mirror of https://github.com/MISP/misp-galaxy
Merge Cutting Kitten and Cleaver
parent
648b35d445
commit
b8d4ffdbde
|
@ -1777,85 +1777,6 @@
|
||||||
"uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
|
"uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
|
||||||
"value": "Flying Kitten"
|
"value": "Flying Kitten"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"description": "While tracking a suspected Iran-based threat group known as Threat Group-2889[1] (TG-2889), Dell SecureWorks Counter Threat Unit™ (CTU) researchers uncovered a network of fake LinkedIn profiles. These convincing profiles form a self-referenced network of seemingly established LinkedIn users. CTU researchers assess with high confidence the purpose of this network is to target potential victims through social engineering. Most of the legitimate LinkedIn accounts associated with the fake accounts belong to individuals in the Middle East, and CTU researchers assess with medium confidence that these individuals are likely targets of TG-2889. One of the threat actors responsible for the denial of service attacks against U.S in 2012–2013. Three individuals associated with the group—believed to be have been working on behalf of Iran’s Islamic Revolutionary Guard Corps—were indicted by the Justice Department in 2016. ",
|
|
||||||
"meta": {
|
|
||||||
"attribution-confidence": "50",
|
|
||||||
"cfr-suspected-state-sponsor": "Iran (Islamic Republic of)",
|
|
||||||
"cfr-suspected-victims": [
|
|
||||||
"Bank of America",
|
|
||||||
"US Bancorp",
|
|
||||||
"Fifth Third Bank",
|
|
||||||
"Citigroup",
|
|
||||||
"PNC",
|
|
||||||
"BB&T",
|
|
||||||
"Wells Fargo",
|
|
||||||
"Capital One",
|
|
||||||
"HSBC"
|
|
||||||
],
|
|
||||||
"cfr-target-category": [
|
|
||||||
"Private sector"
|
|
||||||
],
|
|
||||||
"cfr-type-of-incident": "Denial of service",
|
|
||||||
"country": "IR",
|
|
||||||
"refs": [
|
|
||||||
"http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/",
|
|
||||||
"https://www.cfr.org/interactive/cyber-operations/itsecteam"
|
|
||||||
],
|
|
||||||
"synonyms": [
|
|
||||||
"ITSecTeam",
|
|
||||||
"Threat Group 2889",
|
|
||||||
"TG-2889",
|
|
||||||
"Ghambar"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"related": [
|
|
||||||
{
|
|
||||||
"dest-uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063",
|
|
||||||
"tags": [
|
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
|
||||||
],
|
|
||||||
"type": "similar"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810",
|
|
||||||
"tags": [
|
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
|
||||||
],
|
|
||||||
"type": "similar"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba",
|
|
||||||
"tags": [
|
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
|
||||||
],
|
|
||||||
"type": "similar"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be",
|
|
||||||
"tags": [
|
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
|
||||||
],
|
|
||||||
"type": "similar"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1",
|
|
||||||
"tags": [
|
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
|
||||||
],
|
|
||||||
"type": "similar"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"dest-uuid": "b96e02f1-4037-463f-b158-5a964352f8d9",
|
|
||||||
"tags": [
|
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
|
||||||
],
|
|
||||||
"type": "similar"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"uuid": "11e17436-6ede-4733-8547-4ce0254ea19e",
|
|
||||||
"value": "Cutting Kitten"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"description": "Charming Kitten (aka Parastoo, aka Newscaster) is an group with a suspected nexus to Iran that targets organizations involved in government, defense technology, military, and diplomacy sectors.",
|
"description": "Charming Kitten (aka Parastoo, aka Newscaster) is an group with a suspected nexus to Iran that targets organizations involved in government, defense technology, military, and diplomacy sectors.",
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -2177,13 +2098,25 @@
|
||||||
"India",
|
"India",
|
||||||
"Kuwait",
|
"Kuwait",
|
||||||
"Qatar",
|
"Qatar",
|
||||||
"Turkey"
|
"Turkey",
|
||||||
|
"Bank of America",
|
||||||
|
"US Bancorp",
|
||||||
|
"Fifth Third Bank",
|
||||||
|
"Citigroup",
|
||||||
|
"PNC",
|
||||||
|
"BB&T",
|
||||||
|
"Wells Fargo",
|
||||||
|
"Capital One",
|
||||||
|
"HSBC"
|
||||||
],
|
],
|
||||||
"cfr-target-category": [
|
"cfr-target-category": [
|
||||||
"Private sector",
|
"Private sector",
|
||||||
"Government"
|
"Government"
|
||||||
],
|
],
|
||||||
"cfr-type-of-incident": "Espionage",
|
"cfr-type-of-incident": [
|
||||||
|
"Espionage",
|
||||||
|
"Denial of service"
|
||||||
|
],
|
||||||
"country": "IR",
|
"country": "IR",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.cfr.org/interactive/cyber-operations/magic-hound",
|
"https://www.cfr.org/interactive/cyber-operations/magic-hound",
|
||||||
|
@ -2198,7 +2131,9 @@
|
||||||
"https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf",
|
"https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf",
|
||||||
"https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf",
|
"https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf",
|
||||||
"https://attack.mitre.org/groups/G0059/",
|
"https://attack.mitre.org/groups/G0059/",
|
||||||
"https://attack.mitre.org/groups/G0003/"
|
"https://attack.mitre.org/groups/G0003/",
|
||||||
|
"https://www.cfr.org/interactive/cyber-operations/itsecteam",
|
||||||
|
"https://xorl.wordpress.com/2021/05/06/iran-cyber-operations-groups/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Operation Cleaver",
|
"Operation Cleaver",
|
||||||
|
@ -2206,6 +2141,7 @@
|
||||||
"Alibaba",
|
"Alibaba",
|
||||||
"2889",
|
"2889",
|
||||||
"TG-2889",
|
"TG-2889",
|
||||||
|
"Threat Group 2889",
|
||||||
"Cobalt Gypsy",
|
"Cobalt Gypsy",
|
||||||
"Rocket_Kitten",
|
"Rocket_Kitten",
|
||||||
"Cutting Kitten",
|
"Cutting Kitten",
|
||||||
|
@ -2216,7 +2152,8 @@
|
||||||
"TEMP.Beanie",
|
"TEMP.Beanie",
|
||||||
"Ghambar",
|
"Ghambar",
|
||||||
"G0059",
|
"G0059",
|
||||||
"G0003"
|
"G0003",
|
||||||
|
"ITSecTeam"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
|
Loading…
Reference in New Issue