||
"https://www.secureworks.com/research/bronze-union",
|
||
"https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/may/emissary-panda-a-potential-new-malicious-tool/",
|
||
"https://thehackernews.com/2018/06/chinese-watering-hole-attack.html",
|
||
"https://securelist.com/luckymouse-hits-national-data-center/86083/"
|
||
],
|
||
"synonyms": [
|
||
"Threat Group-3390",
|
||
"TG-3390",
|
||
"Emissary Panda",
|
||
"BRONZE UNION",
|
||
"APT27",
|
||
"Iron Tiger",
|
||
"LuckyMouse"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "834e0acd-d92a-4e38-bb14-dc4159d7cb32",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f1b9f7d6-6ab1-404b-91a6-a1ed1845c045",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "4af45fea-72d3-11e8-846c-d37699506c8d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b2001907-166b-4d71-bb3c-9d26c871de09",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d54416bd-0803-41ca-870a-ce1af7c05638",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c3bce4f4-9795-46c6-976e-8676300bbc39",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "46944654-fcc1-4f63-9dad-628102376586",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a60657fa-e2e7-4f8f-8128-a882534ae8c5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e7eab98d-ae11-4491-bd28-a53ba875865a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "478aa214-2ca7-4ec0-9978-18798e514790",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2e0dd10b-676d-4964-acd0-8a404c92b044",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aabc5ec-eae6-422c-8311-38d45ee9838a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e066bf86-9cfb-407a-9d25-26fd5d91e360",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "fb366179-766c-4a4a-afa1-52bff1fd601c",
|
||
"value": "Threat Group-3390 - G0027"
|
||
},
|
||
{
|
||
"description": "[Threat Group-1314](https://attack.mitre.org/groups/G0028) is an unattributed threat group that has used compromised credentials to log into a victim's remote access infrastructure. (Citation: Dell TG-1314)",
|
||
"meta": {
|
||
"external_id": "G0028",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0028",
|
||
"http://www.secureworks.com/resources/blog/living-off-the-land/"
|
||
],
|
||
"synonyms": [
|
||
"Threat Group-1314",
|
||
"TG-1314"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "d519164e-f5fa-4b8c-a1fb-cf0172ad0983",
|
||
"value": "Threat Group-1314 - G0028"
|
||
},
|
||
{
|
||
"description": "[Dragonfly 2.0](https://attack.mitre.org/groups/G0074) is a suspected Russian group that has targeted government entities and multiple U.S. critical infrastructure sectors since at least March 2016. (Citation: US-CERT TA18-074A) (Citation: Symantec Dragonfly Sept 2017) There is debate over the extent of overlap between [Dragonfly 2.0](https://attack.mitre.org/groups/G0074) and [Dragonfly](https://attack.mitre.org/groups/G0035), but there is sufficient evidence to lead to these being tracked as two separate groups. (Citation: Fortune Dragonfly 2.0 Sept 2017)",
|
||
"meta": {
|
||
"external_id": "G0074",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0074",
|
||
"https://www.us-cert.gov/ncas/alerts/TA18-074A",
|
||
"https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group",
|
||
"http://fortune.com/2017/09/06/hack-energy-grid-symantec/"
|
||
],
|
||
"synonyms": [
|
||
"Dragonfly 2.0",
|
||
"Berserk Bear"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2e0dd10b-676d-4964-acd0-8a404c92b044",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "970cdb5c-02fb-4c38-b17e-d6327cf3c810",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c16e5409-ee53-4d79-afdc-4099dc9292df",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "76d59913-1d24-4992-a8ac-05a3eb093f71",
|
||
"value": "Dragonfly 2.0 - G0074"
|
||
},
|
||
{
|
||
"description": "[Lotus Blossom](https://attack.mitre.org/groups/G0030) is a threat group that has targeted government and military organizations in Southeast Asia. (Citation: Lotus Blossom Jun 2015)",
|
||
"meta": {
|
||
"external_id": "G0030",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0030",
|
||
"https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html",
|
||
"https://securelist.com/the-spring-dragon-apt/70726/"
|
||
],
|
||
"synonyms": [
|
||
"Lotus Blossom",
|
||
"Spring Dragon"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "32fafa69-fe3c-49db-afd4-aac2664bcf0d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "0f862b01-99da-47cc-9bdb-db4a86a95bb1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7551188b-8f91-4d34-8350-0d0c57b2b913",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "88b7dbc2-32d3-4e31-af2f-3fc24e1582d7",
|
||
"value": "Lotus Blossom - G0030"
|
||
},
|
||
{
|
||
"description": "[BRONZE BUTLER](https://attack.mitre.org/groups/G0060) is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in government, biotechnology, electronics manufacturing, and industrial chemistry. (Citation: Trend Micro Daserf Nov 2017) (Citation: Secureworks BRONZE BUTLER Oct 2017)",
|
||
"meta": {
|
||
"external_id": "G0060",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0060",
|
||
"http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-butler-daserf-backdoor-now-using-steganography/",
|
||
"https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses",
|
||
"https://www.symantec.com/connect/blogs/tick-cyberespionage-group-zeros-japan"
|
||
],
|
||
"synonyms": [
|
||
"BRONZE BUTLER",
|
||
"REDBALDKNIGHT",
|
||
"Tick"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "add6554a-815a-4ac3-9b22-9337b9661ab8",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d54416bd-0803-41ca-870a-ce1af7c05638",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3b3cbbe0-6ed3-4334-b543-3ddfd8c5642d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a257ed11-ff3b-4216-8c9d-3938ef57064c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b6b3dfc7-9a81-43ff-ac04-698bad48973a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "519630c5-f03f-4882-825c-3af924935817",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c9703cd3-141c-43a0-a926-380082be5d04",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "93f52415-0fe4-4d3d-896c-fc9b8e88ab90",
|
||
"value": "BRONZE BUTLER - G0060"
|
||
},
|
||
{
|
||
"description": "[Dark Caracal](https://attack.mitre.org/groups/G0070) is threat group that has been attributed to the Lebanese General Directorate of General Security (GDGS) and has operated since at least 2012. (Citation: Lookout Dark Caracal Jan 2018)",
|
||
"meta": {
|
||
"external_id": "G0070",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0070",
|
||
"https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
|
||
],
|
||
"synonyms": [
|
||
"Dark Caracal"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a5528622-3a8a-4633-86ce-8cdaf8423858",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6ff403bc-93e3-48be-8687-e102fdba8c88",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "835a79f1-842d-472d-b8f4-d54b545c341b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d3df754e-997b-4cf9-97d4-70feb3120847",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d21a2069-23d5-4043-ad6d-64f6b644cb1a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a5e91d50-24fa-44ec-9894-39a88f658cea",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
|
||
"value": "Dark Caracal - G0070"
|
||
},
|
||
{
|
||
"description": "[Cobalt Group](https://attack.mitre.org/groups/G0080) is a financially motivated threat group that has primarily targeted financial institutions. The group has conducted intrusions to steal money via targeting ATM systems, card processing, payment systems and SWIFT systems. [Cobalt Group](https://attack.mitre.org/groups/G0080) has mainly targeted banks in Eastern Europe, Central Asia, and Southeast Asia. One of the alleged leaders was arrested in Spain in early 2018, but the group still appears to be active. The group has been known to target organizations in order to use their access to then compromise additional victims. (Citation: Talos Cobalt Group July 2018) (Citation: PTSecurity Cobalt Group Aug 2017) (Citation: PTSecurity Cobalt Dec 2016) (Citation: Group IB Cobalt Aug 2017) (Citation: Proofpoint Cobalt June 2017) (Citation: RiskIQ Cobalt Nov 2017) (Citation: RiskIQ Cobalt Jan 2018) Reporting indicates there may be links between [Cobalt Group](https://attack.mitre.org/groups/G0080) and both the malware [Carbanak](https://attack.mitre.org/software/S0030) and the group [Carbanak](https://attack.mitre.org/groups/G0008). (Citation: Europol Cobalt Mar 2018)",
|
||
"meta": {
|
||
"external_id": "G0080",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0080",
|
||
"https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html",
|
||
"https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-2017-eng.pdf",
|
||
"https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-Snatch-eng.pdf",
|
||
"https://www.group-ib.com/blog/cobalt",
|
||
"https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target",
|
||
"https://www.riskiq.com/blog/labs/cobalt-strike/",
|
||
"https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/",
|
||
"https://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report",
|
||
"https://www.europol.europa.eu/newsroom/news/mastermind-behind-eur-1-billion-cyber-bank-robbery-arrested-in-spain"
|
||
],
|
||
"synonyms": [
|
||
"Cobalt Group",
|
||
"Cobalt Gang",
|
||
"Cobalt Spider"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "68f7e3a1-f09f-4164-9a62-16b648a0dd5a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7d6f590f-544b-45b4-9a42-e0805f342af3",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "478aa214-2ca7-4ec0-9978-18798e514790",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aabc5ec-eae6-422c-8311-38d45ee9838a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bfd2738c-8b43-43c3-bc9f-d523c8e88bf4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "dc6fe6ee-04c2-49be-ba3d-f38d2463c02a",
|
||
"value": "Cobalt Group - G0080"
|
||
},
|
||
{
|
||
"description": "[Deep Panda](https://attack.mitre.org/groups/G0009) is a suspected Chinese threat group known to target many industries, including government, defense, financial, and telecommunications. (Citation: Alperovitch 2014) The intrusion into healthcare company Anthem has been attributed to [Deep Panda](https://attack.mitre.org/groups/G0009). (Citation: ThreatConnect Anthem) This group is also known as Shell Crew, WebMasters, KungFu Kittens, and PinkPanther. (Citation: RSA Shell Crew) [Deep Panda](https://attack.mitre.org/groups/G0009) also appears to be known as Black Vine based on the attribution of both group names to the Anthem intrusion. (Citation: Symantec Black Vine) Some analysts track [Deep Panda](https://attack.mitre.org/groups/G0009) and [APT19](https://attack.mitre.org/groups/G0073) as the same group, but it is unclear from open source information if the groups are the same. (Citation: ICIT China's Espionage Jul 2016)",
|
||
"meta": {
|
||
"external_id": "G0009",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0009",
|
||
"https://blog.crowdstrike.com/deep-thought-chinese-targeting-national-security-think-tanks/",
|
||
"https://www.emc.com/collateral/white-papers/h12756-wp-shell-crew.pdf",
|
||
"https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/",
|
||
"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf",
|
||
"https://icitech.org/icit-brief-chinas-espionage-dynasty-economic-death-by-a-thousand-cuts/"
|
||
],
|
||
"synonyms": [
|
||
"Deep Panda",
|
||
"Shell Crew",
|
||
"WebMasters",
|
||
"KungFu Kittens",
|
||
"PinkPanther",
|
||
"Black Vine"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "066d25c1-71bd-4bd4-8ca7-edbba00063f4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "0286e80e-b0ed-464f-ad62-beec8536d0cb",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "103ebfd8-4280-4027-b61a-69bd9967ad6c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "00d0b012-8a03-410e-95de-5826bf542de6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c16e5409-ee53-4d79-afdc-4099dc9292df",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "68f7e3a1-f09f-4164-9a62-16b648a0dd5a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "96b08451-b27a-4ff6-893f-790e26393a8e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "94379dec-5c87-49db-b36e-66abc0b81344",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9b99b83a-1aac-4e29-b975-b374950551a3",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "fbb470da-1d44-4f29-bbb3-9efbe20f94a3",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "91000a8a-58cc-4aba-9ad0-993ad6302b86",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "a653431d-6a5e-4600-8ad3-609b5af57064",
|
||
"value": "Deep Panda - G0009"
|
||
},
|
||
{
|
||
"description": "[Dust Storm](https://attack.mitre.org/groups/G0031) is a threat group that has targeted multiple industries in Japan, South Korea, the United States, Europe, and several Southeast Asian countries. (Citation: Cylance Dust Storm)",
|
||
"meta": {
|
||
"external_id": "G0031",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0031",
|
||
"https://www.cylance.com/content/dam/cylance/pdfs/reports/Op_Dust_Storm_Report.pdf"
|
||
],
|
||
"synonyms": [
|
||
"Dust Storm"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "9e71024e-817f-45b0-92a0-d886c30bc929",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "66b1dcde-17a0-4c7b-95fa-b08d430c2131",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "166c0eca-02fd-424a-92c0-6b5106994d31",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0db09158-6e48-4e7c-8ce7-2b10b9c0c039",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e1161124-f22e-487f-9d5f-ed8efc8dcd61",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "ae41895a-243f-4a65-b99b-d85022326c31",
