From bf7c5f1dd9066435e4d8cb1472179f0787c78263 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Sun, 23 Apr 2023 11:56:41 +0200 Subject: [PATCH] chg: [rels] threat-actor & MS activity group - on synonym --- clusters/microsoft-activity-group.json | 347 ++++++++++++++++++++++++- clusters/threat-actor.json | 315 +++++++++++++++++++++- 2 files changed, 659 insertions(+), 3 deletions(-) diff --git a/clusters/microsoft-activity-group.json b/clusters/microsoft-activity-group.json index f4f568b..09050e1 100644 --- a/clusters/microsoft-activity-group.json +++ b/clusters/microsoft-activity-group.json @@ -182,6 +182,15 @@ "https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/" ] }, + "related": [ + { + "dest-uuid": "9c124874-042d-48cd-b72b-ccdc51ecbbd6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "cc70bdbd-afa7-4e19-bba2-2443811ef3af", "value": "BARIUM" }, @@ -192,6 +201,15 @@ "https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/" ] }, + "related": [ + { + "dest-uuid": "9c124874-042d-48cd-b72b-ccdc51ecbbd6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "f542442e-ba0f-425d-b386-6c10351a468e", "value": "LEAD" }, @@ -202,6 +220,15 @@ "https://blogs.technet.microsoft.com/mmpc/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/" ] }, + "related": [ + { + "dest-uuid": "6bf7e6b6-5917-45a6-9567-f0baba79768c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2d19c573-252b-49d8-8c2e-3b529b91e72d", "value": "ZIRCONIUM" }, @@ -267,6 +294,15 @@ "https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/" ] }, + "related": [ + { + "dest-uuid": "5b4b6980-3bc7-11e8-84d6-879aaac37dd9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "99e708f7-1c01-467d-b0da-f6cebd434abc", "value": "GADOLINIUM" }, @@ -393,6 +429,15 @@ "APT41" ] }, + "related": [ + { + "dest-uuid": "9c124874-042d-48cd-b72b-ccdc51ecbbd6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "2fc42ffc-dd1a-560e-ac97-05e8fa27bbe5", "value": "Brass Typhoon" }, @@ -407,6 +452,15 @@ "DEV-0586" ] }, + "related": [ + { + "dest-uuid": "a5f64c1a-c829-4855-903d-e0ff2098b2d7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "7f190457-6829-55c4-9b6b-bccdadb747cb", "value": "Cadet Blizzard" }, @@ -422,6 +476,15 @@ "Skeleton Spider" ] }, + "related": [ + { + "dest-uuid": "647894f6-1723-4cba-aba4-0ef0966d5302", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3126bd2c-3d04-5174-ad03-40136b94f574", "value": "Camouflage Tempest" }, @@ -438,6 +501,15 @@ "OceanLotus" ] }, + "related": [ + { + "dest-uuid": "aa29ae56-e54b-47a2-ad16-d3ab0242d5d7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "37808cab-cbb3-560b-bebd-375fa328ea1e", "value": "Canvas Cyclone" }, @@ -496,6 +568,15 @@ "Bronze Starlight" ] }, + "related": [ + { + "dest-uuid": "737c0207-1a1a-4480-86e7-b6a5066e1ee5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "43fe584d-88e5-5f2b-a9fd-a866e62040bb", "value": "Cinnamon Tempest" }, @@ -602,6 +683,15 @@ "Velvet Chollima" ] }, + "related": [ + { + "dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "44be06b1-e17a-5ea6-a0a2-067933a7af77", "value": "Emerald Sleet" }, @@ -618,6 +708,15 @@ "Fancy Bear" ] }, + "related": [ + { + "dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8d84d7b0-7716-5ab3-a3a4-f373dd148347", "value": "Forest Blizzard" }, @@ -634,6 +733,15 @@ "Crouching Yeti" ] }, + "related": [ + { + "dest-uuid": "64d6559c-6d5c-4585-bbf9-c17868f763ee", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "45d0f984-2b63-517b-922a-12924bcf4f68", "value": "Ghost