MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

fix broken links

pull/533/head
Rony 2020-04-19 16:03:21 +05:30 committed by GitHub
parent 42a4820823
commit 573b4807ee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
clusters/threat-actor.json
View File

@ -50,7 +50,7 @@
"https://www.fireeye.com/blog/threat-research/2014/03/a-detailed-examination-of-the-siesta-campaign.html",
"https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-oceansalt-delivers-wave-after-wave/",
"https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf",
"https://www.symantec.com/connect/blogs/apt1-qa-attacks-comment-crew",
"https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=f1265df5-6e5e-4fcc-9828-d4ddbbafd3d7&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments",
"https://attack.mitre.org/groups/G0006/",
"https://www.nytimes.com/2014/05/20/us/us-to-charge-chinese-workers-with-cyberspying.html"
],
@ -100,7 +100,7 @@
"attribution-confidence": "50",
"country": "CN",
"refs": [
"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_nitro_attacks.pdf",
"https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2011/the_nitro_attacks.pdf",
"https://unit42.paloaltonetworks.com/new-indicators-compromise-apt-group-nitro-uncovered/",
"https://blog.trendmicro.com/trendlabs-security-intelligence/the-significance-of-the-nitro-attacks/"
],
@ -159,7 +159,7 @@
"meta": {
"refs": [
"https://www.cylance.com/content/dam/cylance/pdfs/reports/Op_Dust_Storm_Report.pdf",
"https://www.symantec.com/connect/blogs/inside-back-door-attack",
"https://web.archive.org/web/20140816135909/https://www.symantec.com/connect/blogs/inside-back-door-attack",
"https://attack.mitre.org/groups/G0031/"
]
},
@ -335,7 +335,7 @@
"country": "CN",
"refs": [
"https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html",
"http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong",
"https://web.archive.org/web/20160910124439/http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong",
"https://www.cfr.org/interactive/cyber-operations/apt-3"
],
"synonyms": [
@ -503,11 +503,11 @@
"country": "CN",
"refs": [
"http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html",
"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf",
"https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/hidden_lynx.pdf",
"https://www.cfr.org/interactive/cyber-operations/apt-17",
"https://www.carbonblack.com/2013/02/08/bit9-and-our-customers-security/",
"https://www.symantec.com/connect/blogs/security-vendors-take-action-against-hidden-lynx-malware",
"https://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire",
"https://web.archive.org/web/20141016080249/http://www.symantec.com/connect/blogs/security-vendors-take-action-against-hidden-lynx-malware",
"https://web.archive.org/web/20130920000343/https://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire",
"https://www.recordedfuture.com/hidden-lynx-analysis/"
],
"synonyms": [
@ -739,7 +739,7 @@
"https://www.bleepingcomputer.com/news/security/us-arrests-chinese-man-involved-with-sakula-malware-used-in-opm-and-anthem-hacks/",
"https://gizmodo.com/u-s-indicts-chinese-hacker-spies-in-conspiracy-to-stea-1830111695",
"https://www.cyberscoop.com/anthem-breach-indictment-chinese-national/",
"https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf",
"https://www-west.symantec.com/content/dam/symantec/docs/security-center/white-papers/black-vine-cyberespionage-group-15-en.pdf",
"https://attack.mitre.org/groups/G0009/"
],
"synonyms": [
@ -1469,7 +1469,7 @@
"country": "CN",
"refs": [
"https://www.cfr.org/interactive/cyber-operations/sneaky-panda",
"https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf",
"https://www-west.symantec.com/content/dam/symantec/docs/security-center/white-papers/elderwood-project-12-en.pdf",
"https://attack.mitre.org/groups/G0066/"
],
"synonyms": [
@ -1982,7 +1982,7 @@
"https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html",
"https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/",
"https://www.brighttalk.com/webcast/10703/275683",
"https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage"
"https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage"
],
"synonyms": [
"APT 33",
@ -2060,7 +2060,7 @@
"http://www.clearskysec.com/thamar-reservoir/",
"https://citizenlab.ca/2015/08/iran_two_factor_phishing/",
"https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf",
"https://www.symantec.com/connect/blogs/shamoon-multi-staged-destructive-attacks-limited-specific-targets",
"https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=5758557d-6e3a-4174-90f3-fa92a712ecd9&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments",
"https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/",
"https://en.wikipedia.org/wiki/Rocket_Kitten",
"https://www.cfr.org/interactive/cyber-operations/rocket-kitten"
@ -2365,7 +2365,7 @@
"https://aptnotes.malwareconfig.com/web/viewer.html?file=../APTnotes/2014/apt28.pdf",
"https://www.accenture.com/us-en/blogs/blogs-snakemackerel-delivers-zekapab-malware",
"https://www.wired.com/story/russian-fancy-bears-hackers-release-apparent-ioc-emails/",
"https://www.symantec.com/blogs/election-security/apt28-espionage-military-government",
"https://symantec-blogs.broadcom.com/blogs/election-security/apt28-espionage-military-government",
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/",
"https://unit42.paloaltonetworks.com/unit42-sofacy-attacks-multiple-government-entities/",
"https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/",
@ -2552,7 +2552,7 @@
"https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/",
"https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/",
"https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/",
"https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf",
"https://www-west.symantec.com/content/dam/symantec/docs/security-center/white-papers/waterbug-attack-group-16-en.pdf",
