From 77b7ed2f01ed727d62012649a548b6fdb7eb2b4d Mon Sep 17 00:00:00 2001 From: Daniel Plohmann Date: Tue, 12 Mar 2024 10:15:12 +0100 Subject: [PATCH] adding aliases from UA's H1'2023 report --- clusters/threat-actor.json | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 788105b..ba92366 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2499,7 +2499,8 @@ "https://www.secureworks.com/research/threat-profiles/iron-hemlock", "https://attack.mitre.org/groups/G0016", "https://unit42.paloaltonetworks.com/atoms/cloaked-ursa/", - "https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf" + "https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf", + "https://cip.gov.ua/services/cm/api/attachment/download?id=60068" ], "synonyms": [ "Group 100", @@ -2516,7 +2517,8 @@ "TA421", "Blue Kitsune", "ITG11", - "BlueBravo" + "BlueBravo", + "UAC-0029" ], "targeted-sector": [ "Think Tanks", @@ -2625,7 +2627,8 @@ "https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/", "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag", "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/", - "https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf" + "https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf", + "https://cip.gov.ua/services/cm/api/attachment/download?id=60068" ], "synonyms": [ "Snake", @@ -2649,7 +2652,10 @@ "Blue Python", "SUMMIT", "UNC4210", - "Secret Blizzard" + "Secret Blizzard", + "UAC-0144", + "UAC-0024", + "UAC-0003" ], "targeted-sector": [ "Government, Administration", @@ -2814,7 +2820,8 @@ "https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back", "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/", "https://www.recordedfuture.com/russia-nexus-uac-0113-emulating-telecommunication-providers-in-ukraine", - "https://cert.gov.ua/article/405538" + "https://cert.gov.ua/article/405538", + "https://cip.gov.ua/services/cm/api/attachment/download?id=60068" ], "synonyms": [ "Quedagh", @@ -2828,7 +2835,8 @@ "Blue Echidna", "FROZENBARENTS", "UAC-0113", - "Seashell Blizzard" + "Seashell Blizzard", + "UAC-0082" ], "targeted-sector": [ "Electric", @@ -13402,7 +13410,12 @@ "country": "RU", "refs": [ "https://www.mandiant.com/resources/blog/gru-rise-telegram-minions", - "https://www.mandiant.com/resources/blog/gru-disruptive-playbook" + "https://www.mandiant.com/resources/blog/gru-disruptive-playbook", + "https://cip.gov.ua/services/cm/api/attachment/download?id=60068" + ], + "synonyms": [ + "UAC-0100", + "UAC-0106" ] }, "uuid": "566752f5-a294-4430-b47e-8e705f9887ea", @@ -13417,7 +13430,11 @@ "https://www.cyfirma.com/?post_type=out-of-band&p=17397", "https://www.reversinglabs.com/blog/the-week-in-security-possible-colonial-pipeline-2.0-ransomware-hurts-small-american-eateries", "https://channellife.com.au/story/the-increasing-presence-of-pro-russia-hacktivists", - "https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/" + "https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/", + "https://cip.gov.ua/services/cm/api/attachment/download?id=60068" + ], + "synonyms": [ + "UAC-0109" ] }, "uuid": "3689f0e2-6c39-4864-ae0b-cc03e4cb695a", @@ -15325,5 +15342,5 @@ "value": "R00tK1T" } ], - "version": 303 + "version": 304 }