|
||
"value": "Dust Storm - G0031"
|
||
},
|
||
{
|
||
"description": "[Night Dragon](https://attack.mitre.org/groups/G0014) is a campaign name for activity involving threat group that has conducted activity originating primarily in China. (Citation: McAfee Night Dragon) The activity from this group is also known as Musical Chairs. (Citation: Arbor Musical Chairs Feb 2018)",
|
||
"meta": {
|
||
"external_id": "G0014",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0014",
|
||
"https://securingtomorrow.mcafee.com/wp-content/uploads/2011/02/McAfee_NightDragon_wp_draft_to_customersv1-1.pdf",
|
||
"https://www.arbornetworks.com/blog/asert/musical-chairs-playing-tetris/"
|
||
],
|
||
"synonyms": [
|
||
"Night Dragon",
|
||
"Musical Chairs"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "b3714d59-b61e-4713-903a-9b4f04ae7f3d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6ff403bc-93e3-48be-8687-e102fdba8c88",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1a295f87-af63-4d94-b130-039d6221fb11",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "286cc500-4291-45c2-99a1-e760db176402",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9755ecdc-deb0-40e6-af49-713cb0f8ed92",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8",
|
||
"value": "Night Dragon - G0014"
|
||
},
|
||
{
|
||
"description": "[Lazarus Group](https://attack.mitre.org/groups/G0032) is a threat group that has been attributed to the North Korean government. (Citation: US-CERT HIDDEN COBRA June 2017) The group has been active since at least 2009 and was reportedly responsible for the November 2014 destructive wiper attack against Sony Pictures Entertainment as part of a campaign named Operation Blockbuster by Novetta. Malware used by [Lazarus Group](https://attack.mitre.org/groups/G0032) correlates to other reported campaigns, including Operation Flame, Operation 1Mission, Operation Troy, DarkSeoul, and Ten Days of Rain. (Citation: Novetta Blockbuster) In late 2017, [Lazarus Group](https://attack.mitre.org/groups/G0032) used KillDisk, a disk-wiping tool, in an attack against an online casino based in Central America. (Citation: Lazarus KillDisk)",
|
||
"meta": {
|
||
"external_id": "G0032",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0032",
|
||
"https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf",
|
||
"https://www.us-cert.gov/ncas/alerts/TA17-164A",
|
||
"https://blogs.microsoft.com/on-the-issues/2017/12/19/microsoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats/",
|
||
"https://www.secureworks.com/about/press/media-alert-secureworks-discovers-north-korean-cyber-threat-group-lazarus-spearphishing",
|
||
"https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/"
|
||
],
|
||
"synonyms": [
|
||
"Lazarus Group",
|
||
"HIDDEN COBRA",
|
||
"Guardians of Peace",
|
||
"ZINC",
|
||
"NICKEL ACADEMY"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "68391641-859f-4a9a-9a1e-3e5cf71ec376",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "027a1428-6e79-4a4b-82b9-e698e8525c2b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "128c55d3-aeba-469f-bd3e-c8996ab4112a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d54416bd-0803-41ca-870a-ce1af7c05638",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "dc27c2ec-c5f9-4228-ba57-d67b590bda93",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "069af411-9b24-4e85-b26c-623d035bbe84",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bd0536d7-b081-43ae-a773-cfb057c5b988",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "99709758-2b96-48f2-a68a-ad7fbd828091",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "02fefddc-fb1b-423f-a76b-7552dd211d4d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d21a2069-23d5-4043-ad6d-64f6b644cb1a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1f6e3702-7ca1-4582-b2e7-4591297d05a8",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7ba0fc46-197d-466d-8b9f-f1c64d5d81e5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "495b6cdb-7b5a-4fbc-8d33-e7ef68806d08",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "478aa214-2ca7-4ec0-9978-18798e514790",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3b3cbbe0-6ed3-4334-b543-3ddfd8c5642d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9b325b06-35a1-457d-be46-a4ecc0b7ff0c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "11e36d5b-6a92-4bf9-8eb7-85eb24f59e22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2e0dd10b-676d-4964-acd0-8a404c92b044",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "970cdb5c-02fb-4c38-b17e-d6327cf3c810",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9dbdadb6-fdbf-490f-a35f-38762d06a0d2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "c93fccb1-e8e8-42cf-ae33-2ad1d183913a",
|
||
"value": "Lazarus Group - G0032"
|
||
},
|
||
{
|
||
"description": "[Putter Panda](https://attack.mitre.org/groups/G0024) is a Chinese threat group that has been attributed to Unit 61486 of the 12th Bureau of the PLA’s 3rd General Staff Department (GSD). (Citation: CrowdStrike Putter Panda)",
|
||
"meta": {
|
||
"external_id": "G0024",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0024",
|
||
"http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf",
|
||
"http://blog.cylance.com/puttering-into-the-future"
|
||
],
|
||
"synonyms": [
|
||
"Putter Panda",
|
||
"APT2",
|
||
"MSUpdater"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "0ca45163-e223-4167-b1af-f088ed14a93d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "7bec698a-7e20-4fd3-bb6a-12787770fb1a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8e461ca3-0996-4e6e-a0df-e2a5bbc51ebc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2e0dd10b-676d-4964-acd0-8a404c92b044",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "800bdfba-6d66-480f-9f45-15845c05cb5d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e8268361-a599-4e45-bd3f-71c8c7e700c0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "5ce5392a-3a6c-4e07-9df3-9b6a9159ac45",
|
||
"value": "Putter Panda - G0024"
|
||
},
|
||
{
|
||
"description": "[Scarlet Mimic](https://attack.mitre.org/groups/G0029) is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group's motivations appear to overlap with those of the Chinese government. While there is some overlap between IP addresses used by [Scarlet Mimic](https://attack.mitre.org/groups/G0029) and [Putter Panda](https://attack.mitre.org/groups/G0024), it has not been concluded that the groups are the same. (Citation: Scarlet Mimic Jan 2016)",
|
||
"meta": {
|
||
"external_id": "G0029",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0029",
|
||
"http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/"
|
||
],
|
||
"synonyms": [
|
||
"Scarlet Mimic"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "0da10682-85c6-4c0b-bace-ba1f7adfb63e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "dfb5fa9b-3051-4b97-8035-08f80aef945b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bb3c1098-d654-4620-bf40-694386d28921",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "cb7bcf6f-085f-41db-81ee-4b68481661b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "463f68f1-5cde-4dc2-a831-68b73488f8f4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "c5574ca0-d5a4-490a-b207-e4658e5fd1d7",
|
||
"value": "Scarlet Mimic - G0029"
|
||
},
|
||
{
|
||
"description": "[Poseidon Group](https://attack.mitre.org/groups/G0033) is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from victims to blackmail victim companies into contracting the [Poseidon Group](https://attack.mitre.org/groups/G0033) as a security firm. (Citation: Kaspersky Poseidon Group)",
|
||
"meta": {
|
||
"external_id": "G0033",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0033",
|
||
"https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/"
|
||
],
|
||
"synonyms": [
|
||
"Poseidon Group"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "5fc09923-fcff-4e81-9cae-4518ef31cf4d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "7ecc3b4f-5cdb-457e-b55a-df376b359446",
|
||
"value": "Poseidon Group - G0033"
|
||
},
|
||
{
|
||
"description": "[Sandworm Team](https://attack.mitre.org/groups/G0034) is a Russian cyber espionage group that has operated since approximately 2009. The group likely consists of Russian pro-hacktivists. [Sandworm Team](https://attack.mitre.org/groups/G0034) targets mainly Ukrainian entities associated with energy, industrial control systems, SCADA, government, and media. [Sandworm Team](https://attack.mitre.org/groups/G0034) has been linked to the Ukrainian energy sector attack in late 2015.\n (Citation: iSIGHT Sandworm 2014) (Citation: CrowdStrike VOODOO BEAR)",
|
||
"meta": {
|
||
"external_id": "G0034",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0034",
|
||
"https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html",
|
||
"https://www.f-secure.com/documents/996508/1030745/blackenergy_whitepaper.pdf",
|
||
"https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/",
|
||
"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/"
|
||
],
|
||
"synonyms": [
|
||
"Sandworm Team",
|
||
"Quedagh",
|
||
"VOODOO BEAR"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "b47250ec-2094-4d06-b658-11456e05fe89",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "feac86e4-6bb2-4ba0-ac99-806aeb0a776c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "381fcf73-60f6-4ab2-9991-6af3cbc35192",
|
||
"value": "Sandworm Team - G0034"
|
||
},
|
||
{
|
||
"description": "[Stealth Falcon](https://attack.mitre.org/groups/G0038) is a threat group that has conducted targeted spyware attacks against Emirati journalists, activists, and dissidents since at least 2012. Circumstantial evidence suggests there could be a link between this group and the United Arab Emirates (UAE) government, but that has not been confirmed. (Citation: Citizen Lab Stealth Falcon May 2016)",
|
||
"meta": {
|
||
"external_id": "G0038",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0038",
|
||
"https://citizenlab.org/2016/05/stealth-falcon/"
|
||
],
|
||
"synonyms": [
|
||
"Stealth Falcon"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "dab75e38-6969-4e78-9304-dc269c3cbcf0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "894aab42-3371-47b1-8859-a4a074c804c8",
|
||
"value": "Stealth Falcon - G0038"
|
||
},
|
||
{
|
||
"description": "[Winnti Group](https://attack.mitre.org/groups/G0044) is a threat group with Chinese origins that has been active since at least 2010. The group has heavily targeted the gaming industry, but it has also expanded the scope of its targeting. (Citation: Kaspersky Winnti April 2013) (Citation: Kaspersky Winnti June 2015) (Citation: Novetta Winnti April 2015) Some reporting suggests a number of other groups, including [Axiom](https://attack.mitre.org/groups/G0001), [APT17](https://attack.mitre.org/groups/G0025), and [Ke3chang](https://attack.mitre.org/groups/G0004), are closely linked to [Winnti Group](https://attack.mitre.org/groups/G0044). (Citation: 401 TRG Winnti Umbrella May 2018)",
|
||
"meta": {
|
||
"external_id": "G0044",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0044",
|
||
"http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates",
|
||
"https://securelist.com/winnti-more-than-just-a-game/37029/",
|
||
"https://securelist.com/games-are-over/70991/",
|
||
"http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf",
|
||
"https://401trg.com/burning-umbrella/"
|
||
],
|
||
"synonyms": [
|
||
"Winnti Group",
|
||
"Blackfly"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d3afa961-a80c-4043-9509-282cdf69ab21",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff",
|
||
"value": "Winnti Group - G0044"
|
||
},
|
||
{
|
||
"description": "[Gamaredon Group](https://attack.mitre.org/groups/G0047) is a threat group that has been active since at least 2013 and has targeted individuals likely involved in the Ukrainian government. (Citation: Palo Alto Gamaredon Feb 2017)",
|
||
"meta": {
|
||
"external_id": "G0047",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0047",
|
||
"https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/"
|
||
],
|
||
"synonyms": [
|
||
"Gamaredon Group"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "1a77e156-76bc-43f5-bdd7-bd67f30fbbbb",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "5f9f7648-04ba-4a9f-bb4c-2a13e74572bd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "2e290bfe-93b5-48ce-97d6-edcd6d32b7cf",
|
||
"value": "Gamaredon Group - G0047"
|
||
},
|
||
{
|
||
"description": "[Charming Kitten](https://attack.mitre.org/groups/G0058) is an Iranian cyber espionage group that has been active since approximately 2014. They appear to focus on targeting individuals of interest to Iran who work in academic research, human rights, and media, with most victims having been located in Iran, the US, Israel, and the UK. [Charming Kitten](https://attack.mitre.org/groups/G0058) usually tries to access private email and Facebook accounts, and sometimes establishes a foothold on victim computers as a secondary objective. The group's TTPs overlap extensively with another group, [Rocket Kitten](https://attack.mitre.org/groups/G0059), resulting in reporting that may not distinguish between the two groups' activities. (Citation: ClearSky Charming Kitten Dec 2017)",
