MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #722 from Th4nat0s/thales_atk 

Y en a un peut plus je vous le mets quand meme ?
pull/723/head
Alexandre Dulaunoy 2022-06-11 10:49:04 +02:00 committed by GitHub
parent 10d53418de 44a99d066a
commit 76c8186274
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 101 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
clusters/threat-actor.json
View File

@ -1488,7 +1488,8 @@
"Sneaky Panda",
"Elderwood",
"Elderwood Gang",
"SIG22"
"SIG22",
"G0066"
]
},
"related": [
@ -2744,7 +2745,8 @@
"Quedagh",
"Voodoo Bear",
"TEMP.Noble",
"Iron Viking"
"Iron Viking",
"G0034"
]
},
"related": [
@ -2864,7 +2866,8 @@
"GOLD NIAGARA",
"Calcium",
"ATK32",
"G0046"
"G0046",
"G0008"
]
},
"related": [
@ -2977,7 +2980,8 @@
"https://attack.mitre.org/groups/G0085/"
],
"synonyms": [
"FIN4"
"FIN4",
"G0085"
]
},
"uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57",
@ -3375,7 +3379,8 @@
"https://attack.mitre.org/groups/G0038/"
],
"synonyms": [
"FruityArmor"
"FruityArmor",
"G0038"
]
},
"related": [
@ -3470,6 +3475,9 @@
"https://attack.mitre.org/wiki/Groups",
"https://unit42.paloaltonetworks.com/scarlet-mimic-years-long-espionage-targets-minority-activists/",
"https://attack.mitre.org/groups/G0029/"
],
"synonyms": [
"G0029"
]
},
"related": [
@ -3493,6 +3501,9 @@
"https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/",
"https://attack.mitre.org/wiki/Groups",
"https://attack.mitre.org/groups/G0033/"
],
"synonyms": [
"G0033"
]
},
"related": [
@ -3535,7 +3546,9 @@
],
"synonyms": [
"Moafee",
"BRONZE OVERBROOK"
"BRONZE OVERBROOK",
"G0017",
"G0002"
]
},
"related": [
@ -3586,7 +3599,8 @@
"synonyms": [
"Strider",
"Sauron",
"Project Sauron"
"Project Sauron",
"G0041"
]
},
"related": [
@ -3635,7 +3649,8 @@
"https://www.cfr.org/interactive/cyber-operations/apt-30"
],
"synonyms": [
"APT30"
"APT30",
"G0013"
]
},
"related": [
@ -3691,6 +3706,9 @@
"refs": [
"https://securelist.com/apt-style-bank-robberies-increase-with-metel-gcman-and-carbanak-2-0-attacks/73638/",
"https://attack.mitre.org/groups/G0036/"
],
"synonyms": [
"G0036"
]
},
"related": [
@ -3714,6 +3732,9 @@
"https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=62e325ae-f551-4855-b9cf-28a7d52d1534&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments",
"https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7a60af1f-7786-446c-976b-7c71a16e9d3b&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments",
"https://attack.mitre.org/groups/G0039/"
],
"synonyms": [
"G0039"
]
},
"related": [
@ -4014,7 +4035,8 @@
"Operation Molerats",
"Extreme Jackal",
"Moonlight",
"ALUMINUM SARATOGA"
"ALUMINUM SARATOGA",
"G0021"
]
},
"related": [
@ -4041,7 +4063,9 @@
"https://attack.mitre.org/groups/G0056/"
],
"synonyms": [
"StrongPity"
"StrongPity",
"G0055",
"G0056"
]
},
"related": [
@ -4216,7 +4240,8 @@
"Lamberts",
"EQGRP",
"Longhorn",
"PLATINUM TERMINAL"
"PLATINUM TERMINAL",
"G0020"
]
},
"related": [
@ -4287,7 +4312,8 @@
"synonyms": [
"Primitive Bear",
"Shuckworm",
"ACTINIUM"
"ACTINIUM",
"G0047"
]
},
"related": [
@ -4487,6 +4513,7 @@
"cfr-type-of-incident": "Espionage",
"country": "VN",
"refs": [
"https://attack.mitre.org/groups/G0050/",
"https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html",
"https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/",
"https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/",
@ -4657,9 +4684,7 @@
"since": "2017",
"synonyms": [
"LeafMiner",
"Raspite",
"ATK113",
"G0061"
"Raspite"
],
"victimology": "Electric utility sector"
},
@ -4676,6 +4701,10 @@
"https://afyonluoglu.org/PublicWebFiles/Reports-TR/2017%20FireEye%20M-Trends%20Report.pdf",
"https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html",
"https://attack.mitre.org/groups/G0061"
],
"synonyms": [
"ATK113",
"G0061"
]
},
"related": [
@ -4718,6 +4747,7 @@
],
"cfr-type-of-incident": "Espionage",
"refs": [
"https://attack.mitre.org/groups/G0095/",
"https://securelist.com/el-machete/66108/",
"https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.html",
"https://www.cfr.org/interactive/cyber-operations/machete",
@ -4727,7 +4757,8 @@
"synonyms": [
"Machete",
"machete-apt",
"APT-C-43"
"APT-C-43",
"G0095"
]
},
"uuid": "827c17e0-c3f5-4ad1-a4f4-30a40ed0a2d3",
@ -4758,7 +4789,8 @@
"Cobalt Group",
"Cobalt Gang",
"GOLD KINGSWOOD",
"COBALT SPIDER"
"COBALT SPIDER",
"G0080"
]
},
"uuid": "01967480-c49b-4d4a-a7fa-aef0eaf535fe",
@ -4771,6 +4803,9 @@
"refs": [
