MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #572 from nyx0/main 

Few updates
pull/573/head
Alexandre Dulaunoy 2020-08-15 11:37:43 +02:00 committed by GitHub
parent cd6f019910 4009ef9997
commit d95000eca3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 52 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
clusters/threat-actor.json
View File

@ -175,18 +175,6 @@
"uuid": "9e71024e-817f-45b0-92a0-d886c30bc929",
"value": "Dust Storm"
},
{
"description": "Adversary targeting dissident groups in China and its surroundings.",
"meta": {
"attribution-confidence": "50",
"country": "CN",
"refs": [
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
]
},
"uuid": "06e659ff-ece8-4e6c-a110-d9692ac6d8ee",
"value": "Karma Panda"
},
{
"meta": {
"attribution-confidence": "50",
@ -4780,10 +4768,29 @@
{
"meta": {
"attribution-confidence": "50",
"cfr-suspected-state-sponsor": "China",
"cfr-suspected-victims": [
"Eastern Europe",
"Japan",
"South Korea",
"Taiwan",
"US"
],
"cfr-target-category": [
"Military",
"Government",
"Private sector"
],
"country": "CN",
"refs": [
"https://www.wsj.com/articles/chinas-secret-weapon-in-south-korea-missile-fight-hackers-1492766403?emailToken=JRrydPtyYnqTg9EyZsw31FwuZ7JNEOKCXF7LaW/HM1DLsjnUp6e6wLgph560pnmiTAN/5ssf7moyADPQj2p2Gc+YkL1yi0zhIiUM9M6aj1HTYQ==",
"https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/"
"https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/",
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf",
"https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/",
"https://www.wsj.com/articles/chinas-secret-weapon-in-south-korea-missile-fight-hackers-1492766403"
],
"synonyms": [
"CactusPete",
"Karma Panda"
]
},
"uuid": "0ab7c8de-fc23-4793-99aa-7ee336199e26",
@ -5769,7 +5776,16 @@
"United States",
"Hong Kong",
"The Philippines",
"Asia Pacific Economic Cooperation"
"Asia Pacific Economic Cooperation",
"Cambodia",
"Belgium",
"Germany",
"Philippines",
"Malaysia",
"Norway",
"Saudi Arabia",
"Switzerland",
"United Kingdom"
],
"cfr-target-category": [
"Government",
@ -5792,7 +5808,9 @@
"https://intrusiontruth.wordpress.com/2020/01/13/who-else-works-for-this-cover-company-network",
"https://intrusiontruth.wordpress.com/2020/01/14/who-is-mr-ding",
"https://intrusiontruth.wordpress.com/2020/01/15/hainan-xiandun-technology-company-is-apt40",
"https://www.secureworks.com/research/threat-profiles/bronze-mohawk"
"https://www.secureworks.com/research/threat-profiles/bronze-mohawk",
"https://www.mycert.org.my/portal/advisory?id=MA-774.022020",
"https://www.elastic.co/blog/advanced-techniques-used-in-malaysian-focused-apt-campaign"
],
"synonyms": [
"TEMP.Periscope",
@ -8317,5 +8335,5 @@
"value": "GALLIUM"
}
],
"version": 171
"version": 173
}

18
clusters/tool.json
View File

@ -8126,7 +8126,23 @@
"related": [],
"uuid": "59266c02-e3c8-47a6-b00c-bbb50c8975e9",
"value": "WellMail"
},
{
"description": "Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server.",
"meta": {
"refs": [
"https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF"
],
"synonyms": [],
"type": [
"Backdoor",
"Rootkit"
]
},
"related": [],
"uuid": "a0a46c1b-e774-410e-a84b-020b2558d851",
"value": "Drovorub"
}
],
"version": 137
"version": 138
}