|
||
"meta": {
|
||
"external_id": "G0058",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0058",
|
||
"http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf"
|
||
],
|
||
"synonyms": [
|
||
"Charming Kitten"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "e48df773-7c95-4a4c-ba70-ea3d15900148",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "7636484c-adc5-45d4-9bfe-c3e062fbc4a0",
|
||
"value": "Charming Kitten - G0058"
|
||
},
|
||
{
|
||
"description": "[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group operating primarily in the Middle East that dates back as early as 2014. The group behind the campaign has primarily targeted organizations in the energy, government, and technology sectors that are either based or have business interests in Saudi Arabia. (Citation: Unit 42 Magic Hound Feb 2017) (Citation: FireEye APT35 2018)",
|
||
"meta": {
|
||
"external_id": "G0059",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0059",
|
||
"https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/",
|
||
"http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf",
|
||
"https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations",
|
||
"https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf"
|
||
],
|
||
"synonyms": [
|
||
"Magic Hound",
|
||
"Rocket Kitten",
|
||
"Operation Saffron Rose",
|
||
"Ajax Security Team",
|
||
"Operation Woolen-Goldfish",
|
||
"Newscaster",
|
||
"Cobalt Gypsy",
|
||
"APT35"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9a2640c2-9f43-46fe-b13f-bde881e55555",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d3df754e-997b-4cf9-97d4-70feb3120847",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "fbd727ea-c0dc-42a9-8448-9e12962d1ab5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
|
||
"value": "Magic Hound - G0059"
|
||
},
|
||
{
|
||
"description": "[Gorgon Group](https://attack.mitre.org/groups/G0078) is a threat group consisting of members who are suspected to be Pakistan-based or have other connections to Pakistan. The group has performed a mix of criminal and targeted attacks, including campaigns against government organizations in the United Kingdom, Spain, Russia, and the United States. (Citation: Unit 42 Gorgon Group Aug 2018)",
|
||
"meta": {
|
||
"external_id": "G0078",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0078",
|
||
"https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/"
|
||
],
|
||
"synonyms": [
|
||
"Gorgon Group"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "970cdb5c-02fb-4c38-b17e-d6327cf3c810",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2e0dd10b-676d-4964-acd0-8a404c92b044",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1c338d0f-a65e-4073-a5c1-c06878849f21",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "1f21da59-6a13-455b-afd0-d58d0a5a7d27",
|
||
"value": "Gorgon Group - G0078"
|
||
},
|
||
{
|
||
"description": "[FIN10](https://attack.mitre.org/groups/G0051) is a financially motivated threat group that has targeted organizations in North America since at least 2013 through 2016. The group uses stolen data exfiltrated from victims to extort organizations. (Citation: FireEye FIN10 June 2017)",
|
||
"meta": {
|
||
"external_id": "G0051",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0051",
|
||
"https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin10.pdf"
|
||
],
|
||
"synonyms": [
|
||
"FIN10"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "6c74fda2-bb04-40bd-a166-8c2d4b952d33",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "fbe9387f-34e6-4828-ac28-3080020c597b",
|
||
"value": "FIN10 - G0051"
|
||
},
|
||
{
|
||
"description": "[APT12](https://attack.mitre.org/groups/G0005) is a threat group that has been attributed to China. (Citation: Meyers Numbered Panda)",
|
||
"meta": {
|
||
"external_id": "G0005",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0005",
|
||
"http://www.crowdstrike.com/blog/whois-numbered-panda/",
|
||
"https://www.fireeye.com/blog/threat-research/2014/09/darwins-favorite-apt-group-2.html"
|
||
],
|
||
"synonyms": [
|
||
"APT12",
|
||
"IXESHE",
|
||
"DynCalc",
|
||
"Numbered Panda",
|
||
"DNSCALC"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "48146604-6693-4db1-bd94-159744726514",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "8beac7c2-48d2-4cd9-9b15-6c452f38ac06",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ad4f146f-e3ec-444a-ba71-24bffd7f0f8e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb",
|
||
"value": "APT12 - G0005"
|
||
},
|
||
{
|
||
"description": "[APT30](https://attack.mitre.org/groups/G0013) is a threat group suspected to be associated with the Chinese government. (Citation: FireEye APT30) While [Naikon](https://attack.mitre.org/groups/G0019) shares some characteristics with [APT30](https://attack.mitre.org/groups/G0013), the two groups do not appear to be exact matches. (Citation: Baumgartner Golovkin Naikon 2015)",
|
||
"meta": {
|
||
"external_id": "G0013",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0013",
|
||
"https://securelist.com/the-naikon-apt/69953/",
|
||
"https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
|
||
],
|
||
"synonyms": [
|
||
"APT30"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "fb261c56-b80e-43a9-8351-c84081e7213d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "43213480-78f7-4fb3-976f-d48f5f6a4c2a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b1de6916-7a22-4460-8d26-6b5483ffaa2a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8b880b41-5139-4807-baa9-309690218719",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd",
|
||
"value": "APT30 - G0013"
|
||
},
|
||
{
|
||
"description": "[APT1](https://attack.mitre.org/groups/G0006) is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398. (Citation: Mandiant APT1)",
|
||
"meta": {
|
||
"external_id": "G0006",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0006",
|
||
"https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf",
|
||
"http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf"
|
||
],
|
||
"synonyms": [
|
||
"APT1",
|
||
"Comment Crew",
|
||
"Comment Group",
|
||
"Comment Panda"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "1cb7e1cc-d695-42b1-92f4-fd0112a3c9be",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "5a84dc36-df0d-4053-9b7c-f0c388a57283",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2fab555f-7664-4623-b4e0-1675ae38190b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4fa49fc0-9162-4bdb-a37e-7aa3dcb6d38b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f2e8c7a1-cae1-45c4-baf0-6f21bdcbb2c2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1d808f62-cf63-4063-9727-ff6132514c22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a52edc76-328d-4596-85e7-d56ef5a9eb69",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b8eb28e4-48a6-40ae-951a-328714f75eda",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c9cd7ec9-40b7-49db-80be-1399eddd9c52",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "aadaee0d-794c-4642-8293-7ec22a99fb1a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1a295f87-af63-4d94-b130-039d6221fb11",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662",
|
||
"value": "APT1 - G0006"
|
||
},
|
||
{
|
||
"description": "[Axiom](https://attack.mitre.org/groups/G0001) is a cyber espionage group suspected to be associated with the Chinese government. It is responsible for the Operation SMN campaign. (Citation: Novetta-Axiom) Though both this group and [Winnti Group](https://attack.mitre.org/groups/G0044) use the malware [Winnti](https://attack.mitre.org/software/S0141), the two groups appear to be distinct based on differences in reporting on the groups' TTPs and targeting. (Citation: Kaspersky Winnti April 2013) (Citation: Kaspersky Winnti June 2015) (Citation: Novetta Winnti April 2015)",
|
||
"meta": {
|
||
"external_id": "G0001",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0001",
|
||
"http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf",
|
||
"http://blogs.cisco.com/security/talos/threat-spotlight-group-72",
|
||
"https://securelist.com/winnti-more-than-just-a-game/37029/",
|
||
"https://securelist.com/games-are-over/70991/",
|
||
"http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf"
|
||
],
|
||
"synonyms": [
|
||
"Axiom",
|
||
"Group 72"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "94379dec-5c87-49db-b36e-66abc0b81344",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "73a4793a-ce55-4159-b2a6-208ef29b326f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9b99b83a-1aac-4e29-b975-b374950551a3",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "95047f03-4811-4300-922e-1ba937d53a61",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973",
|
||
"value": "Axiom - G0001"
|
||
},
|
||
{
|
||
"description": "[Turla](https://attack.mitre.org/groups/G0010) is a Russian-based threat group that has infected victims in over 45 countries, spanning a range of industries including government, embassies, military, education, research and pharmaceutical companies since 2004. Heightened activity was seen in mid-2015. [Turla](https://attack.mitre.org/groups/G0010) is known for conducting watering hole and spearphishing campaigns and leveraging in-house tools and malware. [Turla](https://attack.mitre.org/groups/G0010)’s espionage platform is mainly used against Windows machines, but has also been seen used against macOS and Linux machines. (Citation: Kaspersky Turla) (Citation: ESET Gazer Aug 2017) (Citation: CrowdStrike VENOMOUS BEAR) (Citation: ESET Turla Mosquito Jan 2018)",
|
||
"meta": {
|
||
"external_id": "G0010",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0010",
|
||
"https://securelist.com/the-epic-turla-operation/65545/",
|
||
"https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf",
|
||
"https://securelist.com/introducing-whitebear/81638/",
|
||
"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf",
|
||
"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-march-venomous-bear/",
|
||
"https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
|
||
],
|
||
"synonyms": [
|
||
"Turla",
|
||
"Waterbug",
|
||
"WhiteBear",
|
||
"VENOMOUS BEAR",
|
||
"Snake",
|
||
"Krypton"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "fa80877c-f509-4daf-8b62-20aba1635f68",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "c097471c-2405-4393-b6d7-afbcb5f0cd11",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "6b62e336-176f-417b-856a-8552dd8c44e1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "00d0b012-8a03-410e-95de-5826bf542de6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "80a014ba-3fef-4768-990b-37d8bd10d7f4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "76abb3ef-dafd-4762-97cb-a35379429db4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "30489451-5886-4c46-90c9-0dff9adc5252",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "92b55426-109f-4d93-899f-1833ce91ff90",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b35068ec-107a-4266-bda8-eb7036267aea",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "514ede4c-78b3-4d78-a38b-daddf6217a79",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "536be338-e2ef-4a6b-afb6-8d5568b91eb2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "7a19ecb1-3c65-4de3-a230-993516aed6a6",
|
||
"value": "Turla - G0010"
|
||
},
|
||
{
|
||
"description": "[APT32](https://attack.mitre.org/groups/G0050) is a threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as with foreign governments, dissidents, and journalists with a strong focus on Southeast Asian countries like Vietnam, Phillipines, Laos, and Cambodia. They have extensively used strategic web compromises to compromise victims. \nThe group is believed to be Vietnam-based. (Citation: FireEye APT32 May 2017) (Citation: Volexity OceanLotus Nov 2017) (Citation: ESET OceanLotus)",
|
||
"meta": {
|
||
"external_id": "G0050",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0050",
|
||
"https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html",
|
||
"https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/",
|
||
"https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/"
|
||
],
|
||
"synonyms": [
|
||
"APT32",
|
||
"OceanLotus Group",
|
||
"APT-C-00"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "7e5a571f-dee2-4cae-a960-f8ab8a8fb1cf",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "aa29ae56-e54b-47a2-ad16-d3ab0242d5d7",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "128c55d3-aeba-469f-bd3e-c8996ab4112a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7dbb67c7-270a-40ad-836e-c45f8948aa5a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c16e5409-ee53-4d79-afdc-4099dc9292df",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "478aa214-2ca7-4ec0-9978-18798e514790",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "98e8a977-3416-43aa-87fa-33e287e9c14c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "327f3cc5-eea1-42d4-a6cd-ed34b7ce8f61",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f6ae7a52-f3b6-4525-9daf-640c083f006e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "68f7e3a1-f09f-4164-9a62-16b648a0dd5a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b2001907-166b-4d71-bb3c-9d26c871de09",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "519630c5-f03f-4882-825c-3af924935817",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9ca488bd-9587-48ef-b923-1743523e63b2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f6fe9070-7a65-49ea-ae72-76292f42cebe",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "247cb30b-955f-42eb-97a5-a89fef69341e",
