2018-02-21 16:28:11 +01:00
{
2018-05-19 12:57:20 +02:00
"authors" : [
"MITRE"
] ,
2018-10-19 10:23:09 +02:00
"category" : "actor" ,
2018-08-13 17:06:29 +02:00
"description" : "Name of ATT&CK Group" ,
2019-05-06 17:17:16 +02:00
"name" : "Pre Attack - Intrusion Set" ,
2018-08-13 17:06:29 +02:00
"source" : "https://github.com/mitre/cti" ,
"type" : "mitre-pre-attack-intrusion-set" ,
"uuid" : "1fdc8fa2-1708-11e8-99a3-67b4efc13c4f" ,
2018-05-19 12:57:20 +02:00
"values" : [
{
"description" : "APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. (Citation: FireEye EPS Awakens Part 2)" ,
"meta" : {
2018-08-13 17:06:29 +02:00
"external_id" : "G0023" ,
2018-05-19 12:57:20 +02:00
"refs" : [
"https://attack.mitre.org/wiki/Group/G0023" ,
"https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html"
] ,
2018-08-13 17:06:29 +02:00
"synonyms" : [
"APT16"
]
2018-05-19 12:57:20 +02:00
} ,
2018-10-17 08:08:58 +02:00
"related" : [
{
"dest-uuid" : "3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c" ,
"tags" : [
"estimative-language:likelihood-probability=\"almost-certain\""
] ,
"type" : "uses"
}
] ,
2018-08-13 17:06:29 +02:00
"uuid" : "d6e88e18-81e8-4709-82d8-973095da1e70" ,
"value" : "APT16 - G0023"
2018-05-19 12:57:20 +02:00
} ,
{
"description" : "APT28 is a threat group that has been attributed to the Russian government. (Citation: FireEye APT28) (Citation: SecureWorks TG-4127) (Citation: FireEye APT28) January 2017 (Citation: GRIZZLY STEPPE JAR) This group reportedly compromised the Democratic National Committee in April 2016. (Citation: Crowdstrike DNC June 2016)" ,
"meta" : {
2018-08-13 17:06:29 +02:00
"external_id" : "G0007" ,
"refs" : [
"https://attack.mitre.org/wiki/Group/G0007" ,
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/" ,
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf" ,
"https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign"
] ,
2018-05-19 12:57:20 +02:00
"synonyms" : [
"APT28" ,
"Sednit" ,
"Sofacy" ,
"Pawn Storm" ,
"Fancy Bear" ,
"STRONTIUM" ,
"Tsar Team" ,
"Threat Group-4127" ,
"TG-4127"
2018-08-13 17:06:29 +02:00
]
2018-05-19 12:57:20 +02:00
} ,
2018-08-14 09:32:24 +02:00
"related" : [
{
"dest-uuid" : "213cdde9-c11a-4ea9-8ce0-c868e9826fec" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
} ,
{
"dest-uuid" : "5b4ee3ea-eee3-4c8e-8323-85ae32658754" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
2018-10-17 08:08:58 +02:00
} ,
{
"dest-uuid" : "62b8c999-dcc0-4755-bd69-09442d9359f5" ,
"tags" : [
"estimative-language:likelihood-probability=\"almost-certain\""
] ,
"type" : "uses"
2019-03-20 12:37:38 +01:00
} ,
{
"dest-uuid" : "6aac77c4-eaf2-4366-8c13-ce50ab951f38" ,
"tags" : [
"estimative-language:likelihood-probability=\"almost-certain\""
] ,
"type" : "uses"
2018-08-14 09:32:24 +02:00
}
] ,
2018-08-13 17:06:29 +02:00
"uuid" : "bef4c620-0787-42a8-a96d-b7eb6e85917c" ,
"value" : "APT28 - G0007"
2018-05-19 12:57:20 +02:00
} ,
{
"description" : "Cleaver is a threat group that has been attributed to Iranian actors and is responsible for activity tracked as Operation Cleaver. (Citation: Cylance Cleaver) Strong circumstantial evidence suggests Cleaver is linked to Threat Group 2889 (TG-2889). (Citation: Dell Threat Group 2889)" ,
"meta" : {
2018-08-13 17:06:29 +02:00
"external_id" : "G0003" ,
2018-05-19 12:57:20 +02:00
"refs" : [
"https://attack.mitre.org/wiki/Group/G0003" ,
"https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance%20Operation%20Cleaver%20Report.pdf" ,
"http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/"
] ,
2018-08-13 17:06:29 +02:00
