MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Update threat-actor.json

pull/690/head
Rony 2022-03-15 13:57:00 +05:30 committed by GitHub
parent b978bb1c86
commit 3b67e745e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
clusters/threat-actor.json
View File

@ -2813,11 +2813,8 @@
],
"synonyms": [
"CARBON SPIDER",
"Carbon Spider",
"GOLD NIAGARA",
"Calcium",
"Carbanak",
"FIN 7"
"Calcium"
]
},
"related": [
@ -2930,9 +2927,7 @@
"https://attack.mitre.org/groups/G0085/"
],
"synonyms": [
"FIN4",
"FIN 4",
"Wolf Spider"
"FIN4"
]
},
"uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57",
@ -3612,9 +3607,6 @@
"country": "CN",
"refs": [
"https://www.proofpoint.com/uk/threat-insight/post/august-in-december-new-information-stealer-hits-the-scene"
],
"synonyms": [
"TA 530"
]
},
"uuid": "4b79d1f6-8333-44b6-ac32-d1ea7e47e77f",
@ -3677,12 +3669,10 @@
],
"synonyms": [
"SKELETON SPIDER",
"Sketelon Spider",
"ITG08",
"MageCart Group 6",
"White Giant",
"GOLD FRANKLIN",
"FIN 6"
"GOLD FRANKLIN"
]
},
"related": [
@ -4605,9 +4595,6 @@
"https://afyonluoglu.org/PublicWebFiles/Reports-TR/2017%20FireEye%20M-Trends%20Report.pdf",
"https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html",
"https://attack.mitre.org/groups/G0061"
],
"synonyms": [
"FIN 8"
]
},
"related": [
@ -4703,9 +4690,6 @@
"refs": [
"https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts",
"https://attack.mitre.org/groups/G0062/"
],
"synonyms": [
"TA 459"
]
},
"related": [
@ -6708,9 +6692,6 @@
"country": "RU",
"refs": [
"https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/"
],
"synonyms": [
"Indrik Spider"
]
},
"uuid": "658314bc-3bb8-48d2-913a-c528607b75c8",
@ -6849,8 +6830,6 @@
"GRACEFUL SPIDER",
"GOLD TAHOE",
"Dudear",
"TA 505",
"Graceful Spider",
"TEMP.Warlock"
]
},
@ -6892,9 +6871,7 @@
"synonyms": [
"TEMP.MixMaster",
"GOLD BLACKBURN",
"Wizard Spider",
"FIN12",
"FIN 12"
"FIN12"
]
},
"uuid": "bdf4fe4f-af8a-495f-a719-cf175cecda1f",
@ -6912,9 +6889,7 @@
],
"synonyms": [
"TA542",
"GOLD CRESTWOOD",
"Mummy Spider",
"TA 542"
"GOLD CRESTWOOD"
]
},
"uuid": "c93281be-f6cd-4cd0-a5a3-defde9d77d8b",
@ -6957,7 +6932,6 @@
],
"synonyms": [
"Silence",
"Silence APT group",
"WHISPER SPIDER"
]
},
@ -6980,7 +6954,6 @@
"https://www.secureworks.com/research/threat-profiles/cobalt-hickman"
],
"synonyms": [
"APT 39",
"Chafer",
"REMIX KITTEN",
"COBALT HICKMAN"
@ -7247,7 +7220,6 @@
"COBALT DICKENS",
"Mabna Institute",
"TA407",
"TA 407"
]
},
"uuid": "5059b44d-2753-4977-b987-4922f09afe6b",
@ -7281,7 +7253,6 @@
"https://twitter.com/bkMSFT/status/1417823714922610689"
],
"synonyms": [
"APT 31",
"ZIRCONIUM",
"JUDGMENT PANDA",
"BRONZE VINEWOOD"
@ -7346,9 +7317,6 @@
"refs": [
"https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?",
"https://attack.mitre.org/groups/G0053/"
],
"synonyms": [
"FIN 5"
]
},
"uuid": "44dc2f9c-8c28-11e9-9b9a-7fdced8cbf70",
@ -7360,9 +7328,6 @@
"country": "RU",
"refs": [