|
||
"value": "APT32 - G0050"
|
||
},
|
||
{
|
||
"description": "[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's Main Intelligence Directorate of the Russian General Staff by a July 2018 U.S. Department of Justice indictment. This group reportedly compromised the Hillary Clinton campaign, the Democratic National Committee, and the Democratic Congressional Campaign Committee in 2016 in an attempt to interfere with the U.S. presidential election. (Citation: DOJ GRU Indictment Jul 2018) (Citation: Ars Technica GRU indictment Jul 2018) (Citation: Crowdstrike DNC June 2016) (Citation: FireEye APT28) (Citation: SecureWorks TG-4127) (Citation: FireEye APT28 January 2017) (Citation: GRIZZLY STEPPE JAR) (Citation: Sofacy DealersChoice) (Citation: Palo Alto Sofacy 06-2018)",
|
||
"meta": {
|
||
"external_id": "G0007",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0007",
|
||
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf",
|
||
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf",
|
||
"https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/",
|
||
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/",
|
||
"https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign",
|
||
"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf",
|
||
"https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf",
|
||
"https://researchcenter.paloaltonetworks.com/2018/03/unit42-sofacy-uses-dealerschoice-target-european-government-agency/",
|
||
"https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/",
|
||
"https://www.justice.gov/file/1080281/download",
|
||
"https://arstechnica.com/information-technology/2018/07/from-bitly-to-x-agent-how-gru-hackers-targeted-the-2016-presidential-election/"
|
||
],
|
||
"synonyms": [
|
||
"APT28",
|
||
"Sednit",
|
||
"Sofacy",
|
||
"Pawn Storm",
|
||
"Fancy Bear",
|
||
"STRONTIUM",
|
||
"Tsar Team",
|
||
"Threat Group-4127",
|
||
"TG-4127"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "62b8c999-dcc0-4755-bd69-09442d9359f5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "dc27c2ec-c5f9-4228-ba57-d67b590bda93",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7343e208-7cab-45f2-a47b-41ba5e2f0fab",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2dd34b01-6110-4aac-835d-b5e7b936b0be",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "02fefddc-fb1b-423f-a76b-7552dd211d4d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "59a97b15-8189-4d51-9404-e1ce8ea4a069",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "128c55d3-aeba-469f-bd3e-c8996ab4112a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "af2ad3b7-ab6a-4807-91fd-51bcaff9acbb",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a1dd2dbd-1550-44bf-abcc-1a4c52e97719",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c8655260-9f4b-44e3-85e1-6538a5f6e4f4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9b52fca7-1a36-4da0-b62d-da5bd83b4d69",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ccd61dfc-b03f-4689-8c18-7c97eab08472",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f108215f-3487-489d-be8b-80e346d32518",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8f460983-1bbb-4e7e-8094-f0b5e720f658",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "fb575479-14ef-41e9-bfab-0b7cf10bec73",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "90ec2b22-7061-4469-b539-0989ec4f96c2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a4f57468-fbd5-49e4-8476-52088220b92d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56660521-6db4-4e5a-a927-464f22954b7c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "45242287-2964-4a3e-9373-159fad4d8195",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c",
|
||
"value": "APT28 - G0007"
|
||
},
|
||
{
|
||
"description": "[Equation](https://attack.mitre.org/groups/G0020) is a sophisticated threat group that employs multiple remote access tools. The group is known to use zero-day exploits and has developed the capability to overwrite the firmware of hard disk drives. (Citation: Kaspersky Equation QA)",
|
||
"meta": {
|
||
"external_id": "G0020",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0020",
|
||
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_group_questions_and_answers.pdf"
|
||
],
|
||
"synonyms": [
|
||
"Equation"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "10d5f3b7-6be6-4da5-9a77-0f1e2bbfcc44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "96e239be-ad99-49eb-b127-3007b8c1bec9",
|
||
"value": "Equation - G0020"
|
||
},
|
||
{
|
||
"description": "[Moafee](https://attack.mitre.org/groups/G0002) is a threat group that appears to operate from the Guandong Province of China. Due to overlapping TTPs, including similar custom tools, Moafee is thought to have a direct or indirect relationship with the threat group [DragonOK](https://attack.mitre.org/groups/G0017). (Citation: Haq 2014)",
|
||
"meta": {
|
||
"external_id": "G0002",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0002",
|
||
"https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html"
|
||
],
|
||
"synonyms": [
|
||
"Moafee"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "a9b44750-992c-4743-8922-129880d277ea",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "519630c5-f03f-4882-825c-3af924935817",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f",
|
||
"value": "Moafee - G0002"
|
||
},
|
||
{
|
||
"description": "[Ke3chang](https://attack.mitre.org/groups/G0004) is a threat group attributed to actors operating out of China.\n[Ke3chang](https://attack.mitre.org/groups/G0004) has targeted several industries, including oil, government, military, and more. (Citation: Villeneuve et al 2014) (Citation: NCC Group APT15 Alive and Strong) (Citation: APT15 Intezer June 2018)",
|
||
"meta": {
|
||
"external_id": "G0004",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0004",
|
||
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-ke3chang.pdf",
|
||
"https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/march/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/",
|
||
"https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/"
|
||
],
|
||
"synonyms": [
|
||
"Ke3chang",
|
||
"APT15",
|
||
"Mirage",
|
||
"Vixen Panda",
|
||
"GREF",
|
||
"Playful Dragon",
|
||
"RoyalAPT"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d54416bd-0803-41ca-870a-ce1af7c05638",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "478aa214-2ca7-4ec0-9978-18798e514790",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "33b9e38f-103c-412d-bdcf-904a91fff1e4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e3cedcfe-6515-4348-af65-7f2c4157bf0d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a257ed11-ff3b-4216-8c9d-3938ef57064c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "6713ab67-e25b-49cc-808d-2b36d4fbc35c",
|
||
"value": "Ke3chang - G0004"
|
||
},
|
||
{
|
||
"description": "[Cleaver](https://attack.mitre.org/groups/G0003) is a threat group that has been attributed to Iranian actors and is responsible for activity tracked as Operation Cleaver. (Citation: Cylance Cleaver) Strong circumstantial evidence suggests Cleaver is linked to Threat Group 2889 (TG-2889). (Citation: Dell Threat Group 2889)",
|
||
"meta": {
|
||
"external_id": "G0003",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0003",
|
||
"https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf",
|
||
"http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/"
|
||
],
|
||
"synonyms": [
|
||
"Cleaver",
|
||
"Threat Group 2889",
|
||
"TG-2889"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "fde50aaa-f5de-4cb8-989a-babb57d6a704",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "271e6d40-e191-421a-8f87-a8102452c201",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c2ffd229-11bb-4fd8-9208-edbe97b14c93",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "fddd81e9-dd3d-477e-9773-4fb8ae227234",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
||
"value": "Cleaver - G0003"
|
||
},
|
||
{
|
||
"description": "[Patchwork](https://attack.mitre.org/groups/G0040) is a cyberespionage group that was first observed in December 2015. While the group has not been definitively attributed, circumstantial evidence suggests the group may be a pro-Indian or Indian entity. [Patchwork](https://attack.mitre.org/groups/G0040) has been seen targeting industries related to diplomatic and government agencies. Much of the code used by this group was copied and pasted from online forums. [Patchwork](https://attack.mitre.org/groups/G0040) was also seen operating spearphishing campaigns targeting U.S. think tank groups in March and April of 2018. (Citation: Cymmetria Patchwork) (Citation: Symantec Patchwork) (Citation: TrendMicro Patchwork Dec 2017) (Citation: Volexity Patchwork June 2018)",
|
||
"meta": {
|
||
"external_id": "G0040",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0040",
|
||
"https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf",
|
||
"https://securelist.com/the-dropping-elephant-actor/75328/",
|
||
"http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries",
|
||
"https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/",
|
||
"https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf",
|
||
"http://enterprise-manage.norman.c.bitbit.net/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf",
|
||
"https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf",
|
||
"https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/"
|
||
],
|
||
"synonyms": [
|
||
"Patchwork",
|
||
"Dropping Elephant",
|
||
"Chinastrats",
|
||
"MONSOON",
|
||
"Operation Hangover"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "9559ecaf-2e75-48a7-aee8-9974020bc772",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "18d473a5-831b-47a5-97a1-a32156299825",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "00d0b012-8a03-410e-95de-5826bf542de6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "85b39628-204a-48d2-b377-ec368cbcb7ca",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1c338d0f-a65e-4073-a5c1-c06878849f21",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d54416bd-0803-41ca-870a-ce1af7c05638",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "519630c5-f03f-4882-825c-3af924935817",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ab3580c8-8435-4117-aace-3d9fbe46aa56",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "241814ae-de3f-4656-b49e-f9a80764d4b7",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f5352566-1a64-49ac-8f7f-97e1d1a03300",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d1183cb9-258e-4f2f-8415-50ac8252c49e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6ff403bc-93e3-48be-8687-e102fdba8c88",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b2001907-166b-4d71-bb3c-9d26c871de09",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e9595678-d269-469e-ae6b-75e49259de63",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e494ad79-37ee-4cd0-866b-299c521d8b94",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0",
|
||
"value": "Patchwork - G0040"
|
||
},
|
||
{
|
||
"description": "[Carbanak](https://attack.mitre.org/groups/G0008) is a threat group that mainly targets banks. It also refers to malware of the same name ([Carbanak](https://attack.mitre.org/software/S0030)). It is sometimes referred to as [FIN7](https://attack.mitre.org/groups/G0046), but these appear to be two groups using the same [Carbanak](https://attack.mitre.org/software/S0030) malware and are therefore tracked separately. (Citation: Kaspersky Carbanak) (Citation: FireEye FIN7 April 2017)",
|
||
"meta": {
|
||
"external_id": "G0008",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0008",
|
||
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064518/Carbanak_APT_eng.pdf",
|
||
"https://www.fox-it.com/en/about-fox-it/corporate/news/anunak-aka-carbanak-update/",
|
||
"https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html",
|
||
"https://www.crowdstrike.com/blog/state-criminal-address/"
|
||
],
|
||
"synonyms": [
|
||
"Carbanak",
|
||
"Anunak",
|
||
"Carbon Spider"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2e0dd10b-676d-4964-acd0-8a404c92b044",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "478aa214-2ca7-4ec0-9978-18798e514790",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "62b8c999-dcc0-4755-bd69-09442d9359f5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c",
|
||
"value": "Carbanak - G0008"
|
||
},
|
||
{
|
||
"description": "[PittyTiger](https://attack.mitre.org/groups/G0011) is a threat group believed to operate out of China that uses multiple different types of malware to maintain command and control. (Citation: Bizeul 2014) (Citation: Villeneuve 2014)",
|
||
"meta": {
|
||
"external_id": "G0011",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0011",
|
||
"http://blog.cassidiancybersecurity.com/post/2014/07/The-Eye-of-the-Tiger2",
|
||
"https://www.fireeye.com/blog/threat-research/2014/07/spy-of-the-tiger.html"
|
||
],
|
||
"synonyms": [
|
||
"PittyTiger"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "4d37813c-b8e9-4e58-a758-03168d8aa189",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "251fbae2-78f6-4de7-84f6-194c727a64ad",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "fe98767f-9df8-42b9-83c9-004b1dec8647",
|
||
"value": "PittyTiger - G0011"
|
||
},
|
||
{
|
||