"https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts",
"https://attack.mitre.org/groups/G0062/"
],
"synonyms": [
"G0062"
]
},
"related": [
@ -4901,7 +4936,8 @@
"Nian",
"BRONZE BUTLER",
"REDBALDKNIGHT",
"STALKER PANDA"
"STALKER PANDA",
"G0060"
]
},
"related": [
@ -5064,7 +5100,8 @@
"https://attack.mitre.org/groups/G0052/"
],
"synonyms": [
"Slayer Kitten"
"Slayer Kitten",
"G0052"
]
},
"related": [
@ -5216,7 +5253,8 @@
"Velvet Chollima",
"Black Banshee",
"Thallium",
"Operation Stolen Pencil"
"Operation Stolen Pencil",
"G0086"
]
},
"uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
@ -5616,6 +5654,9 @@
"https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments",
"https://www.cfr.org/interactive/cyber-operations/sowbug",
"https://attack.mitre.org/groups/G0054/"
],
"synonyms": [
"G0054"
]
},
"related": [
@ -5723,7 +5764,11 @@
"country": "LB",
"refs": [
"https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
"https://research.checkpoint.com/2020/bandook-signed-delivered",
"https://attack.mitre.org/groups/G0070/"
],
"synonyms": [
"G0070"
]
},
"uuid": "3d449c83-4426-431a-b06a-cb4f8a0fca94",
@ -6177,7 +6222,8 @@
"synonyms": [
"Rancor group",
"Rancor",
"Rancor Group"
"Rancor Group",
"G0075"
]
},
"uuid": "79c7c7e0-79d5-11e8-9b9c-1ff96be20c0b",
@ -6235,7 +6281,8 @@
"https://attack.mitre.org/groups/G0079/"
],
"synonyms": [
"LazyMeerkat"
"LazyMeerkat",
"G0079"
]
},
"uuid": "ce2c2dfd-2445-4fbc-a747-9e7092e383f9",
@ -6444,7 +6491,8 @@
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf"
],
"synonyms": [
"LOTUS PANDA"
"LOTUS PANDA",
"G0076"
]
},
"uuid": "98be4300-a9ef-11e8-9a95-bb9221083cfc",
@ -6472,7 +6520,8 @@
"cfr-type-of-incident": "Espionage",
"country": "PK",
"refs": [
"https://www.cfr.org/interactive/cyber-operations/stealth-mango-and-tangelo"
"https://www.cfr.org/interactive/cyber-operations/stealth-mango-and-tangelo",
"https://attack.mitre.org/groups/G0076"
],
"synonyms": [
"ATK78",
@ -6599,7 +6648,8 @@
"cfr-type-of-incident": "Espionage",
"country": "RU",
"refs": [
"https://www.cfr.org/interactive/cyber-operations/cloud-atlas"
"https://www.cfr.org/interactive/cyber-operations/cloud-atlas",
"https://attack.mitre.org/groups/G0100/"
],
"synonyms": [
"ATK116",
@ -7034,7 +7084,8 @@
"synonyms": [
"Chafer",
"REMIX KITTEN",
"COBALT HICKMAN"
"COBALT HICKMAN",
"G0087"
]
},
"uuid": "c2c64bd3-a325-446f-91a8-b4c0f173a30b",
@ -7362,6 +7413,9 @@
"https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/",
"https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html",
"https://attack.mitre.org/groups/G0063/"
],
"synonyms": [
"G0063"
]
},
"uuid": "8fbd195f-5e03-4e85-8ca5-4f1dff300bec",
@ -7395,6 +7449,9 @@
"refs": [
"https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?",
"https://attack.mitre.org/groups/G0053/"
],
"synonyms": [
"G0053"
]
},
"uuid": "44dc2f9c-8c28-11e9-9b9a-7fdced8cbf70",
@ -7417,6 +7474,9 @@
"refs": [
"https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin10.pdf",
"https://attack.mitre.org/groups/G0051/"
],
"synonyms": [
"G0051"
]
},
"uuid": "f2d02410-8c2c-11e9-8df1-a31c1fb33d79",
@ -7456,6 +7516,9 @@
"refs": [
"https://www.securityweek.com/iranian-actor-group5-targeting-syrian-opposition",
"https://attack.mitre.org/groups/G0043/"
],
"synonyms": [
"G0043"
]
},
"uuid": "bc8390aa-8c4e-11e9-a9cb-e37c361210af",
@ -7467,6 +7530,9 @@
"refs": [
"https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/",
"https://attack.mitre.org/groups/G0072/"
],
"synonyms": [
"G0072"
]
},
"uuid": "2d82a18e-8c53-11e9-b0ec-536b62fa3d86",
@ -7489,6 +7555,9 @@
"refs": [
"https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf",
"https://attack.mitre.org/groups/G0048/"
],
"synonyms": [
"G0048"
]
},
"uuid": "88100602-8e8b-11e9-bb7c-1bf20b58e305",
@ -7520,6 +7589,9 @@
"refs": [
"https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf",
"https://attack.mitre.org/groups/G0015/"
],
"synonyms": [
"G0015"
]
},
"uuid": "e6669606-91ad-11e9-b6f5-374843911989",
@ -8507,6 +8579,7 @@
"attribution-confidence": "100",
"country": "CN",
"refs": [
"https://attack.mitre.org/groups/G0125/",
"https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers",
"https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/",
"https://www.splunk.com/en_us/blog/security/detecting-hafnium-exchange-server-zero-day-activity-in-splunk.html",
@ -8532,7 +8605,8 @@
],
"synonyms": [
"ATK233",
"G0125"
"G0125",
"Operation Exchange Marauder"
]
},
"uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",