"https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html"
],
"synonyms": [
"FIN 1"
]
},
"uuid": "13289552-596e-4592-9c81-eeb4db6baf3c",
@ -7374,9 +7339,6 @@
"refs": [
"https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin10.pdf",
"https://attack.mitre.org/groups/G0051/"
],
"synonyms": [
"FIN 10"
]
},
"uuid": "f2d02410-8c2c-11e9-8df1-a31c1fb33d79",
@ -7656,8 +7618,7 @@
],
"synonyms": [
"Temp.Hex",
"Vicious Panda",
"TA 428"
"Vicious Panda"
]
},
"uuid": "5533d062-18ab-4c70-9472-0eac03f95a1d",
@ -7777,10 +7738,6 @@
"https://www.proofpoint.com/us/threat-insight/post/lookback-forges-ahead-continued-targeting-united-states-utilities-sector-reveals",
"https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks",
"https://www.proofpoint.com/us/blog/threat-insight/ta410-group-behind-lookback-attacks-against-us-utilities-sector-returns-new"
],
"synonyms": [
"LookBack",
"TA 410"
]
},
"uuid": "5cd95926-0098-435e-892d-9c9f61763ad7",
@ -7826,10 +7783,6 @@
"meta": {
"refs": [
"https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf"
],
"synonyms": [
"Calypso",
"Calypso APT"
]
},
"uuid": "200d04c8-a11f-45c4-86fd-35bb5de3f7a3",
@ -7849,9 +7802,7 @@
"synonyms": [
"Maze Team",
"TWISTED SPIDER",
"GOLD VILLAGE",
"TA 2101",
"Maze"
"GOLD VILLAGE"
]
},
"uuid": "39925aa0-c7bf-4b9b-97d6-7d600329453d",
@ -8090,9 +8041,7 @@
],
"synonyms": [
"GOLD ESSEX",
"TA544",
"TA 544",
"Narwhal Spider"
"TA544"
]
},
"uuid": "fda9cdea-0017-495e-879d-0f348db2aa07",
@ -8285,9 +8234,6 @@
"country": "CN",
"refs": [
"https://www.proofpoint.com/us/blog/threat-insight/chinese-apt-ta413-resumes-targeting-tibet-following-covid-19-themed-economic"
],
"synonyms": [
"TA 413"
]
},
"uuid": "cbf94f8d-20f2-45a0-b78b-54715b6b4e18",
@ -8382,9 +8328,8 @@
],
"synonyms": [
"TEMP.Warlock",
"FIN 11",
"UNC902",
"Graceful Spider"
"GRACEFUL SPIDER"
]
},
"uuid": "c01aadc6-1087-4e8e-8d5c-a27eba409fe3",
@ -8539,7 +8484,6 @@
],
"synonyms": [
"UNC1151",
"TA 445",
"TA445"
]
},
@ -8757,9 +8701,7 @@
],
"synonyms": [
"Shakthak",
"TA551",
"TA 551",
"Lunar Spider"
"TA551"
]
},
"uuid": "36e8c848-4d20-47ea-9fc2-31aa17bf82d1",
@ -8976,9 +8918,6 @@
"country": "RU",
"refs": [
"https://www.mandiant.com/resources/fin13-cybercriminal-mexico"
],
"synonyms": [
"FIN 13"
]
},
"uuid": "60fa684d-c738-4b77-98fb-3f6605e2bb82",
@ -9042,9 +8981,6 @@
"meta": {
"refs": [
"https://www.thaicert.or.th/downloads/files/Threat_Group_Cards_v2.0.pdf"
],
"synonyms": [
"TA 516"
]
},
"uuid": "0466bbf1-a187-4b3d-b558-a31e5ca11ea7",
@ -9055,10 +8991,6 @@
"meta": {
"refs": [
"https://www.thaicert.or.th/downloads/files/Threat_Group_Cards_v2.0.pdf"
],
"synonyms": [
"Scully Spider",
"TA 547"
]
},
"uuid": "29fbc8d4-1e6e-4edc-9887-bdf47f36e4c1",
@ -9092,9 +9024,6 @@
"meta": {
"refs": [
"https://www.proofpoint.com/us/blog/threat-insight/q4-2020-threat-report-quarterly-analysis-cybersecurity-trends-tactics-and-themes"
],
"synonyms": [
"TA 800"
]
},
"uuid": "75fac2e9-8f2c-4620-a1cc-4b8a61c1bb48",