"description": "[APT16](https://attack.mitre.org/groups/G0023) is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. (Citation: FireEye EPS Awakens Part 2)",
|
||
"meta": {
|
||
"external_id": "G0023",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0023",
|
||
"https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html"
|
||
],
|
||
"synonyms": [
|
||
"APT16"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "d6e88e18-81e8-4709-82d8-973095da1e70",
|
||
"value": "APT16 - G0023"
|
||
},
|
||
{
|
||
"description": "[APT17](https://attack.mitre.org/groups/G0025) is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. (Citation: FireEye APT17)",
|
||
"meta": {
|
||
"external_id": "G0025",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0025",
|
||
"https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf"
|
||
],
|
||
"synonyms": [
|
||
"APT17",
|
||
"Deputy Dog"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "24110866-cb22-4c85-a7d2-0413e126694b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "271e6d40-e191-421a-8f87-a8102452c201",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "090242d7-73fc-4738-af68-20162f7a5aae",
|
||
"value": "APT17 - G0025"
|
||
},
|
||
{
|
||
"description": "[APT18](https://attack.mitre.org/groups/G0026) is a threat group that has operated since at least 2009 and has targeted a range of industries, including technology, manufacturing, human rights groups, government, and medical. (Citation: Dell Lateral Movement)",
|
||
"meta": {
|
||
"external_id": "G0026",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0026",
|
||
"http://www.secureworks.com/resources/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems/",
|
||
"https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop"
|
||
],
|
||
"synonyms": [
|
||
"APT18",
|
||
"TG-0416",
|
||
"Dynamite Panda",
|
||
"Threat Group-0416"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b96680d1-5eb3-4f07-b95c-00ab904ac236",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e066bf86-9cfb-407a-9d25-26fd5d91e360",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9e2bba94-950b-4fcf-8070-cb3f816c5f4e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648",
|
||
"value": "APT18 - G0026"
|
||
},
|
||
{
|
||
"description": "[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to the Russian government and has operated since at least 2008. (Citation: F-Secure The Dukes) (Citation: GRIZZLY STEPPE JAR) This group reportedly compromised the Democratic National Committee starting in the summer of 2015. (Citation: Crowdstrike DNC June 2016)",
|
||
"meta": {
|
||
"external_id": "G0016",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0016",
|
||
"https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf",
|
||
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/",
|
||
"https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf"
|
||
],
|
||
"synonyms": [
|
||
"APT29",
|
||
"The Dukes",
|
||
"Cozy Bear",
|
||
"CozyDuke"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "b2056ff0-00b9-482e-b11c-c771daa5f28a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9b99b83a-1aac-4e29-b975-b374950551a3",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "5e7ef1dc-7fb6-4913-ac75-e06113b59e0c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "65370d0b-3bd4-4653-8cf9-daf56f6be830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1ce03c65-5946-4ac9-9d4d-66db87e024bd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ae9d818d-95d0-41da-b045-9cabea1ca164",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b136d088-a829-432c-ac26-5529c26d4c7e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6ff403bc-93e3-48be-8687-e102fdba8c88",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6ef745b-077f-42e1-a37d-29eecff9c754",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "cbf646f1-7db5-4dc6-808b-0094313949df",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "00c3bfcb-99bd-4767-8c03-b08f585f5c8a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e906ae4d-1d3a-4675-be23-22f7311c0da4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7d751199-05fa-4a72-920f-85df4506c76c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2daa14d6-cbf3-4308-bb8e-213c324a08e4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2eb9b131-d333-4a48-9eb4-d8dec46c19ee",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "67e6d66b-1b82-4699-b47a-e2efb6268d14",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c23b740b-a42b-47a1-aec2-9d48ddd547ff",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "199463de-d9be-46d6-bb41-07234c1dd5a6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "5e595477-2e78-4ce7-ae42-e0b059b17808",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "899ce53f-13a0-479b-a0e4-67d46e241542",
|
||
"value": "APT29 - G0016"
|
||
},
|
||
{
|
||
"description": "[Darkhotel](https://attack.mitre.org/groups/G0012) is a threat group that has been active since at least 2004. The group has conducted activity on hotel and business center Wi‑Fi and physical connections as well as peer-to-peer and file sharing networks. The actors have also conducted spearphishing. (Citation: Kaspersky Darkhotel)",
|
||
"meta": {
|
||
"external_id": "G0012",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0012",
|
||
"https://securelist.com/files/2014/11/darkhotel_kl_07.11.pdf"
|
||
],
|
||
"synonyms": [
|
||
"Darkhotel"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "9e729a7e-0dd6-4097-95bf-db8d64911383",
|
||
"value": "Darkhotel - G0012"
|
||
},
|
||
{
|
||
"description": "[Molerats](https://attack.mitre.org/groups/G0021) is a politically-motivated threat group that has been operating since 2012. The group's victims have primarily been in the Middle East, Europe, and the United States. (Citation: DustySky) (Citation: DustySky2)",
|
||
"meta": {
|
||
"external_id": "G0021",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0021",
|
||
"https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf",
|
||
"http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf",
|
||
"https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html"
|
||
],
|
||
"synonyms": [
|
||
"Molerats",
|
||
"Operation Molerats",
|
||
"Gaza Cybergang"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "f7c2e501-73b1-400f-a5d9-2e2e07b7dfde",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "687c23e4-4e25-4ee7-a870-c5e002511f54",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "df71bb3b-813c-45eb-a8bc-f2a419837411",
|
||
"value": "Molerats - G0021"
|
||
},
|
||
{
|
||
"description": "[admin@338](https://attack.mitre.org/groups/G0018) is a China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs such as [PoisonIvy](https://attack.mitre.org/software/S0012), as well as some non-public backdoors. (Citation: FireEye admin@338)",
|
||
"meta": {
|
||
"external_id": "G0018",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0018",
|
||
"https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html"
|
||
],
|
||
"synonyms": [
|
||
"admin@338"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "ac4bce1f-b3ec-4c44-bd36-b6cc986b319b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "123bd7b3-675c-4b1a-8482-c55782b20e2b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2a6f4c7b-e690-4cc7-ab6b-1f821fb6b80b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "16ade1aa-0ea1-4bb7-88cc-9079df2ae756",
|
||
"value": "admin@338 - G0018"
|
||
},
|
||
{
|
||
"description": "[APT19](https://attack.mitre.org/groups/G0073) is a Chinese-based threat group that has targeted a variety of industries, including defense, finance, energy, pharmaceutical, telecommunications, high tech, education, manufacturing, and legal services. In 2017, a phishing campaign was used to target seven law and investment firms. (Citation: FireEye APT19) Some analysts track [APT19](https://attack.mitre.org/groups/G0073) and [Deep Panda](https://attack.mitre.org/groups/G0009) as the same group, but it is unclear from open source information if the groups are the same. (Citation: ICIT China's Espionage Jul 2016) (Citation: FireEye APT Groups) (Citation: Unit 42 C0d0so0 Jan 2016)",
|
||
"meta": {
|
||
"external_id": "G0073",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0073",
|
||
"https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html",
|
||
"https://icitech.org/icit-brief-chinas-espionage-dynasty-economic-death-by-a-thousand-cuts/",
|
||
"https://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/",
|
||
"https://www.fireeye.com/current-threats/apt-groups.html#apt19",
|
||
"https://www.darkreading.com/attacks-breaches/chinese-hacking-group-codoso-team-uses-forbescom-as-watering-hole-/d/d-id/1319059"
|
||
],
|
||
"synonyms": [
|
||
"APT19",
|
||
"Codoso",
|
||
"C0d0so0",
|
||
"Codoso Team",
|
||
"Sunshop Group"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "62b8c999-dcc0-4755-bd69-09442d9359f5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b2001907-166b-4d71-bb3c-9d26c871de09",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "68f7e3a1-f09f-4164-9a62-16b648a0dd5a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "62dfd1ca-52d5-483c-a84b-d6e80bf94b7b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "fe8796a4-2a02-41a0-9d27-7aa1e995feb6",
|
||
"value": "APT19 - G0073"
|
||
},
|
||
{
|
||
"description": "[Strider](https://attack.mitre.org/groups/G0041) is a threat group that has been active since at least 2011 and has targeted victims in Russia, China, Sweden, Belgium, Iran, and Rwanda. (Citation: Symantec Strider Blog) (Citation: Kaspersky ProjectSauron Blog)",
|
||
"meta": {
|
||
"external_id": "G0041",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0041",
|
||
"http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets",
|
||
"https://securelist.com/faq-the-projectsauron-apt/75533/",
|
||
"https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf"
|
||
],
|
||
"synonyms": [
|
||
"Strider",
|
||
"ProjectSauron"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "f3179cfb-9c86-4980-bd6b-e4fa74adaaa7",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "277d2f87-2ae5-4730-a3aa-50c1fdff9656",
|
||
"value": "Strider - G0041"
|
||
},
|
||
{
|
||
"description": "[Taidoor](https://attack.mitre.org/groups/G0015) is a threat group that has operated since at least 2009 and has primarily targeted the Taiwanese government. (Citation: TrendMicro Taidoor)",
|
||
"meta": {
|
||
"external_id": "G0015",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0015",
|
||
"http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf"
|
||
],
|
||
"synonyms": [
|
||
"Taidoor"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "59140a2e-d117-4206-9b2c-2a8662bd9d46",
|
||
"value": "Taidoor - G0015"
|
||
},
|
||
{
|
||
"description": "[FIN8](https://attack.mitre.org/groups/G0061) is a financially motivated threat group known to launch tailored spearphishing campaigns targeting the retail, restaurant, and hospitality industries. (Citation: FireEye Obfuscation June 2017) (Citation: FireEye Fin8 May 2016)",
|
||
"meta": {
|
||
"external_id": "G0061",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0061",
|
||
"https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html",
|
||
"https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html"
|
||
],
|
||
"synonyms": [
|
||
"FIN8"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "a78ae9fe-71cd-4563-9213-7b6260bd9a73",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "5c6ed2dc-37f4-40ea-b2e1-4c76140a388c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "38952eac-cb1b-4a71-bad2-ee8223a1c8fe",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c4de7d83-e875-4c88-8b5d-06c41e5b7e79",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "241814ae-de3f-4656-b49e-f9a80764d4b7",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "fd19bd82-1b14-49a1-a176-6cdc46b8a826",
|
||
"value": "FIN8 - G0061"
|
||
},
|
||
{
|
||
"description": "[DragonOK](https://attack.mitre.org/groups/G0017) is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, [DragonOK](https://attack.mitre.org/groups/G0017) is thought to have a direct or indirect relationship with the threat group [Moafee](https://attack.mitre.org/groups/G0002). (Citation: Operation Quantum Entanglement) It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT. (Citation: New DragonOK)",
|
||
"meta": {
|
||
"external_id": "G0017",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0017",
|
||
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf",
|
||
"http://researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/"
|
||
],
|
||
"synonyms": [
|
||
"DragonOK"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "a9b44750-992c-4743-8922-129880d277ea",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a",
|
||
"value": "DragonOK - G0017"
|
||
},
|
||
{
|
||
"description": "[Orangeworm](https://attack.mitre.org/groups/G0071) is a group that has targeted organizations in the healthcare sector in the United States, Europe, and Asia since at least 2015, likely for the purpose of corporate espionage. (Citation: Symantec Orangeworm April 2018)",
|
||
"meta": {
|
||
"external_id": "G0071",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0071",
|
||
"https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia"
|
||
],
|
||
"synonyms": [
|
||
"Orangeworm"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "c2417bab-3189-4d4d-9d60-96de2cdaf0ab",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "30489451-5886-4c46-90c9-0dff9adc5252",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c11ac61d-50f4-444f-85d8-6f006067f0de",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "5636b7b3-d99b-4edd-aa05-ee649c1d4ef1",
