From 44a99d066ae303efd0b34a37118938c5453e8e64 Mon Sep 17 00:00:00 2001 From: Thanat0s Date: Sat, 11 Jun 2022 04:24:04 -0400 Subject: [PATCH] Y en a un peut plus je vous le mets quand meme ? --- clusters/threat-actor.json | 128 +++++++++++++++++++++++++++++-------- 1 file changed, 101 insertions(+), 27 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 32ae630f..2ca46522 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -1488,7 +1488,8 @@ "Sneaky Panda", "Elderwood", "Elderwood Gang", - "SIG22" + "SIG22", + "G0066" ] }, "related": [ @@ -2744,7 +2745,8 @@ "Quedagh", "Voodoo Bear", "TEMP.Noble", - "Iron Viking" + "Iron Viking", + "G0034" ] }, "related": [ @@ -2864,7 +2866,8 @@ "GOLD NIAGARA", "Calcium", "ATK32", - "G0046" + "G0046", + "G0008" ] }, "related": [ @@ -2977,7 +2980,8 @@ "https://attack.mitre.org/groups/G0085/" ], "synonyms": [ - "FIN4" + "FIN4", + "G0085" ] }, "uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57", @@ -3375,7 +3379,8 @@ "https://attack.mitre.org/groups/G0038/" ], "synonyms": [ - "FruityArmor" + "FruityArmor", + "G0038" ] }, "related": [ @@ -3470,6 +3475,9 @@ "https://attack.mitre.org/wiki/Groups", "https://unit42.paloaltonetworks.com/scarlet-mimic-years-long-espionage-targets-minority-activists/", "https://attack.mitre.org/groups/G0029/" + ], + "synonyms": [ + "G0029" ] }, "related": [ @@ -3493,6 +3501,9 @@ "https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/", "https://attack.mitre.org/wiki/Groups", "https://attack.mitre.org/groups/G0033/" + ], + "synonyms": [ + "G0033" ] }, "related": [ @@ -3535,7 +3546,9 @@ ], "synonyms": [ "Moafee", - "BRONZE OVERBROOK" + "BRONZE OVERBROOK", + "G0017", + "G0002" ] }, "related": [ @@ -3586,7 +3599,8 @@ "synonyms": [ "Strider", "Sauron", - "Project Sauron" + "Project Sauron", + "G0041" ] }, "related": [ @@ -3635,7 +3649,8 @@ "https://www.cfr.org/interactive/cyber-operations/apt-30" ], "synonyms": [ - "APT30" + "APT30", + "G0013" ] }, "related": [ @@ -3691,6 +3706,9 @@ "refs": [ "https://securelist.com/apt-style-bank-robberies-increase-with-metel-gcman-and-carbanak-2-0-attacks/73638/", "https://attack.mitre.org/groups/G0036/" + ], + "synonyms": [ + "G0036" ] }, "related": [ @@ -3714,6 +3732,9 @@ "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=62e325ae-f551-4855-b9cf-28a7d52d1534&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7a60af1f-7786-446c-976b-7c71a16e9d3b&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://attack.mitre.org/groups/G0039/" + ], + "synonyms": [ + "G0039" ] }, "related": [ @@ -4014,7 +4035,8 @@ "Operation Molerats", "Extreme Jackal", "Moonlight", - "ALUMINUM SARATOGA" + "ALUMINUM SARATOGA", + "G0021" ] }, "related": [ @@ -4041,7 +4063,9 @@ "https://attack.mitre.org/groups/G0056/" ], "synonyms": [ - "StrongPity" + "StrongPity", + "G0055", + "G0056" ] }, "related": [ @@ -4216,7 +4240,8 @@ "Lamberts", "EQGRP", "Longhorn", - "PLATINUM TERMINAL" + "PLATINUM TERMINAL", + "G0020" ] }, "related": [ @@ -4287,7 +4312,8 @@ "synonyms": [ "Primitive Bear", "Shuckworm", - "ACTINIUM" + "ACTINIUM", + "G0047" ] }, "related": [ @@ -4487,6 +4513,7 @@ "cfr-type-of-incident": "Espionage", "country": "VN", "refs": [ + "https://attack.mitre.org/groups/G0050/", "https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html", "https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/", "https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/", @@ -4657,9 +4684,7 @@ "since": "2017", "synonyms": [ "LeafMiner", - "Raspite", - "ATK113", - "G0061" + "Raspite" ], "victimology": "Electric utility sector" }, @@ -4676,6 +4701,10 @@ "https://afyonluoglu.org/PublicWebFiles/Reports-TR/2017%20FireEye%20M-Trends%20Report.pdf", "https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html", "https://attack.mitre.org/groups/G0061" + ], + "synonyms": [ + "ATK113", + "G0061" ] }, "related": [ @@ -4718,6 +4747,7 @@ ], "cfr-type-of-incident": "Espionage", "refs": [ + "https://attack.mitre.org/groups/G0095/", "https://securelist.com/el-machete/66108/", "https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.html", "https://www.cfr.org/interactive/cyber-operations/machete", @@ -4727,7 +4757,8 @@ "synonyms": [ "Machete", "machete-apt", - "APT-C-43" + "APT-C-43", + "G0095" ] }, "uuid": "827c17e0-c3f5-4ad1-a4f4-30a40ed0a2d3", @@ -4758,7 +4789,8 @@ "Cobalt Group", "Cobalt Gang", "GOLD KINGSWOOD", - "COBALT SPIDER" + "COBALT SPIDER", + "G0080" ] }, "uuid": "01967480-c49b-4d4a-a7fa-aef0eaf535fe", @@ -4771,6 +4803,9 @@ "refs": [ "https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts", "https://attack.mitre.org/groups/G0062/" + ], + "synonyms": [ + "G0062" ] }, "related": [ @@ -4901,7 +4936,8 @@ "Nian", "BRONZE BUTLER", "REDBALDKNIGHT", - "STALKER PANDA" + "STALKER PANDA", + "G0060" ] }, "related": [ @@ -5064,7 +5100,8 @@ "https://attack.mitre.org/groups/G0052/" ], "synonyms": [ - "Slayer Kitten" + "Slayer Kitten", + "G0052" ] }, "related": [ @@ -5216,7 +5253,8 @@ "Velvet Chollima", "Black Banshee", "Thallium", - "Operation Stolen Pencil" + "Operation Stolen Pencil", + "G0086" ] }, "uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3", @@ -5616,6 +5654,9 @@ "https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments", "https://www.cfr.org/interactive/cyber-operations/sowbug", "https://attack.mitre.org/groups/G0054/" + ], + "synonyms": [ + "G0054" ] }, "related": [ @@ -5723,7 +5764,11 @@ "country": "LB", "refs": [ "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "https://research.checkpoint.com/2020/bandook-signed-delivered", "https://attack.mitre.org/groups/G0070/" + ], + "synonyms": [ + "G0070" ] }, "uuid": "3d449c83-4426-431a-b06a-cb4f8a0fca94", @@ -6177,7 +6222,8 @@ "synonyms": [ "Rancor group", "Rancor", - "Rancor Group" + "Rancor Group", + "G0075" ] }, "uuid": "79c7c7e0-79d5-11e8-9b9c-1ff96be20c0b", @@ -6235,7 +6281,8 @@ "https://attack.mitre.org/groups/G0079/" ], "synonyms": [ - "LazyMeerkat" + "LazyMeerkat", + "G0079" ] }, "uuid": "ce2c2dfd-2445-4fbc-a747-9e7092e383f9", @@ -6444,7 +6491,8 @@ "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf" ], "synonyms": [ - "LOTUS PANDA" + "LOTUS PANDA", + "G0076" ] }, "uuid": "98be4300-a9ef-11e8-9a95-bb9221083cfc", @@ -6472,7 +6520,8 @@ "cfr-type-of-incident": "Espionage", "country": "PK", "refs": [ - "https://www.cfr.org/interactive/cyber-operations/stealth-mango-and-tangelo" + "https://www.cfr.org/interactive/cyber-operations/stealth-mango-and-tangelo", + "https://attack.mitre.org/groups/G0076" ], "synonyms": [ "ATK78", @@ -6599,7 +6648,8 @@ "cfr-type-of-incident": "Espionage", "country": "RU", "refs": [ - "https://www.cfr.org/interactive/cyber-operations/cloud-atlas" + "https://www.cfr.org/interactive/cyber-operations/cloud-atlas", + "https://attack.mitre.org/groups/G0100/" ], "synonyms": [ "ATK116", @@ -7034,7 +7084,8 @@ "synonyms": [ "Chafer", "REMIX KITTEN", - "COBALT HICKMAN" + "COBALT HICKMAN", + "G0087" ] }, "uuid": "c2c64bd3-a325-446f-91a8-b4c0f173a30b", @@ -7362,6 +7413,9 @@ "https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/", "https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html", "https://attack.mitre.org/groups/G0063/" + ], + "synonyms": [ + "G0063" ] }, "uuid": "8fbd195f-5e03-4e85-8ca5-4f1dff300bec", @@ -7395,6 +7449,9 @@ "refs": [ "https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?", "https://attack.mitre.org/groups/G0053/" + ], + "synonyms": [ + "G0053" ] }, "uuid": "44dc2f9c-8c28-11e9-9b9a-7fdced8cbf70", @@ -7417,6 +7474,9 @@ "refs": [ "https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin10.pdf", "https://attack.mitre.org/groups/G0051/" + ], + "synonyms": [ + "G0051" ] }, "uuid": "f2d02410-8c2c-11e9-8df1-a31c1fb33d79", @@ -7456,6 +7516,9 @@ "refs": [ "https://www.securityweek.com/iranian-actor-group5-targeting-syrian-opposition", "https://attack.mitre.org/groups/G0043/" + ], + "synonyms": [ + "G0043" ] }, "uuid": "bc8390aa-8c4e-11e9-a9cb-e37c361210af", @@ -7467,6 +7530,9 @@ "refs": [ "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/", "https://attack.mitre.org/groups/G0072/" + ], + "synonyms": [ + "G0072" ] }, "uuid": "2d82a18e-8c53-11e9-b0ec-536b62fa3d86", @@ -7489,6 +7555,9 @@ "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf", "https://attack.mitre.org/groups/G0048/" + ], + "synonyms": [ + "G0048" ] }, "uuid": "88100602-8e8b-11e9-bb7c-1bf20b58e305", @@ -7520,6 +7589,9 @@ "refs": [ "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf", "https://attack.mitre.org/groups/G0015/" + ], + "synonyms": [ + "G0015" ] }, "uuid": "e6669606-91ad-11e9-b6f5-374843911989", @@ -8507,6 +8579,7 @@ "attribution-confidence": "100", "country": "CN", "refs": [ + "https://attack.mitre.org/groups/G0125/", "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers", "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/", "https://www.splunk.com/en_us/blog/security/detecting-hafnium-exchange-server-zero-day-activity-in-splunk.html", @@ -8532,7 +8605,8 @@ ], "synonyms": [ "ATK233", - "G0125" + "G0125", + "Operation Exchange Marauder" ] }, "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",