MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'Mathieu4141-threat-actors/fix-apt33' into main

pull/752/head
Alexandre Dulaunoy 2022-08-17 07:41:06 +02:00
parent 65c9490b77 352998a84d
commit 627988ae60
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 19 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
clusters/threat-actor.json
View File

@ -1947,7 +1947,19 @@
"description": "Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government.",
"meta": {
"attribution-confidence": "50",
"capabilities": "STONEDRILL wiper, variants of TURNEDUP malware",
"cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
"cfr-suspected-victims": [
"United States",
"Saudi Arabia",
"South Korea"
],
"cfr-target-category": [
"Private sector"
],
"cfr-type-of-incident": "Espionage",
"country": "IR",
"mode-of-operation": "IT network limited, information gathering against industrial orgs",
"refs": [
"https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html",
"https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/",
@ -1955,7 +1967,10 @@
"https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage",
"https://www.secureworks.com/research/threat-profiles/cobalt-trinity",
"https://attack.mitre.org/groups/G0064/",
"https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/"
"https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/",
"https://www.cfr.org/interactive/cyber-operations/apt-33",
"https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf",
"https://dragos.com/adversaries.html"
],
"synonyms": [
"APT 33",
@ -1966,7 +1981,8 @@
"COBALT TRINITY",
"G0064",
"ATK35"
]
],
"victimology": "Petrochemical, Aerospace, Saudi Arabia"
},
"related": [
{
@ -6125,53 +6141,6 @@
"uuid": "a08ab076-33c1-4350-b021-650c34277f2d",
"value": "DYMALLOY"
},
{
"description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
"meta": {
"attribution-confidence": "50",
"capabilities": "STONEDRILL wiper, variants of TURNEDUP malware",
"cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
"cfr-suspected-victims": [
"United States",
"Saudi Arabia",
"South Korea"
],
"cfr-target-category": [
"Private sector"
],
"cfr-type-of-incident": "Espionage",
"country": "IR",
"mode-of-operation": "IT network limited, information gathering against industrial orgs",
"refs": [
"https://dragos.com/adversaries.html",
"https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf",
"https://www.cfr.org/interactive/cyber-operations/apt-33"
],
"since": "2016",
"synonyms": [
"APT33"
],
"victimology": "Petrochemical, Aerospace, Saudi Arabia"
},
"related": [
{
"dest-uuid": "fbd29c89-18ba-4c2d-b792-51c0adee049f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "4f69ec6d-cb6b-42af-b8e2-920a2aa4be10",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "accd848b-b8f4-46ba-a408-9063b35cfbf2",
"value": "MAGNALLIUM"
},
{
"description": "Adversaries abusing ICS (based on Dragos Inc adversary list).",
"meta": {
@ -10041,5 +10010,5 @@
"value": "SLIME29"
}
],
"version": 239
"version": 240
}