|
||
"value": "Orangeworm - G0071"
|
||
},
|
||
{
|
||
"description": "[Naikon](https://attack.mitre.org/groups/G0019) is a threat group that has focused on targets around the South China Sea. (Citation: Baumgartner Naikon 2015) The group has been attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020). (Citation: CameraShy) While [Naikon](https://attack.mitre.org/groups/G0019) shares some characteristics with [APT30](https://attack.mitre.org/groups/G0013), the two groups do not appear to be exact matches. (Citation: Baumgartner Golovkin Naikon 2015)",
|
||
"meta": {
|
||
"external_id": "G0019",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0019",
|
||
"https://securelist.com/files/2015/05/TheNaikonAPT-MsnMM1.pdf",
|
||
"http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf",
|
||
"https://securelist.com/the-naikon-apt/69953/"
|
||
],
|
||
"synonyms": [
|
||
"Naikon"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c553311-0baa-4146-997a-f79acef3d831",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7f8730af-f683-423f-9ee1-5f6875a80481",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "007b44b6-e4c5-480b-b5b9-56f2081b1b7b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "241814ae-de3f-4656-b49e-f9a80764d4b7",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "22addc7b-b39f-483d-979a-1b35147da5de",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050",
|
||
"value": "Naikon - G0019"
|
||
},
|
||
{
|
||
"description": "[APT3](https://attack.mitre.org/groups/G0022) is a China-based threat group that researchers have attributed to China's Ministry of State Security. (Citation: FireEye Clandestine Wolf) (Citation: Recorded Future APT3 May 2017) This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap. (Citation: FireEye Clandestine Wolf) (Citation: FireEye Operation Double Tap) As of June 2015, the group appears to have shifted from targeting primarily US victims to primarily political organizations in Hong Kong. (Citation: Symantec Buckeye)\n\nAPT3 Adversary Emulation Plan - (Citation: APT3 Adversary Emulation Plan)",
|
||
"meta": {
|
||
"external_id": "G0022",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0022",
|
||
"https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html",
|
||
"https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html",
|
||
"http://pwc.blogs.com/cyber_security_updates/2015/07/pirpi-scanbox.html",
|
||
"http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong",
|
||
"https://www.recordedfuture.com/chinese-mss-behind-apt3/",
|
||
"https://attack.mitre.org/docs/APT3_Adversary_Emulation_Plan.pdf"
|
||
],
|
||
"synonyms": [
|
||
"APT3",
|
||
"Gothic Panda",
|
||
"Pirpi",
|
||
"UPS Team",
|
||
"Buckeye",
|
||
"Threat Group-0110",
|
||
"TG-0110"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "d144c83e-2302-4947-9e24-856fbf7949ae",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "62b8c999-dcc0-4755-bd69-09442d9359f5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9b99b83a-1aac-4e29-b975-b374950551a3",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "00d0b012-8a03-410e-95de-5826bf542de6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a6525aec-acc4-47fe-92f9-b9b4de4b9228",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4e6b9625-bbda-4d96-a652-b3bb45453f26",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "58adaaa8-f1e8-4606-9a08-422e568461eb",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "478aa214-2ca7-4ec0-9978-18798e514790",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aabc5ec-eae6-422c-8311-38d45ee9838a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c9703cd3-141c-43a0-a926-380082be5d04",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b2001907-166b-4d71-bb3c-9d26c871de09",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ba8e391f-14b5-496f-81f2-2d5ecd646c1c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ffe742ed-9100-4686-9e00-c331da544787",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6ff403bc-93e3-48be-8687-e102fdba8c88",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f6d1d2cb-12f5-4221-9636-44606ea1f3f8",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "0bbdf25b-30ff-4894-a1cd-49260d0dd2d9",
|
||
"value": "APT3 - G0022"
|
||
},
|
||
{
|
||
"description": "[TA459](https://attack.mitre.org/groups/G0062) is a threat group believed to operate out of China that has targeted countries including Russia, Belarus, Mongolia, and others. (Citation: Proofpoint TA459 April 2017)",
|
||
"meta": {
|
||
"external_id": "G0062",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0062",
|
||
"https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts"
|
||
],
|
||
"synonyms": [
|
||
"TA459"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "c6472ae1-c6ad-4cf1-8d6e-8c94b94fe314",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "cafd0bf8-2b9c-46c7-ae3c-3e0f42c5062e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4ab44516-ad75-4e43-a280-705dc0420e2f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "62a64fd3-aaf7-4d09-a375-d6f8bb118481",
|
||
"value": "TA459 - G0062"
|
||
},
|
||
{
|
||
"meta": {
|
||
"external_id": "G0042",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0042"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "18d473a5-831b-47a5-97a1-a32156299825",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "revoked-by"
|
||
}
|
||
],
|
||
"uuid": "9559ecaf-2e75-48a7-aee8-9974020bc772",
|
||
"value": "MONSOON - G0042"
|
||
},
|
||
{
|
||
"description": "[CopyKittens](https://attack.mitre.org/groups/G0052) is an Iranian cyber espionage group that has been operating since at least 2013. It has targeted countries including Israel, Saudi Arabia, Turkey, the U.S., Jordan, and Germany. The group is responsible for the campaign known as Operation Wilted Tulip. (Citation: ClearSky CopyKittens March 2017) (Citation: ClearSky Wilted Tulip July 2017) (Citation: CopyKittens Nov 2015)",
|
||
"meta": {
|
||
"external_id": "G0052",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0052",
|
||
"http://www.clearskysec.com/copykitten-jpost/",
|
||
"http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf",
|
||
"https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf"
|
||
],
|
||
"synonyms": [
|
||
"CopyKittens"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "8cca9a1d-66e4-4bc4-ad49-95f759f4c1ae",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "62b8c999-dcc0-4755-bd69-09442d9359f5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d54416bd-0803-41ca-870a-ce1af7c05638",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0b32ec39-ba61-4864-9ebe-b4b0b73caf9a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "dcd81c6e-ebf7-4a16-93e0-9a97fa49c88a",
|
||
"value": "CopyKittens - G0052"
|
||
},
|
||
{
|
||
"description": "[Honeybee](https://attack.mitre.org/groups/G0072) is a campaign led by an unknown actor that targets humanitarian aid organizations and has been active in Vietnam, Singapore, Argentina, Japans, Indonesia, and Canada. It has been an active operation since August of 2017 and as recently as February 2018. (Citation: McAfee Honeybee)",
|
||
"meta": {
|
||
"external_id": "G0072",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0072",
|
||
"https://securingtomorrow.mcafee.com/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/"
|
||
],
|
||
"synonyms": [
|
||
"Honeybee"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4bf5845d-a814-4490-bc5c-ccdee6043025",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "62dfd1ca-52d5-483c-a84b-d6e80bf94b7b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d54416bd-0803-41ca-870a-ce1af7c05638",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ca1a3f50-5ebd-41f8-8320-2c7d6a6e88be",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f44731de-ea9f-406d-9b83-30ecbb9b4392",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "ebb73863-fa44-4617-b4cb-b9ed3414eb87",
|
||
"value": "Honeybee - G0072"
|
||
},
|
||
{
|
||
"description": "[APT33](https://attack.mitre.org/groups/G0064) is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors. (Citation: FireEye APT33 Sept 2017) (Citation: FireEye APT33 Webinar Sept 2017)",
|
||
"meta": {
|
||
"external_id": "G0064",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0064",
|
||
"https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html",
|
||
"https://www.brighttalk.com/webcast/10703/275683"
|
||
],
|
||
"synonyms": [
|
||
"APT33"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "4f69ec6d-cb6b-42af-b8e2-920a2aa4be10",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "accd848b-b8f4-46ba-a408-9063b35cfbf2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2a70812b-f1ef-44db-8578-a496a227aef2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "fbd29c89-18ba-4c2d-b792-51c0adee049f",
|
||
"value": "APT33 - G0064"
|
||
},
|
||
{
|
||
"description": "APT34 is an Iranian cyber espionage group that has been active since at least 2014. The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. FireEye assesses that the group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests. APT34 loosely aligns with public reporting related to OilRig, but may not wholly align due to companies tracking threat groups in different ways. (Citation: FireEye APT34 Dec 2017)",
|
||
"meta": {
|
||
"external_id": "G0057",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0057"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "73a521f6-3bc7-11e8-9e30-df7c90e50dda",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4ca1929c-7d64-4aab-b849-badbfc0c760d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "revoked-by"
|
||
}
|
||
],
|
||
"uuid": "68ba94ab-78b8-43e7-83e2-aed3466882c6",
|
||
"value": "APT34 - G0057"
|
||
},
|
||
{
|
||
"description": "[Group5](https://attack.mitre.org/groups/G0043) is a threat group with a suspected Iranian nexus, though this attribution is not definite. The group has targeted individuals connected to the Syrian opposition via spearphishing and watering holes, normally using Syrian and Iranian themes. [Group5](https://attack.mitre.org/groups/G0043) has used two commonly available remote access tools (RATs), njRAT and NanoCore, as well as an Android RAT, DroidJack. (Citation: Citizen Lab Group5)",
|
||
"meta": {
|
||
"external_id": "G0043",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0043",
|
||
"https://citizenlab.org/2016/08/group5-syria/"
|
||
],
|
||
"synonyms": [
|
||
"Group5"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c848fcf7-6b62-4bde-8216-b6c157d48da0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6ff403bc-93e3-48be-8687-e102fdba8c88",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "7331c66a-5601-4d3f-acf6-ad9e3035eb40",
|
||
"value": "Group5 - G0043"
|
||
},
|
||
{
|
||
"description": "[FIN5](https://attack.mitre.org/groups/G0053) is a financially motivated threat group that has targeted personally identifiable information and payment card information. The group has been active since at least 2008 and has targeted the restaurant, gaming, and hotel industries. The group is made up of actors who likely speak Russian. (Citation: FireEye Respond Webinar July 2017) (Citation: Mandiant FIN5 GrrCON Oct 2016) (Citation: DarkReading FireEye FIN5 Oct 2015)",
|
||
"meta": {
|
||
"external_id": "G0053",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0053",
|
||
"https://www2.fireeye.com/WBNR-Are-you-ready-to-respond.html",
|
||
"https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?",
|
||
"https://www.youtube.com/watch?v=fevGZs0EQu8"
|
||
],
|
||
"synonyms": [
|
||
"FIN5"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "0e18b800-906c-4e44-a143-b11c72b3448b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aabc5ec-eae6-422c-8311-38d45ee9838a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9752aef4-a1f3-4328-929f-b64eb0536090",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "85403903-15e0-4f9f-9be4-a259ecad4022",
|
||
"value": "FIN5 - G0053"
|
||
},
|
||
{
|
||
"description": "[Dragonfly](https://attack.mitre.org/groups/G0035) is a cyber espionage group that has been active since at least 2011. They initially targeted defense and aviation companies but shifted to focus on the energy sector in early 2013. They have also targeted companies related to industrial control systems. (Citation: Symantec Dragonfly)\n\nA similar group emerged in 2015 and was identified by Symantec as [Dragonfly 2.0](https://attack.mitre.org/groups/G0074). There is debate over the extent of the overlap between [Dragonfly](https://attack.mitre.org/groups/G0035) and [Dragonfly 2.0](https://attack.mitre.org/groups/G0074), but there is sufficient evidence to lead to these being tracked as two separate groups. (Citation: Symantec Dragonfly Sept 2017) (Citation: Fortune Dragonfly 2.0 Sept 2017)",
|
||
"meta": {
|
||
"external_id": "G0035",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0035",
|
||
"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf",
|
||
"https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group",
|
||
"http://fortune.com/2017/09/06/hack-energy-grid-symantec/"
|
||
],
|
||
"synonyms": [
|
||
"Dragonfly",
|
||
"Energetic Bear"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "64d6559c-6d5c-4585-bbf9-c17868f763ee",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "82cb34ba-02b5-432b-b2d2-07f55cbf674d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "083bb47b-02c8-4423-81a2-f9ef58572974",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1",