"synonyms" : [
"Cleaver" ,
"TG-2889" ,
"Threat Group 2889"
]
2018-05-19 12:57:20 +02:00
} ,
2018-08-14 09:32:24 +02:00
"related" : [
{
"dest-uuid" : "11e17436-6ede-4733-8547-4ce0254ea19e" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
} ,
{
"dest-uuid" : "86724806-7ec9-4a48-a0a7-ecbde3bf4810" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
} ,
{
"dest-uuid" : "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
} ,
{
"dest-uuid" : "d56c99fa-4710-472c-81a6-41b7a84ea4be" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
} ,
{
"dest-uuid" : "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
} ,
2018-10-17 16:59:01 +02:00
{
"dest-uuid" : "b96e02f1-4037-463f-b158-5a964352f8d9" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
} ,
2018-08-14 09:32:24 +02:00
{
"dest-uuid" : "f9d6633a-55e6-4adc-9263-6ae080421a13" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
} ,
{
"dest-uuid" : "ba724df5-9aa0-45ca-8e0e-7101c208ae48" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
} ,
{
"dest-uuid" : "f98bac6b-12fd-4cad-be84-c84666932232" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
} ,
{
"dest-uuid" : "f873db71-3d53-41d5-b141-530675ade27a" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
2018-10-17 08:08:58 +02:00
} ,
{
"dest-uuid" : "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9" ,
"tags" : [
"estimative-language:likelihood-probability=\"almost-certain\""
] ,
"type" : "uses"
2018-08-14 09:32:24 +02:00
}
] ,
2018-08-13 17:06:29 +02:00
"uuid" : "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063" ,
"value" : "Cleaver - G0003"
2018-05-19 12:57:20 +02:00
} ,
{
"description" : "APT12 is a threat group that has been attributed to China. (Citation: Meyers Numbered Panda)" ,
"meta" : {
2018-08-13 17:06:29 +02:00
"external_id" : "G0005" ,
"refs" : [
"https://attack.mitre.org/wiki/Group/G0005" ,
"http://www.crowdstrike.com/blog/whois-numbered-panda/"
] ,
2018-05-19 12:57:20 +02:00
"synonyms" : [
"APT12" ,
"IXESHE" ,
"DynCalc" ,
"Numbered Panda" ,
"DNSCALC"
2018-08-13 17:06:29 +02:00
]
2018-05-19 12:57:20 +02:00
} ,
2018-08-14 09:32:24 +02:00
"related" : [
{
"dest-uuid" : "48146604-6693-4db1-bd94-159744726514" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
2018-10-17 08:08:58 +02:00
} ,
{
"dest-uuid" : "8beac7c2-48d2-4cd9-9b15-6c452f38ac06" ,
"tags" : [
"estimative-language:likelihood-probability=\"almost-certain\""
] ,
"type" : "uses"
2019-03-20 12:37:38 +01:00
} ,
{
"dest-uuid" : "ad4f146f-e3ec-444a-ba71-24bffd7f0f8e" ,
"tags" : [
"estimative-language:likelihood-probability=\"almost-certain\""
] ,
"type" : "uses"
2018-08-14 09:32:24 +02:00
}
] ,
2018-08-13 17:06:29 +02:00
"uuid" : "c47f937f-1022-4f42-8525-e7a4779a14cb" ,
"value" : "APT12 - G0005"
2018-05-19 12:57:20 +02:00
} ,
{
"description" : "APT1 is a Chinese threat group that has been attributed to the 2nd Bureau of the People’ s Liberation Army (PLA) General Staff Department’ s (GSD) 3rd Department, commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398. (Citation: Mandiant APT1)" ,
"meta" : {
2018-08-13 17:06:29 +02:00
"external_id" : "G0006" ,
"refs" : [
"https://attack.mitre.org/wiki/Group/G0006" ,
"https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf"
] ,
2018-05-19 12:57:20 +02:00
"synonyms" : [
"APT1" ,
"Comment Crew" ,
"Comment Group" ,
"Comment Panda"
2018-08-13 17:06:29 +02:00
]
2018-05-19 12:57:20 +02:00
} ,
2018-08-14 09:32:24 +02:00
"related" : [
{
"dest-uuid" : "1cb7e1cc-d695-42b1-92f4-fd0112a3c9be" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
2018-10-17 08:08:58 +02:00
