MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Branch out Goblin Panda from Hellsing

pull/749/head
Mathieu Beligon 2022-08-17 11:55:13 -07:00
parent 3f50cf0175
commit 53282255ce
1 changed files with 36 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
clusters/threat-actor.json
View File

@ -1139,15 +1139,7 @@
"country": "CN", "country": "CN",
"refs": [ "refs": [
"https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/", "https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/",
"https://www.cfr.org/interactive/cyber-operations/hellsing", "https://www.cfr.org/interactive/cyber-operations/hellsing"
"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-august-goblin-panda/",
"https://securelist.com/cycldek-bridging-the-air-gap/97157/",
"https://www.fortinet.com/blog/threat-research/cta-security-playbook--goblin-panda.html"
],
"synonyms": [
"Goblin Panda",
"Conimes",
"Cycldek"
] ]
}, },
"uuid": "af482dde-9e47-48d5-9cb2-cf8f6d6303d3", "uuid": "af482dde-9e47-48d5-9cb2-cf8f6d6303d3",
@ -9989,6 +9981,41 @@
}, },
"uuid": "d58030e2-5673-4836-9aff-ab6d55da0bc0", "uuid": "d58030e2-5673-4836-9aff-ab6d55da0bc0",
"value": "SLIME29" "value": "SLIME29"
},
{
"description": "Goblin Panda is one of a handful of elite Chinese advanced persistent threat (APT) groups. Most Chinese APTs target the United States and NATO, but Goblin Panda focuses primarily on Southeast Asia.",
"meta": {
"attribution-confidence": "75",
"cfr-suspected-state-sponsor": "China",
"cfr-suspected-victims": [
"Malaysia",
"India",
"Indonesia",
"Japan",
"Philippines",
"Southeast Asia",
"South Korea",
"Vietnam"
],
"cfr-target-category": [
"Private Sector"
],
"country": "CN",
"refs": [
"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-august-goblin-panda/",
"https://securelist.com/cycldek-bridging-the-air-gap/97157/",
"https://www.fortinet.com/blog/threat-research/cta-security-playbook--goblin-panda.html",
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf",
"https://cyberthreat.thalesgroup.com/sites/default/files/2022-05/THALES%20THREAT%20HANDBOOK%202022%20Light%20Version_1.pdf"
],
"synonyms": [
"Conimes",
"Cycldek",
"ATK78"
]
},
"uuid": "8d73715a-8bbd-4eaa-ae24-2f1b1c84cf21",
"value": "Goblin Panda"
} }
], ],
"version": 239 "version": 239