Blizzard" }, @@ -652,6 +760,15 @@ "Kryptonite Panda" ] }, + "related": [ + { + "dest-uuid": "5b4b6980-3bc7-11e8-84d6-879aaac37dd9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "dbc45b46-5b64-50d4-b0f1-d7de888d4e85", "value": "Gingham Typhoon" }, @@ -666,6 +783,15 @@ "GALLIUM" ] }, + "related": [ + { + "dest-uuid": "e400b6c5-77cf-453d-ba0f-44575583ac6c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ae4036de-c901-5f21-808a-f5c071ef509b", "value": "Granite Typhoon" }, @@ -697,6 +823,15 @@ "OilRig" ] }, + "related": [ + { + "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b6260d6d-a2f7-5b79-8132-5c456a225f53", "value": "Hazel Sandstorm" }, @@ -712,6 +847,22 @@ "TA505" ] }, + "related": [ + { + "dest-uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c01aadc6-1087-4e8e-8d5c-a27eba409fe3", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b27dcdee-14b1-5842-86b3-32eacec94584", "value": "Lace Tempest" }, @@ -729,6 +880,15 @@ "PioneerKitten" ] }, + "related": [ + { + "dest-uuid": "bfb0bc20-5bdf-47ff-b07f-dbd9a3cb9772", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "0757856a-1313-57d8-bb6c-f4c537e110da", "value": "Lemon Sandstorm" }, @@ -759,6 +919,15 @@ "Indrik Spider" ] }, + "related": [ + { + "dest-uuid": "658314bc-3bb8-48d2-913a-c528607b75c8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b19bc1a0-2489-56ae-aa61-ed147310363e", "value": "Manatee Tempest" }, @@ -777,6 +946,15 @@ "TEMP.Zagros" ] }, + "related": [ + { + "dest-uuid": "a29af069-03c3-4534-b78b-7d1a77ea085b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "da68ca6d-250f-50f1-a585-240475fdbb35", "value": "Mango Sandstorm" }, @@ -792,6 +970,15 @@ "Sea Turtle" ] }, + "related": [ + { + "dest-uuid": "ce7bba52-5ae8-44ea-9979-68502d832ab7", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fc91881e-92c0-5a63-a0b9-b253958a594e", "value": "Marbled Dust" }, @@ -823,6 +1010,15 @@ "Cozy Bear" ] }, + "related": [ + { + "dest-uuid": "b2056ff0-00b9-482e-b11c-c771daa5f28a", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "31982812-c8bf-5e85-b0ba-0c64a7d05d20", "value": "Midnight Blizzard" }, @@ -839,6 +1035,22 @@ "Charming Kitten" ] }, + "related": [ + { + "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "b8967b3c-3bc9-11e8-8701-8b1ead8c099e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "400cd1b8-52b7-5a5c-984f-9b4af35ea231", "value": "Mint Sandstorm" }, @@ -856,6 +1068,15 @@ "TABCTENG" ] }, + "related": [ + { + "dest-uuid": "a47b79ae-7a0c-4308-9efc-294af19cc795", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fa562b27-d3ff-5e7c-9079-c957eb01a0e0", "value": "Mulberry Typhoon" }, @@ -901,6 +1122,15 @@ "Vixen Panda" ] }, + "related": [ + { + "dest-uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "66571167-13fe-5817-93e0-54ae8f206fdc", "value": "Nylon Typhoon" }, @@ -932,6 +1162,15 @@ "Refined Kitten" ] }, + "related": [ + { + "dest-uuid": "4f69ec6d-cb6b-42af-b8e2-920a2aa4be10", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "4c0f085a-70b1-5ee6-a45a-dc368f03e701", "value": "Peach Sandstorm" }, @@ -962,6 +1201,15 @@ "UNC2053" ] }, + "related": [ + { + "dest-uuid": "bdf4fe4f-af8a-495f-a719-cf175cecda1f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "120dc1ae-e850-5059-a4fb-520748ca6881", "value": "Periwinkle Tempest" }, @@ -1025,6 +1273,15 @@ "POLONIUM" ] }, + "related": [ + { + "dest-uuid": "3c5129ea-8f18-4bcf-a33b-b5aab0720494", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ce5357da-0e15-5022-bd4f-74aa689d0b2e", "value": "Plaid