|
||
"value": "Dragonfly - G0035"
|
||
},
|
||
{
|
||
"description": "[APT37](https://attack.mitre.org/groups/G0067) is a suspected North Korean cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East. [APT37](https://attack.mitre.org/groups/G0067) has also been linked to following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, Northern Korean Human Rights, and Evil New Year 2018. (Citation: FireEye APT37 Feb 2018) (Citation: Securelist ScarCruft Jun 2016) (Citation: Talos Group123)",
|
||
"meta": {
|
||
"external_id": "G0067",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0067",
|
||
"https://securelist.com/operation-daybreak/75100/",
|
||
"https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf",
|
||
"https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html"
|
||
],
|
||
"synonyms": [
|
||
"ScarCruft",
|
||
"APT37",
|
||
"Reaper",
|
||
"Group123",
|
||
"TEMP.Reaper"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bb446dc2-4fee-4212-8b2c-3ffa2917e338",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "50cd027f-df14-40b2-aa22-bf5de5061163",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0852567d-7958-4f4b-8947-4f840ec8d57d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "414dc555-c79e-4b24-a2da-9b607f7eaf16",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "211cfe9f-2676-4e1c-a5f5-2c8091da2a68",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "49abab73-3c5c-476e-afd5-69b5c732d845",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "53d47b09-09c2-4015-8d37-6633ecd53f79",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "53a42597-1974-4b8e-84fd-3675e8992053",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4189a679-72ed-4a89-a57c-7f689712ecf8",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "4a2ce82e-1a74-468a-a6fb-bbead541383c",
|
||
"value": "APT37 - G0067"
|
||
},
|
||
{
|
||
"description": "[FIN6](https://attack.mitre.org/groups/G0037) is a cyber crime group that has stolen payment card data and sold it for profit on underground marketplaces. This group has aggressively targeted and compromised point of sale (PoS) systems in the hospitality and retail sectors. (Citation: FireEye FIN6 April 2016)",
|
||
"meta": {
|
||
"external_id": "G0037",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0037",
|
||
"https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf"
|
||
],
|
||
"synonyms": [
|
||
"FIN6"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "647894f6-1723-4cba-aba4-0ef0966d5302",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d54416bd-0803-41ca-870a-ce1af7c05638",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "2a7914cf-dff3-428d-ab0f-1014d1c28aeb",
|
||
"value": "FIN6 - G0037"
|
||
},
|
||
{
|
||
"description": "[GCMAN](https://attack.mitre.org/groups/G0036) is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. (Citation: Securelist GCMAN)",
|
||
"meta": {
|
||
"external_id": "G0036",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0036",
|
||
"https://securelist.com/apt-style-bank-robberies-increase-with-metel-gcman-and-carbanak-2-0-attacks/73638/"
|
||
],
|
||
"synonyms": [
|
||
"GCMAN"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "d93889de-b4bc-4a29-9ce7-d67717c140a0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "0ea72cd5-ca30-46ba-bc04-378f701c658f",
|
||
"value": "GCMAN - G0036"
|
||
},
|
||
{
|
||
"description": "[BlackOasis](https://attack.mitre.org/groups/G0063) is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group has shown interest in prominent figures in the United Nations, as well as opposition bloggers, activists, regional news correspondents, and think tanks. (Citation: Securelist BlackOasis Oct 2017) (Citation: Securelist APT Trends Q2 2017) A group known by Microsoft as [NEODYMIUM](https://attack.mitre.org/groups/G0055) is reportedly associated closely with [BlackOasis](https://attack.mitre.org/groups/G0063) operations, but evidence that the group names are aliases has not been identified. (Citation: CyberScoop BlackOasis Oct 2017)",
|
||
"meta": {
|
||
"external_id": "G0063",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0063",
|
||
"https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/",
|
||
"https://securelist.com/apt-trends-report-q2-2017/79332/",
|
||
"https://www.cyberscoop.com/middle-eastern-hacking-group-using-finfisher-malware-conduct-international-espionage/"
|
||
],
|
||
"synonyms": [
|
||
"BlackOasis"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "da49b9f1-ca99-443f-9728-0a074db66850",
|
||
"value": "BlackOasis - G0063"
|
||
},
|
||
{
|
||
"description": "[Suckfly](https://attack.mitre.org/groups/G0039) is a China-based threat group that has been active since at least 2014. (Citation: Symantec Suckfly March 2016)",
|
||
"meta": {
|
||
"external_id": "G0039",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0039",
|
||
"http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates",
|
||
"http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks"
|
||
],
|
||
"synonyms": [
|
||
"Suckfly"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "5abb12e7-5066-4f84-a109-49a037205c76",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9e9b9415-a7df-406b-b14d-92bfe6809fbe",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "5cbe0d3b-6fb1-471f-b591-4b192915116d",
|
||
"value": "Suckfly - G0039"
|
||
},
|
||
{
|
||
"description": "[menuPass](https://attack.mitre.org/groups/G0045) is a threat group that appears to originate from China and has been active since approximately 2009. The group has targeted healthcare, defense, aerospace, and government sectors, and has targeted Japanese victims since at least 2014. In 2016 and 2017, the group targeted managed IT service providers, manufacturing and mining companies, and a university. (Citation: Palo Alto menuPass Feb 2017) (Citation: Crowdstrike CrowdCast Oct 2013) (Citation: FireEye Poison Ivy) (Citation: PWC Cloud Hopper April 2017) (Citation: FireEye APT10 April 2017)",
|
||
"meta": {
|
||
"external_id": "G0045",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0045",
|
||
"http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/",
|
||
"https://www.slideshare.net/CrowdStrike/crowd-casts-monthly-you-have-an-adversary-problem",
|
||
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf",
|
||
"https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf",
|
||
"https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html",
|
||
"https://www.accenture.com/t20180423T055005Z_w_/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf"
|
||
],
|
||
"synonyms": [
|
||
"menuPass",
|
||
"Stone Panda",
|
||
"APT10",
|
||
"Red Apollo",
|
||
"CVNX",
|
||
"HOGFISH"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "56b37b05-72e7-4a89-ba8a-61ce45269a8c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "46944654-fcc1-4f63-9dad-628102376586",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1c338d0f-a65e-4073-a5c1-c06878849f21",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "fb4e3792-e915-4fdd-a9cd-92dfa2ace7aa",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2f1a9fd0-3b7c-4d77-a358-78db13adbe78",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "17b40f60-729f-4fe8-8aea-cc9ee44a95d5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3240cbe4-c550-443b-aa76-cc2a7058b870",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b2001907-166b-4d71-bb3c-9d26c871de09",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "dc5d1a33-62aa-4a0c-aa8c-589b87beb11e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f",
|
||
"value": "menuPass - G0045"
|
||
},
|
||
{
|
||
"description": "[Sowbug](https://attack.mitre.org/groups/G0054) is a threat group that has conducted targeted attacks against organizations in South America and Southeast Asia, particularly government entities, since at least 2015. (Citation: Symantec Sowbug Nov 2017)",
|
||
"meta": {
|
||
"external_id": "G0054",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0054",
|
||
"https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments"
|
||
],
|
||
"synonyms": [
|
||
"Sowbug"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "1ca3b039-404e-4132-88c2-4e41235cd2f5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9f5dbe2-4c55-4fc5-af2e-d42c1d182ec4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "196f1f32-e0c2-4d46-99cd-234d4b6befe1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "96566860-9f11-4b6f-964d-1c924e4f24a4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "d1acfbb3-647b-4723-9154-800ec119006e",
|
||
"value": "Sowbug - G0054"
|
||
},
|
||
{
|
||
"description": "[FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has primarily targeted the U.S. retail, restaurant, and hospitality sectors since mid-2015. They often use point-of-sale malware. A portion of [FIN7](https://attack.mitre.org/groups/G0046) was run out of a front company called Combi Security. [FIN7](https://attack.mitre.org/groups/G0046) is sometimes referred to as [Carbanak](https://attack.mitre.org/groups/G0008) Group, but these appear to be two groups using the same [Carbanak](https://attack.mitre.org/software/S0030) malware and are therefore tracked separately. (Citation: FireEye FIN7 March 2017) (Citation: FireEye FIN7 April 2017) (Citation: FireEye CARBANAK June 2017) (Citation: FireEye FIN7 Aug 2018)",
|
||
"meta": {
|
||
"external_id": "G0046",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0046",
|
||
"https://www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html",
|
||
"https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html",
|
||
"http://blog.morphisec.com/fin7-attacks-restaurant-industry",
|
||
"https://www.fireeye.com/blog/threat-research/2017/05/fin7-shim-databases-persistence.html",
|
||
"https://www.fireeye.com/blog/threat-research/2017/06/behind-the-carbanak-backdoor.html",
|
||
"https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
|
||
],
|
||
"synonyms": [
|
||
"FIN7"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "970cdb5c-02fb-4c38-b17e-d6327cf3c810",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0ced8926-914e-4c78-bc93-356fb90dbd1f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7c93aa74-4bc0-4a9e-90ea-f25f86301566",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a127c32c-cbb0-4f9d-be07-881a792408ec",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "edbe24e9-aec4-4994-ac75-6a6bc7f1ddd0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "478aa214-2ca7-4ec0-9978-18798e514790",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc",
|
||
"value": "FIN7 - G0046"
|
||
},
|
||
{
|
||
"description": "[RTM](https://attack.mitre.org/groups/G0048) is a cybercriminal group that has been active since at least 2015 and is primarily interested in users of remote banking systems in Russia and neighboring countries. The group uses a Trojan by the same name ([RTM](https://attack.mitre.org/software/S0148)). (Citation: ESET RTM Feb 2017)",
|
||
"meta": {
|
||
"external_id": "G0048",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0048",
|
||
"https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf"
|
||
],
|
||
"synonyms": [
|
||
"RTM"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "c416b28c-103b-4df1-909e-78089a7e0e5f",
|
||
"value": "RTM - G0048"
|
||
},
|
||
{
|
||
"description": "[OilRig](https://attack.mitre.org/groups/G0049) is a threat group with suspected Iranian origins that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. It appears the group carries out supply chain attacks, leveraging the trust relationship between organizations to attack their primary targets. FireEye assesses that the group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests. (Citation: Palo Alto OilRig April 2017) (Citation: ClearSky OilRig Jan 2017) (Citation: Palo Alto OilRig May 2016) (Citation: Palo Alto OilRig Oct 2016) (Citation: Unit 42 Playbook Dec 2017) (Citation: FireEye APT34 Dec 2017) This group was previously tracked under two distinct groups, APT34 and OilRig, but was combined due to additional reporting giving higher confidence about the overlap of the activity.",
|
||
"meta": {
|
||
"external_id": "G0049",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0049",
|
||
"http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/",
|
||
"http://www.clearskysec.com/oilrig/",
|
||
"http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/",
|
||
"http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/",
|
||
"https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html",
|
||
"https://researchcenter.paloaltonetworks.com/2018/07/unit42-oilrig-targets-technology-service-provider-government-agency-quadagent/",
|
||
"https://pan-unit42.github.io/playbook_viewer/"
|
||
],
|
||
"synonyms": [
|
||
"OilRig",
|
||
"Helix Kitten",
|
||
"APT34"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "00d0b012-8a03-410e-95de-5826bf542de6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aabc5ec-eae6-422c-8311-38d45ee9838a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b9eec47e-98f4-4b3c-b574-3fa8a87ebe05",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c16e5409-ee53-4d79-afdc-4099dc9292df",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d21a2069-23d5-4043-ad6d-64f6b644cb1a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "eff1a885-6f90-42a1-901f-eef6e7a1905e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8e101fdd-9f7f-4916-bb04-6bd9e94c129c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0998045d-f96e-4284-95ce-3c8219707486",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "56fca983-1cf1-4fd1-bda0-5e170a37ab59",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "51dea151-0898-4a45-967c-3ebee0420484",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "5be33fef-39c0-4532-84ee-bea31e1b5324",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "09b2cd76-c674-47cc-9f57-d2f2ad150a46",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "4ca1929c-7d64-4aab-b849-badbfc0c760d",