} ,
{
"dest-uuid" : "1608f3e1-598a-42f4-a01a-2e252e81728f" ,
"tags" : [
"estimative-language:likelihood-probability=\"almost-certain\""
] ,
"type" : "uses"
2019-03-20 12:37:38 +01:00
} ,
{
"dest-uuid" : "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22" ,
"tags" : [
"estimative-language:likelihood-probability=\"almost-certain\""
] ,
"type" : "uses"
2019-04-30 19:07:57 +02:00
} ,
{
"dest-uuid" : "72b74d71-8169-42aa-92e0-e7b04b9f5a08" ,
"tags" : [
"estimative-language:likelihood-probability=\"almost-certain\""
] ,
"type" : "uses"
2018-08-14 09:32:24 +02:00
}
] ,
2018-08-13 17:06:29 +02:00
"uuid" : "6a2e693f-24e5-451a-9f88-b36a108e5662" ,
"value" : "APT1 - G0006"
2018-05-19 12:57:20 +02:00
} ,
{
"description" : "Night Dragon is a campaign name for activity involving threat group that has conducted activity originating primarily in China. (Citation: McAfee Night Dragon) The activity from this group is also known as Musical Chairs. (Citation: Arbor Musical Chairs Feb 2018)" ,
"meta" : {
2018-08-13 17:06:29 +02:00
"external_id" : "G0014" ,
2018-05-19 12:57:20 +02:00
"refs" : [
"https://attack.mitre.org/wiki/Group/G0014" ,
"https://securingtomorrow.mcafee.com/wp-content/uploads/2011/02/McAfee%20NightDragon%20wp%20draft%20to%20customersv1-1.pdf" ,
"https://www.arbornetworks.com/blog/asert/musical-chairs-playing-tetris/"
] ,
2018-08-13 17:06:29 +02:00
"synonyms" : [
"Night Dragon" ,
"Musical Chairs"
]
2018-05-19 12:57:20 +02:00
} ,
2018-08-14 09:32:24 +02:00
"related" : [
{
"dest-uuid" : "b3714d59-b61e-4713-903a-9b4f04ae7f3d" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
2018-10-17 08:08:58 +02:00
} ,
{
"dest-uuid" : "88c621a7-aef9-4ae0-94e3-1fc87123eb24" ,
"tags" : [
"estimative-language:likelihood-probability=\"almost-certain\""
] ,
"type" : "uses"
2019-04-30 19:07:57 +02:00
} ,
{
"dest-uuid" : "b17a1a56-e99c-403c-8948-561df0cffe81" ,
"tags" : [
"estimative-language:likelihood-probability=\"almost-certain\""
] ,
"type" : "uses"
2018-08-14 09:32:24 +02:00
}
] ,
2018-08-13 17:06:29 +02:00
"uuid" : "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8" ,
"value" : "Night Dragon - G0014"
2018-05-19 12:57:20 +02:00
} ,
{
"description" : "APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. (Citation: FireEye APT17)" ,
"meta" : {
2018-08-13 17:06:29 +02:00
"external_id" : "G0025" ,
2018-05-19 12:57:20 +02:00
"refs" : [
"https://attack.mitre.org/wiki/Group/G0025" ,
"https://www2.fireeye.com/rs/fireye/images/APT17%20Report.pdf"
] ,
2018-08-13 17:06:29 +02:00
"synonyms" : [
"APT17" ,
"Deputy Dog"
]
2018-05-19 12:57:20 +02:00
} ,
2018-08-14 09:32:24 +02:00
"related" : [
{
"dest-uuid" : "c5947e1c-1cbc-434c-94b8-27c7e3be0fff" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
} ,
{
"dest-uuid" : "24110866-cb22-4c85-a7d2-0413e126694b" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
} ,
{
"dest-uuid" : "99e30d89-9361-4b73-a999-9e5ff9320bcb" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
} ,
{
"dest-uuid" : "a0cb9370-e39b-44d5-9f50-ef78e412b973" ,
"tags" : [
"estimative-language:likelihood-probability=\"likely\""
] ,
"type" : "similar"
2018-10-17 08:08:58 +02:00
} ,
{
"dest-uuid" : "d69c8146-ab35-4d50-8382-6fc80e641d43" ,
"tags" : [
"estimative-language:likelihood-probability=\"almost-certain\""
] ,
"type" : "uses"
2018-08-14 09:32:24 +02:00
}
] ,
2018-08-13 17:06:29 +02:00
"uuid" : "090242d7-73fc-4738-af68-20162f7a5aae" ,
"value" : "APT17 - G0025"
2018-05-19 12:57:20 +02:00
}
2018-08-13 17:06:29 +02:00
] ,
2019-04-30 19:07:57 +02:00
"version" : 8
2019-03-20 12:58:18 +01:00
}