Rain" }, @@ -1056,6 +1313,15 @@ "LotusBlossom" ] }, + "related": [ + { + "dest-uuid": "d3881afe-f781-4c53-9f68-33487a119a59", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "b3c378fc-1ce3-5a46-a32e-f55a584c6536", "value": "Raspberry Typhoon" }, @@ -1085,6 +1351,15 @@ "FIN7" ] }, + "related": [ + { + "dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "9471ad21-0553-5483-bf7c-e6ad9c062c79", "value": "Sangria Tempest" }, @@ -1116,6 +1391,22 @@ "Sandworm" ] }, + "related": [ + { + "dest-uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "29cfe970-5446-4cfc-a2da-00e9f49e02ba", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "473eb51c-36cb-5e3a-8347-2f57df809be9", "value": "Seashell Blizzard" }, @@ -1133,6 +1424,15 @@ "Snake" ] }, + "related": [ + { + "dest-uuid": "fa80877c-f509-4daf-8b62-20aba1635f68", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "8d19da8a-d0fa-5194-ad6f-315cc4f36c8b", "value": "Secret Blizzard" }, @@ -1147,6 +1447,15 @@ "HAFNIUM" ] }, + "related": [ + { + "dest-uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "9728610a-17cb-5cac-9322-ef19ae296a29", "value": "Silk Typhoon" }, @@ -1175,6 +1484,15 @@ "TA505" ] }, + "related": [ + { + "dest-uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c85120d0-c397-5d30-9d57-3b019090acd5", "value": "Spandex Tempest" }, @@ -1191,6 +1509,15 @@ "Reuse Team" ] }, + "related": [ + { + "dest-uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "06630ccd-98ed-5aec-8083-e04c894bd2d6", "value": "Star Blizzard" }, @@ -1303,6 +1630,15 @@ "APT31" ] }, + "related": [ + { + "dest-uuid": "6bf7e6b6-5917-45a6-9567-f0baba79768c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "27eb4928-b3e6-5ae1-bbb6-f73bce8d7c69", "value": "Violet Typhoon" }, @@ -1317,6 +1653,15 @@ "Wadhrama" ] }, + "related": [ + { + "dest-uuid": "4245e4cd-a57a-4e0b-9853-acaa549d495d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "5939e42e-06d0-5719-8072-62f0fc0821e8", "value": "Wine Tempest" }, @@ -1351,5 +1696,5 @@ "value": "Zigzag Hail" } ], - "version": 17 + "version": 18 } diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index b8cde50..03381ac 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -745,7 +745,15 @@ "G0013" ] }, - "related": [], + "related": [ + { + "dest-uuid": "b3c378fc-1ce3-5a46-a32e-f55a584c6536", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d3881afe-f781-4c53-9f68-33487a119a59", "value": "APT30" }, @@ -1070,6 +1078,15 @@ "Red Vulture" ] }, + "related": [ + { + "dest-uuid": "66571167-13fe-5817-93e0-54ae8f206fdc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8", "value": "APT15" }, @@ -1748,6 +1765,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "400cd1b8-52b7-5a5c-984f-9b4af35ea231", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "f98bac6b-12fd-4cad-be84-c84666932232", @@ -1808,6 +1832,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "4c0f085a-70b1-5ee6-a45a-dc368f03e701", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "4f69ec6d-cb6b-42af-b8e2-920a2aa4be10", @@ -2232,6 +2263,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "8d84d7b0-7716-5ab3-a3a4-f373dd148347", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754", @@ -2324,6 +2362,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "uses" + }, + { + "dest-uuid": "31982812-c8bf-5e85-b0ba-0c64a7d05d20", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "b2056ff0-00b9-482e-b11c-c771daa5f28a", @@ -2431,6 +2476,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "8d19da8a-d0fa-5194-ad6f-315cc4f36c8b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "fa80877c-f509-4daf-8b62-20aba1635f68", @@ -2505,6 +2557,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "45d0f984-2b63-517b-922a-12924bcf4f68", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "64d6559c-6d5c-4585-bbf9-c17868f763ee", @@ -2595,6 +2654,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "473eb51c-36cb-5e3a-8347-2f57df809be9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35", @@ -2662,6 +2728,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "9471ad21-0553-5483-bf7c-e6ad9c062c79", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb", @@ -3491,6 +3564,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" + }, + { + "dest-uuid": "3126bd2c-3d04-5174-ad03-40136b94f574", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "647894f6-1723-4cba-aba4-0ef0966d5302", @@ -3672,6 +3752,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "b6260d6d-a2f7-5b79-8132-5c456a225f53", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", @@ -4279,6 +4366,15 @@ "GOSSAMER BEAR" ] }, + "related": [ + { + "dest-uuid": "06630ccd-98ed-5aec-8083-e04c894bd2d6", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f", "value": "Callisto" }, @@ -4349,6 +4445,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "37808cab-cbb3-560b-bebd-375fa328ea1e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "aa29ae56-e54b-47a2-ad16-d3ab0242d5d7", @@ -4645,6 +4748,15 @@ "TEMP.Bottle" ] }, + "related": [ + { + "dest-uuid": "fa562b27-d3ff-5e7c-9079-c957eb01a0e0", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a47b79ae-7a0c-4308-9efc-294af19cc795", "value": "APT5" }, @@ -4996,6 +5108,15 @@ "G0086" ] }, + "related": [ + { + "dest-uuid": "44be06b1-e17a-5ea6-a0a2-067933a7af77", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3", "value": "Kimsuky" }, @@ -5450,6 +5571,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "da68ca6d-250f-50f1-a585-240475fdbb35", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "a29af069-03c3-4534-b78b-7d1a77ea085b", @@ -5647,6 +5775,20 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "99e708f7-1c01-467d-b0da-f6cebd434abc", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "dbc45b46-5b64-50d4-b0f1-d7de888d4e85", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "5b4b6980-3bc7-11e8-84d6-879aaac37dd9", @@ -5681,6 +5823,13 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "400cd1b8-52b7-5a5c-984f-9b4af35ea231", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "b8967b3c-3bc9-11e8-8701-8b1ead8c099e", @@ -6404,6 +6553,15 @@ "https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/" ] }, + "related": [ + { + "dest-uuid": "b19bc1a0-2489-56ae-aa61-ed147310363e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "658314bc-3bb8-48d2-913a-c528607b75c8", "value": "INDRIK SPIDER" }, @@ -6550,6 +6708,22 @@ "CHIMBORAZO" ] }, + "related": [ + { + "dest-uuid": "b27dcdee-14b1-5842-86b3-32eacec94584", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "c85120d0-c397-5d30-9d57-3b019090acd5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f", "value": "TA505" }, @@ -6591,6 +6765,15 @@ "FIN12" ] }, + "related": [ + { + "dest-uuid": "120dc1ae-e850-5059-a4fb-520748ca6881", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "bdf4fe4f-af8a-495f-a719-cf175cecda1f", "value": "WIZARD SPIDER" }, @@ -6843,6 +7026,15 @@ "https://hub.packtpub.com/resecurity-reports-iriduim-behind-citrix-data-breach-200-government-agencies-oil-and-gas-companies-and-technology-companies-also-targeted/" ] }, + "related": [ + { + "dest-uuid": "473eb51c-36cb-5e3a-8347-2f57df809be9", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "29cfe970-5446-4cfc-a2da-00e9f49e02ba", "value": "IRIDIUM" }, @@ -6917,6 +7109,15 @@ "https://blog.talosintelligence.com/2019/04/seaturtle.html" ] }, + "related": [ + { + "dest-uuid": "fc91881e-92c0-5a63-a0b9-b253958a594e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "ce7bba52-5ae8-44ea-9979-68502d832ab7", "value": "Sea Turtle" }, @@ -6983,6 +7184,22 @@ "Red keres" ] }, + "related": [ + { + "dest-uuid": "2d19c573-252b-49d8-8c2e-3b529b91e72d", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "27eb4928-b3e6-5ae1-bbb6-f73bce8d7c69", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "6bf7e6b6-5917-45a6-9567-f0baba79768c", "value": "APT31" }, @@ -7541,6 +7758,27 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" + }, + { + "dest-uuid": "cc70bdbd-afa7-4e19-bba2-2443811ef3af", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "f542442e-ba0f-425d-b386-6c10351a468e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "2fc42ffc-dd1a-560e-ac97-05e8fa27bbe5", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "9c124874-042d-48cd-b72b-ccdc51ecbbd6", @@ -7606,6 +7844,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "similar" + }, + { + "dest-uuid": "6085aad0-1d95-11ea-a140-078d42aced40", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "8dda51ef-9a30-48f7-b0fd-5b6f0a62262d", @@ -8063,6 +8308,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "similar" + }, + { + "dest-uuid": "ae4036de-c901-5f21-808a-f5c071ef509b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "e400b6c5-77cf-453d-ba0f-44575583ac6c", @@ -8104,6 +8356,15 @@ "UNC757" ] }, + "related": [ + { + "dest-uuid": "0757856a-1313-57d8-bb6c-f4c537e110da", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "bfb0bc20-5bdf-47ff-b07f-dbd9a3cb9772", "value": "Fox Kitten" }, @@ -8160,6 +8421,15 @@ "UNC902" ] }, + "related": [ + { + "dest-uuid": "b27dcdee-14b1-5842-86b3-32eacec94584", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "c01aadc6-1087-4e8e-8d5c-a27eba409fe3", "value": "FIN11" }, @@ -8315,6 +8585,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "similar" + }, + { + "dest-uuid": "9728610a-17cb-5cac-9322-ef19ae296a29", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5", @@ -9300,6 +9577,15 @@ "https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/" ] }, + "related": [ + { + "dest-uuid": "ce5357da-0e15-5022-bd4f-74aa689d0b2e", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3c5129ea-8f18-4bcf-a33b-b5aab0720494", "value": "POLONIUM" }, @@ -9343,6 +9629,15 @@ "Ruinous Ursa" ] }, + "related": [ + { + "dest-uuid": "7f190457-6829-55c4-9b6b-bccdadb747cb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "a5f64c1a-c829-4855-903d-e0ff2098b2d7", "value": "DEV-0586" }, @@ -9579,6 +9874,15 @@ "DEV-0401" ] }, + "related": [ + { + "dest-uuid": "43fe584d-88e5-5f2b-a9fd-a866e62040bb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "737c0207-1a1a-4480-86e7-b6a5066e1ee5", "value": "BRONZE STARLIGHT" }, @@ -9838,6 +10142,13 @@ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "similar" + }, + { + "dest-uuid": "5939e42e-06d0-5719-8072-62f0fc0821e8", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" } ], "uuid": "4245e4cd-a57a-4e0b-9853-acaa549d495d", @@ -10733,5 +11044,5 @@ "value": "Anonymous Sudan" } ], - "version": 266 + "version": 267 }