|
||
"value": "OilRig - G0049"
|
||
},
|
||
{
|
||
"description": "[NEODYMIUM](https://attack.mitre.org/groups/G0055) is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called [PROMETHIUM](https://attack.mitre.org/groups/G0056) due to overlapping victim and campaign characteristics. (Citation: Microsoft NEODYMIUM Dec 2016) (Citation: Microsoft SIR Vol 21) [NEODYMIUM](https://attack.mitre.org/groups/G0055) is reportedly associated closely with [BlackOasis](https://attack.mitre.org/groups/G0063) operations, but evidence that the group names are aliases has not been identified. (Citation: CyberScoop BlackOasis Oct 2017)",
|
||
"meta": {
|
||
"external_id": "G0055",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0055",
|
||
"https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/",
|
||
"http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf",
|
||
"https://www.cyberscoop.com/middle-eastern-hacking-group-using-finfisher-malware-conduct-international-espionage/"
|
||
],
|
||
"synonyms": [
|
||
"NEODYMIUM"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "47b5007a-3fb1-466a-9578-629e6e735493",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "ada08ea8-4517-4eea-aff1-3ad69e5466bb",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "a8d3d497-2da9-4797-8e0b-ed176be08654",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "025bdaa9-897d-4bad-afa6-013ba5734653",
|
||
"value": "NEODYMIUM - G0055"
|
||
},
|
||
{
|
||
"description": "[PROMETHIUM](https://attack.mitre.org/groups/G0056) is an activity group that has been active since at least 2012. The group conducted a campaign in May 2016 and has heavily targeted Turkish victims. [PROMETHIUM](https://attack.mitre.org/groups/G0056) has demonstrated similarity to another activity group called [NEODYMIUM](https://attack.mitre.org/groups/G0055) due to overlapping victim and campaign characteristics. (Citation: Microsoft NEODYMIUM Dec 2016) (Citation: Microsoft SIR Vol 21)",
|
||
"meta": {
|
||
"external_id": "G0056",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0056",
|
||
"https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/",
|
||
"http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf"
|
||
],
|
||
"synonyms": [
|
||
"PROMETHIUM"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "5744f91a-d2d8-4f92-920f-943dd80c578f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "43894e2a-174e-4931-94a8-2296afe8f650",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "691c60e2-273d-4d56-9ce6-b67e0f8719ad",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "efed95ba-d7e8-47ff-8c53-99c42426ee7c",
|
||
"value": "PROMETHIUM - G0056"
|
||
},
|
||
{
|
||
"description": "[Leviathan](https://attack.mitre.org/groups/G0065) is a cyber espionage group that has been active since at least 2013. The group generally targets defense and government organizations, but has also targeted a range of industries including engineering firms, shipping and transportation, manufacturing, defense, government offices, and research universities in the United States, Western Europe, and along the South China Sea. (Citation: Proofpoint Leviathan Oct 2017) (Citation: FireEye Periscope March 2018)",
|
||
"meta": {
|
||
"external_id": "G0065",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0065",
|
||
"https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets",
|
||
"https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html"
|
||
],
|
||
"synonyms": [
|
||
"Leviathan",
|
||
"TEMP.Periscope"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "5b4b6980-3bc7-11e8-84d6-879aaac37dd9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "e906ae4d-1d3a-4675-be23-22f7311c0da4",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "519630c5-f03f-4882-825c-3af924935817",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "94379dec-5c87-49db-b36e-66abc0b81344",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "64764dc6-a032-495f-8250-1e4c06bdc163",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "970cdb5c-02fb-4c38-b17e-d6327cf3c810",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7451bcf9-e6e6-4a70-bc3d-1599173d0035",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "705f0783-5f7d-4491-b6b7-9628e6e006d2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "68f7e3a1-f09f-4164-9a62-16b648a0dd5a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1b84d551-6de8-4b96-9930-d177677c3b1d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "049ff071-0b3c-4712-95d2-d21c6aa54501",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "06d735e7-1db1-4dbe-ab4b-acbe419f902b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "7113eaa5-ba79-4fb3-b68a-398ee9cd698e",
|
||
"value": "Leviathan - G0065"
|
||
},
|
||
{
|
||
"description": "[Rancor](https://attack.mitre.org/groups/G0075) is a threat group that has led targeted campaigns against the South East Asia region. [Rancor](https://attack.mitre.org/groups/G0075) uses politically-motivated lures to entice victims to open malicious documents. (Citation: Rancor Unit42 June 2018)",
|
||
"meta": {
|
||
"external_id": "G0075",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0075",
|
||
"https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/"
|
||
],
|
||
"synonyms": [
|
||
"Rancor"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d186c1d6-e3ac-4c3d-a534-9ddfeb8c57bb",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "f40eb8ce-2a74-4e56-89a1-227021410142",
|
||
"value": "Rancor - G0075"
|
||
},
|
||
{
|
||
"description": "[Elderwood](https://attack.mitre.org/groups/G0066) is a suspected Chinese cyber espionage group that was reportedly responsible for the 2009 Google intrusion known as Operation Aurora. (Citation: Security Affairs Elderwood Sept 2012) The group has targeted defense organizations, supply chain manufacturers, human rights and nongovernmental organizations (NGOs), and IT service providers. (Citation: Symantec Elderwood Sept 2012) (Citation: CSM Elderwood Sept 2012)",
|
||
"meta": {
|
||
"external_id": "G0066",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0066",
|
||
"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf",
|
||
"https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China",
|
||
"http://securityaffairs.co/wordpress/8528/hacking/elderwood-project-who-is-behind-op-aurora-and-ongoing-attacks.html"
|
||
],
|
||
"synonyms": [
|
||
"Elderwood",
|
||
"Elderwood Gang",
|
||
"Beijing Group",
|
||
"Sneaky Panda"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "da754aeb-a86d-4874-b388-d1d2028a56be",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "20138b9d-1aac-4a26-8654-a36b6bbf2bba",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4d8a2d6-c684-453a-8a14-cf4a94f755c5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6ff403bc-93e3-48be-8687-e102fdba8c88",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "73a4793a-ce55-4159-b2a6-208ef29b326f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e811ff6a-4cef-4856-a6ae-a7daf9ed39ae",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3f18edba-28f4-4bb9-82c3-8aa60dcac5f7",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "48523614-309e-43bf-a2b8-705c2b45d7b2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e9e9bfe2-76f4-4870-a2a1-b7af89808613",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "79499993-a8d6-45eb-b343-bf58dea5bdde",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c251e4a5-9a2e-4166-8e42-442af75c3b9a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "039814a0-88de-46c5-a4fb-b293db21880a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b42378e0-f147-496f-992a-26a49705395b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "03506554-5f37-4f8f-9ce4-0e9f01a1b484",
|
||
"value": "Elderwood - G0066"
|
||
},
|
||
{
|
||
"description": "[Thrip](https://attack.mitre.org/groups/G0076) is an espionage group that has targeted satellite communications, telecoms, and defense contractor companies in the U.S. and Southeast Asia. The group uses custom malware as well as \"living off the land\" techniques. (Citation: Symantec Thrip June 2018)",
|
||
"meta": {
|
||
"external_id": "G0076",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0076",
|
||
"https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets"
|
||
],
|
||
"synonyms": [
|
||
"Thrip"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8d9e758b-735f-4cbc-ba7c-32cd15138b2a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "d69e568e-9ac8-4c08-b32c-d93b43ba9172",
|
||
"value": "Thrip - G0076"
|
||
},
|
||
{
|
||
"description": "[PLATINUM](https://attack.mitre.org/groups/G0068) is an activity group that has targeted victims since at least 2009. The group has focused on targets associated with governments and related organizations in South and Southeast Asia. (Citation: Microsoft PLATINUM April 2016)",
|
||
"meta": {
|
||
"external_id": "G0068",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0068",
|
||
"https://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf"
|
||
],
|
||
"synonyms": [
|
||
"PLATINUM"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "154e97b5-47ef-415a-99a6-2157f1b50339",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "1fc5671f-5757-43bf-8d6d-a9a93b03713a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "de6cb631-52f6-4169-a73b-7965390b0c30",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0f1ad2ef-41d4-4b7a-9304-ddae68ea3005",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "66f73398-8394-4711-85e5-34c8540b22a5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e170995d-4f61-4f17-b60e-04f9a06ee517",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "f9c06633-dcff-48a1-8588-759e7cec5694",
|
||
"value": "PLATINUM - G0068"
|
||
},
|
||
{
|
||
"description": "[MuddyWater](https://attack.mitre.org/groups/G0069) is an Iranian threat group that has primarily targeted Middle Eastern nations. Activity from this group was previously linked to [FIN7](https://attack.mitre.org/groups/G0046), but is believed to be a distinct group motivated by espionage. (Citation: Unit 42 MuddyWater Nov 2017)",
|
||
"meta": {
|
||
"external_id": "G0069",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0069",
|
||
"https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/",
|
||
"https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html"
|
||
],
|
||
"synonyms": [
|
||
"MuddyWater",
|
||
"TEMP.Zagros"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "a29af069-03c3-4534-b78b-7d1a77ea085b",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"likely\""
|
||
],
|
||
"type": "similar"
|
||
},
|
||
{
|
||
"dest-uuid": "a127c32c-cbb0-4f9d-be07-881a792408ec",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7d6f590f-544b-45b4-9a42-e0805f342af3",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "9422fc14-1c43-410d-ab0f-a709b76c72dc",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e8545794-b98c-492b-a5b3-4b5a02682e37",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "269e8108-68c6-4f99-b911-14b2e765dec2",
|
||
"value": "MuddyWater - G0069"
|
||
},
|
||
{
|
||
"description": "[Leafminer](https://attack.mitre.org/groups/G0077) is an Iranian threat group that has targeted government organizations and business entities in the Middle East since at least early 2017. (Citation: Symantec Leafminer July 2018)",
|
||
"meta": {
|
||
"external_id": "G0077",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0077",
|
||
"https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east"
|
||
],
|
||
"synonyms": [
|
||
"Leafminer"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7fd87010-3a00-4da3-b905-410525e8ec44",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aabc5ec-eae6-422c-8311-38d45ee9838a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "32bca8ff-d900-4877-aa65-d70baa041b74",
|
||
"value": "Leafminer - G0077"
|
||
},
|
||
{
|
||
"description": "[DarkHydrus](https://attack.mitre.org/groups/G0079) is a threat group that has targeted government agencies and educational institutions in the Middle East since at least 2016. The group heavily leverages open-source tools and custom payloads for carrying out attacks. (Citation: Unit 42 DarkHydrus July 2018) (Citation: Unit 42 Playbook Dec 2017)",
|
||
"meta": {
|
||
"external_id": "G0079",
|
||
"refs": [
|
||
"https://attack.mitre.org/groups/G0079",
|
||
"https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/",
|
||
"https://pan-unit42.github.io/playbook_viewer/"
|
||
],
|
||
"synonyms": [
|
||
"DarkHydrus"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "6aac77c4-eaf2-4366-8c13-ce50ab951f38",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8ec6e3b4-b06d-4805-b6aa-af916acc2122",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
},
|
||
{
|
||
"dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534",
|
||
"tags": [
|
||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
],
|
||
"type": "uses"
|
||
}
|
||
],
|
||
"uuid": "6b9ebeb5-20bf-48b0-afb7-988d769a2f01",
|
||
"value": "DarkHydrus - G0079"
|
||
}
|
||
],
|
||
"version": 13
|
||
}
|