From 431e7a36c1e48cb9ed0aaf793481224b6db47362 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Mon, 17 Jun 2019 16:36:42 +0200 Subject: [PATCH] update threat actor galaxy --- clusters/threat-actor.json | 46 +++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 11 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 8ed9e23..047a49b 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -1097,24 +1097,34 @@ "cfr-type-of-incident": "Espionage", "country": "CN", "refs": [ - "http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/", + "https://unit42.paloaltonetworks.com/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/", "https://www.cfr.org/interactive/cyber-operations/apt-10", "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf", - "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf" + "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf", + "https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html", + "https://www.eweek.com/security/chinese-nation-state-hackers-target-u.s-in-operation-tradesecret", + "https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-cyber-espionage-campaign/", + "https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf", + "https://www.accenture.com/t20180423T055005Z_w_/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf", + "https://www.us-cert.gov/sites/default/files/publications/IR-ALERT-MED-17-093-01C-Intrusions_Affecting_Multiple_Victims_Across_Multiple_Sectors.pdf", + "https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html", + "https://www.fbi.gov/news/stories/chinese-hackers-indicted-122018", + "https://attack.mitre.org/groups/G0045/" ], "synonyms": [ "APT10", "APT 10", "MenuPass", "Menupass Team", + "menuPass", + "menuPass Team", "happyyongzi", "POTASSIUM", "DustStorm", "Red Apollo", "CVNX", "HOGFISH", - "Cloud Hopper", - "Stone Panda" + "Cloud Hopper" ] }, "related": [ @@ -3233,7 +3243,8 @@ "refs": [ "https://citizenlab.org/2016/05/stealth-falcon/", "https://www.cfr.org/interactive/cyber-operations/stealth-falcon", - "https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/" + "https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/", + "https://attack.mitre.org/groups/G0038/" ], "synonyms": [ "FruityArmor" @@ -3518,7 +3529,10 @@ "country": "US", "refs": [ "https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/", - "https://www.cfr.org/interactive/cyber-operations/project-sauron" + "https://www.cfr.org/interactive/cyber-operations/project-sauron", + "https://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets", + "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07190154/The-ProjectSauron-APT_research_KL.pdf", + "https://attack.mitre.org/groups/G0041/" ], "synonyms": [ "Strider", @@ -3648,7 +3662,8 @@ "country": "CN", "refs": [ "http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates", - "http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks" + "http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks", + "https://attack.mitre.org/groups/G0039/" ] }, "related": [ @@ -4640,7 +4655,8 @@ "attribution-confidence": "50", "country": "CN", "refs": [ - "https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts#.WS3IBVFV4no.twitter" + "https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts", + "https://attack.mitre.org/groups/G0062/" ] }, "related": [ @@ -5458,7 +5474,8 @@ "cfr-type-of-incident": "Espionage", "refs": [ "https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments", - "https://www.cfr.org/interactive/cyber-operations/sowbug" + "https://www.cfr.org/interactive/cyber-operations/sowbug", + "https://attack.mitre.org/groups/G0054/" ] }, "related": [ @@ -6811,7 +6828,12 @@ "meta": { "refs": [ "https://www.bleepingcomputer.com/news/security/ta505-group-adopts-new-servhelper-backdoor-and-flawedgrace-rat/", - "https://www.proofpoint.com/sites/default/files/ta505_timeline_final4_0.png" + "https://www.proofpoint.com/sites/default/files/ta505_timeline_final4_0.png", + "https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter", + "https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware", + "https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors'%20Tools_Report.pdf", + "https://threatpost.com/ta505-servhelper-malware/140792/" + "https://blog.yoroi.company/research/the-stealthy-email-stealer-in-the-ta505-arsenal/" ] }, "uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f", @@ -7053,7 +7075,9 @@ "meta": { "refs": [ "https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/", - "https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/" + "https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/", + "https://www.netscout.com/blog/asert/stolen-pencil-campaign-targets-academia", + "https://attack.mitre.org/groups/G0086/" ] }, "uuid": "769aeaa6-d193-4e90-a818-d74c6ff7b845",