MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

fixing deadlinks where possible

pull/552/head
Daniel Plohmann (jupiter) 2020-05-27 09:49:58 +02:00
parent 171f272a1e
commit a705d1402f
1 changed files with 18 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
clusters/threat-actor.json
View File

@ -181,7 +181,7 @@
"attribution-confidence": "50",
"country": "CN",
"refs": [
"http://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf"
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
]
},
"uuid": "06e659ff-ece8-4e6c-a110-d9692ac6d8ee",
@ -386,7 +386,7 @@
"https://blogs.technet.microsoft.com/mmpc/2016/06/09/reverse-engineering-dubnium-2",
"https://securelist.com/blog/research/66779/the-darkhotel-apt/",
"https://securelist.com/the-darkhotel-apt/66779/",
"http://drops.wooyun.org/tips/11726",
"https://web.archive.org/web/20160104165148/http://drops.wooyun.org/tips/11726",
"https://labs.bitdefender.com/wp-content/uploads/downloads/inexsmar-an-unusual-darkhotel-campaign/",
"https://www.cfr.org/interactive/cyber-operations/darkhotel",
"https://www.securityweek.com/darkhotel-apt-uses-new-methods-target-politicians",
@ -511,7 +511,7 @@
"cfr-type-of-incident": "Espionage",
"country": "CN",
"refs": [
"http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html",
"https://web.archive.org/web/20130924130243/https://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html",
"https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/hidden_lynx.pdf",
"https://www.cfr.org/interactive/cyber-operations/apt-17",
"https://www.carbonblack.com/2013/02/08/bit9-and-our-customers-security/",
@ -649,7 +649,6 @@
"https://www.microsoft.com/security/blog/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/",
"https://www.cfr.org/interactive/cyber-operations/axiom",
"https://securelist.com/games-are-over/70991/",
"https://vsec.com.vn/en/blogen/initial-winnti-analysis-against-vietnam-game-company.html",
"https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a",
"https://www.dw.com/en/thyssenkrupp-victim-of-cyber-attack/a-36695341",
"https://www.bleepingcomputer.com/news/security/teamviewer-confirms-undisclosed-breach-from-2016/",
@ -736,7 +735,7 @@
"country": "CN",
"refs": [
"http://cybercampaigns.net/wp-content/uploads/2013/06/Deep-Panda.pdf",
"http://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf",
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf",
"https://www.cfr.org/interactive/cyber-operations/deep-panda",
"https://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/",
"https://eromang.zataz.com/2013/01/02/capstone-turbine-corporation-also-targeted-in-the-cfr-watering-hole-attack-and-more/",
@ -1047,7 +1046,7 @@
"country": "CN",
"refs": [
"http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/",
"http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
"https://web.archive.org/web/20140129192702/https://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
"https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/",
"https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/",
"https://www.cfr.org/interactive/cyber-operations/iron-tiger"
@ -1633,7 +1632,7 @@
"attribution-confidence": "50",
"country": "CN",
"refs": [
"http://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf"
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
]
},
"uuid": "1514546d-f6ea-4af3-bbea-24d6fd9e6761",
@ -3008,7 +3007,7 @@
"attribution-confidence": "50",
"country": "RU",
"refs": [
"http://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf"
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
]
},
"uuid": "db774b7d-a0ee-4375-b24e-fd278f5ab2fd",
@ -3019,7 +3018,7 @@
"attribution-confidence": "50",
"country": "KP",
"refs": [
"http://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf"
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
],
"synonyms": [
"OperationTroy",
@ -3184,7 +3183,7 @@
"attribution-confidence": "50",
"country": "IN",
"refs": [
"http://enterprise-manage.norman.c.bitbit.net/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf"
"https://kung_foo.keybase.pub/papers_and_presentations/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf"
],
"synonyms": [
"Appin",
@ -3251,8 +3250,8 @@
"refs": [
"https://securelist.com/blog/research/69114/animals-in-the-apt-farm/",
"https://motherboard.vice.com/read/meet-babar-a-new-malware-almost-certainly-created-by-france",
"http://www.cyphort.com/evilbunny-malware-instrumented-lua/",
"http://www.cyphort.com/babar-suspected-nation-state-spyware-spotlight/",
"https://web.archive.org/web/20150311013500/http://www.cyphort.com/evilbunny-malware-instrumented-lua/",
"https://web.archive.org/web/20150218192803/http://www.cyphort.com/babar-suspected-nation-state-spyware-spotlight/",
"https://www.gdatasoftware.com/blog/2015/02/24270-babar-espionage-software-finally-found-and-put-under-the-microscope",
"https://www.cfr.org/interactive/cyber-operations/snowglobe",
"https://resources.infosecinstitute.com/animal-farm-apt-and-the-shadow-of-france-intelligence/"
@ -4029,7 +4028,6 @@
"meta": {
"refs": [
"https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html",
"http://blog.vectranetworks.com/blog/moonlight-middle-east-targeted-attacks",
"https://ti.360.net/blog/articles/suspected-molerats-new-attack-in-the-middle-east/",
"https://ti.360.net/blog/articles/suspected-molerats-new-attack-in-the-middle-east-en/",
"https://middle-east-online.com/en/cyber-war-gaza-hackers-deface-israel-fire-service-website",
@ -4682,7 +4680,7 @@
"https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html",
"https://www2.fireeye.com/WBNR-Know-Your-Enemy-UNC622-Spear-Phishing.html",
"https://www.root9b.com/sites/default/files/whitepapers/PoS%20Malware%20ShellTea%20PoSlurp.pdf",
"http://files.shareholder.com/downloads/AMDA-254Q5F/0x0x938351/665BA6A3-9573-486C-B96F-80FA35759E8C/FEYE_rpt-mtrends-2017_FINAL2.pdf",
"https://afyonluoglu.org/PublicWebFiles/Reports-TR/2017%20FireEye%20M-Trends%20Report.pdf",
"https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html",
"https://attack.mitre.org/groups/G0061"
]
@ -4963,7 +4961,7 @@
"attribution-confidence": "50",
"country": "CN",
"refs": [
"http://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Detecting-and-Responding-to-Pandas-and-Bears-Christopher-Scott-CrowdStrike-and-Wendi-Whitmore-IBM.pdf"
"https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1492182276.pdf"
]
},
"uuid": "5bc7382d-ddc6-46d3-96f5-1dbdadbd601c",
@ -5451,7 +5449,7 @@
{
"meta": {
"refs": [
"https://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf"
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
]
},
"uuid": "769bf551-ff39-4f84-b7f2-654a28df1e50",
@ -5514,7 +5512,7 @@
{
"meta": {
"refs": [
"https://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf"
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
]
},
"uuid": "445c7b62-028b-455e-9d65-74899b7006a4",
@ -5592,7 +5590,7 @@
"attribution-confidence": "50",
"country": "CN",
"refs": [
"http://en.hackdig.com/02/39538.htm"
"http://webcache.googleusercontent.com/search?q=cache:TWoHHzH9gU0J:en.hackdig.com/02/39538.htm"
]
},
"uuid": "110792e8-38d2-4df2-9ea3-08b60321e994",
@ -7989,7 +7987,7 @@
"meta": {
"refs": [
"https://ti.360.net/blog/articles/analysis-of-apt-c-27/",
"http://csecybsec.com/download/zlab/20180723_CSE_APT27_Syria_v1.pdf"
"https://www.pbwcz.cz/Reporty/20180723_CSE_APT27_Syria_v1.pdf"
],
"since": "2014",
"synonyms": [
@ -8341,5 +8339,5 @@
"value": "COBALT KATANA"
}
],
"version": 160
"version": 161
}