More groups from RU

pull/1/head
Alexandre Dulaunoy 2016-02-28 08:09:44 +01:00
parent 6e62b0ab46
commit 088d105f5d
1 changed files with 42 additions and 2 deletions

View File

@ -1,7 +1,7 @@
{ {
"version" : 1, "version" : 1,
"description": "Known or estimated adversary groups targeting organizations and employees", "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups can be confused with their initial operation or campaign.",
"author": "Various", "authors": ["Alexandre Dulaunoy", "Florian Roth", "Various"],
"type": "APT Groups", "type": "APT Groups",
"groups" : ["Comment Crew","Sofacy"], "groups" : ["Comment Crew","Sofacy"],
"details" : [ "details" : [
@ -18,6 +18,46 @@
"refs": ["https://en.wikipedia.org/wiki/Sofacy_Group"], "refs": ["https://en.wikipedia.org/wiki/Sofacy_Group"],
"country": "RU", "country": "RU",
"synonyms": ["APT 28", "APT28", "Pawn Storm", "Fancy Bear", "Sednit"] "synonyms": ["APT 28", "APT28", "Pawn Storm", "Fancy Bear", "Sednit"]
},
{
"group": "APT 29",
"refs": ["https://labsblog.f-secure.com/2015/09/17/the-dukes-7-years-of-russian-cyber-espionage/"],
"country": "RU",
"synonyms": ["Dukes", "Group 100", "Cozy Duke", "EuroAPT", "CozyBear", "CozyCar", "Cozer", "Office Monkeys"]
},
{
"group": "Turla Group",
"country": "RU",
"synonyms": ["Turla", "Snake", "Venomous Bear", "Group 88"]
},
{
"group": "Energetic Bear",
"country": "RU",
"synonyms": ["Dragonfly", "Crouching Yeti", "Group 24"]
},
{
"group": "Sandworm",
"refs": ["http://www.isightpartners.com/2014/10/cve-2014-4114/"],
"country": "RU",
"synonyms": ["Sandworm Team"]
},
{
"group": "Anunak",
"description": "Groups targeting financial organizations or people with significant financial assets.",
"country": "RU",
"synonyms": ["Carbanak"]
},
{
"group": "TeamSpy Crew",
"refs": ["https://securelist.com/blog/incidents/35520/the-teamspy-crew-attacks-abusing-teamviewer-for-cyberespionage-8/"],
"country": "RU",
"synonyms": ["TeamSpy"]
},
{
"group": "BuhTrap",
"refs": ["http://www.welivesecurity.com/2015/11/11/operathion-buhtrap-malware-distributed-via-ammyy-com/"],
"country": "RU",
"synonyms": [""]
} }
] ]
} }