"https://www.theguardian.com/technology/2014/aug/07/turla-hackers-spying-governments-researcher-kaspersky-symantec",
"https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/",
"http://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf",
@ -2629,7 +2629,7 @@
"country": "RU",
"refs": [
"http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf",
"https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf",
"http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans",
"https://threatpost.com/energy-watering-hole-attack-used-lightsout-exploit-kit/104772/",
"https://www.cfr.org/interactive/cyber-operations/crouching-yeti",
@ -2637,7 +2637,7 @@
"https://dragos.com/wp-content/uploads/CrashOverride-01.pdf",
"https://www.independent.ie/irish-news/statesponsored-hackers-targeted-eirgrid-electricity-network-in-devious-attack-36005921.html",
"https://www.riskiq.com/blog/labs/energetic-bear/",
"https://www.symantec.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks",
"https://symantec-blogs.broadcom.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks",
"https://www.kaspersky.com/resource-center/threats/crouching-yeti-energetic-bear-malware-threat",
"https://www.sans.org/reading-room/whitepapers/ICS/impact-dragonfly-malware-industrial-control-systems-36672",
"https://attack.mitre.org/groups/G0035/",
@ -2694,7 +2694,7 @@
"https://www.us-cert.gov/ncas/alerts/TA17-163A",
"https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid",
"https://www.cfr.org/interactive/cyber-operations/black-energy",
"https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks",
"https://web.archive.org/web/20141016132823/https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks",
"https://ics.sans.org/blog/2015/12/30/current-reporting-on-the-cyber-attack-in-ukraine-resulting-in-power-outage",
"https://blog.trendmicro.com/trendlabs-security-intelligence/timeline-of-sandworm-attacks/",
"https://attack.mitre.org/groups/G0034/"
@ -2796,7 +2796,7 @@
"https://en.wikipedia.org/wiki/Carbanak",
"https://app.box.com/s/p7qzcury97tuwk26694uutujwqmwqyhe",
"http://2014.zeronights.ru/assets/files/slides/ivanovb-zeronights.pdf",
"https://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks",
"https://web.archive.org/web/20161223002016/https://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks",
"https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor",
"https://www.icebrg.io/blog/footprints-of-fin7-tracking-actor-patterns",
"https://www.crowdstrike.com/blog/arrests-put-new-focus-on-carbon-spider-adversary-group/",
@ -2894,7 +2894,7 @@
"refs": [
"https://www.welivesecurity.com/2015/11/11/operation-buhtrap-malware-distributed-via-ammyy-com/",
"https://www.group-ib.com/brochures/gib-buhtrap-report.pdf",
"https://www.symantec.com/connect/blogs/russian-bank-employees-received-fake-job-offers-targeted-email-attack",
"https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=8e498912-44f8-4ea0-ac50-4544f0fedd6c&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments",
"https://www.forcepoint.com/blog/security-labs/highly-evasive-code-injection-awaits-user-interaction-delivering-malware",
"https://www.kaspersky.com/blog/financial-trojans-2019/25690/",
"https://www.welivesecurity.com/2015/04/09/operation-buhtrap/",
@ -3041,10 +3041,10 @@
"https://content.fireeye.com/apt/rpt-apt38",
"https://blog.malwarebytes.com/threat-analysis/2019/03/the-advanced-persistent-threat-files-lazarus-group/",
"https://www.theguardian.com/world/2009/jul/08/south-korea-cyber-attack",
"https://www.symantec.com/connect/blogs/trojankoredos-comes-unwelcomed-surprise",
"https://web.archive.org/web/20131123012339/https://www.symantec.com/connect/blogs/trojankoredos-comes-unwelcomed-surprise",
"https://www.nytimes.com/2013/03/21/world/asia/south-korea-computer-network-crashes.html",
"https://www.symantec.com/connect/blogs/south-korean-financial-companies-targeted-castov",
"https://www.symantec.com/connect/blogs/four-years-darkseoul-cyberattacks-against-south-korea-continue-anniversary-korean-war",
"https://web.archive.org/web/20130607233212/https://www.symantec.com/connect/blogs/south-korean-financial-companies-targeted-castov",
"https://web.archive.org/web/20130701021735/https://www.symantec.com/connect/blogs/four-years-darkseoul-cyberattacks-against-south-korea-continue-anniversary-korean-war",
"https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/the-hack-of-sony-pictures-what-you-need-to-know",
"https://blog.trendmicro.com/trendlabs-security-intelligence/new-killdisk-variant-hits-financial-organizations-in-latin-america/",
"https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/",
@ -3061,11 +3061,11 @@
"https://medium.com/threat-intel/lazarus-attacks-wannacry-5fdeddee476c",
"https://attack.mitre.org/groups/G0032/",
"https://threatpost.com/lazarus-apt-spinoff-linked-to-banking-hacks/124746/",
"https://www.symantec.com/connect/blogs/duuzer-back-door-trojan-targets-south-korea-take-over-computers",
"https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=5b9850b9-0fdd-48a9-b595-9234207ae7df&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments",
"https://www.bankinfosecurity.com/vietnamese-bank-blocks-1-million-online-heist-a-9105",
"https://www.reuters.com/article/us-cyber-heist-swift-specialreport-idUSKCN0YB0DD",
"https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks",
"https://www.symantec.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware",
"https://web.archive.org/web/20160527050022/https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks",
"https://symantec-blogs.broadcom.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware",
"https://blog.trendmicro.com/trendlabs-security-intelligence/what-we-can-learn-from-the-bangladesh-central-bank-cyber-heist/",
"https://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-malware-0",
"https://baesystemsai.blogspot.com/2017/10/taiwan-heist-lazarus-tools.html",