mirror of https://github.com/MISP/misp-galaxy
GitHub
commit
d95000eca3
|
|
@ -175,18 +175,6 @@
|
||||||
"uuid": "9e71024e-817f-45b0-92a0-d886c30bc929",
|
"uuid": "9e71024e-817f-45b0-92a0-d886c30bc929",
|
||||||
"value": "Dust Storm"
|
"value": "Dust Storm"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"description": "Adversary targeting dissident groups in China and its surroundings.",
|
|
||||||
"meta": {
|
|
||||||
"attribution-confidence": "50",
|
|
||||||
"country": "CN",
|
|
||||||
"refs": [
|
|
||||||
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"uuid": "06e659ff-ece8-4e6c-a110-d9692ac6d8ee",
|
|
||||||
"value": "Karma Panda"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
"attribution-confidence": "50",
|
"attribution-confidence": "50",
|
||||||
|
|
@ -4780,10 +4768,29 @@
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
"attribution-confidence": "50",
|
"attribution-confidence": "50",
|
||||||
|
"cfr-suspected-state-sponsor": "China",
|
||||||
|
"cfr-suspected-victims": [
|
||||||
|
"Eastern Europe",
|
||||||
|
"Japan",
|
||||||
|
"South Korea",
|
||||||
|
"Taiwan",
|
||||||
|
"US"
|
||||||
|
],
|
||||||
|
"cfr-target-category": [
|
||||||
|
"Military",
|
||||||
|
"Government",
|
||||||
|
"Private sector"
|
||||||
|
],
|
||||||
"country": "CN",
|
"country": "CN",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.wsj.com/articles/chinas-secret-weapon-in-south-korea-missile-fight-hackers-1492766403?emailToken=JRrydPtyYnqTg9EyZsw31FwuZ7JNEOKCXF7LaW/HM1DLsjnUp6e6wLgph560pnmiTAN/5ssf7moyADPQj2p2Gc+YkL1yi0zhIiUM9M6aj1HTYQ==",
|
"https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/",
|
||||||
"https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/"
|
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf",
|
||||||
|
"https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/",
|
||||||
|
"https://www.wsj.com/articles/chinas-secret-weapon-in-south-korea-missile-fight-hackers-1492766403"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"CactusPete",
|
||||||
|
"Karma Panda"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "0ab7c8de-fc23-4793-99aa-7ee336199e26",
|
"uuid": "0ab7c8de-fc23-4793-99aa-7ee336199e26",
|
||||||
|
|
@ -5769,7 +5776,16 @@
|
||||||
"United States",
|
"United States",
|
||||||
"Hong Kong",
|
"Hong Kong",
|
||||||
"The Philippines",
|
"The Philippines",
|
||||||
"Asia Pacific Economic Cooperation"
|
"Asia Pacific Economic Cooperation",
|
||||||
|
"Cambodia",
|
||||||
|
"Belgium",
|
||||||
|
"Germany",
|
||||||
|
"Philippines",
|
||||||
|
"Malaysia",
|
||||||
|
"Norway",
|
||||||
|
"Saudi Arabia",
|
||||||
|
"Switzerland",
|
||||||
|
"United Kingdom"
|
||||||
],
|
],
|
||||||
"cfr-target-category": [
|
"cfr-target-category": [
|
||||||
"Government",
|
"Government",
|
||||||
|
|
@ -5792,7 +5808,9 @@
|
||||||
"https://intrusiontruth.wordpress.com/2020/01/13/who-else-works-for-this-cover-company-network",
|
"https://intrusiontruth.wordpress.com/2020/01/13/who-else-works-for-this-cover-company-network",
|
||||||
"https://intrusiontruth.wordpress.com/2020/01/14/who-is-mr-ding",
|
"https://intrusiontruth.wordpress.com/2020/01/14/who-is-mr-ding",
|
||||||
"https://intrusiontruth.wordpress.com/2020/01/15/hainan-xiandun-technology-company-is-apt40",
|
"https://intrusiontruth.wordpress.com/2020/01/15/hainan-xiandun-technology-company-is-apt40",
|
||||||
"https://www.secureworks.com/research/threat-profiles/bronze-mohawk"
|
"https://www.secureworks.com/research/threat-profiles/bronze-mohawk",
|
||||||
|
"https://www.mycert.org.my/portal/advisory?id=MA-774.022020",
|
||||||
|
"https://www.elastic.co/blog/advanced-techniques-used-in-malaysian-focused-apt-campaign"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"TEMP.Periscope",
|
"TEMP.Periscope",
|
||||||
|
|
@ -8317,5 +8335,5 @@
|
||||||
"value": "GALLIUM"
|
"value": "GALLIUM"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 171
|
"version": 173
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -8126,7 +8126,23 @@
|
||||||
"related": [],
|
"related": [],
|
||||||
"uuid": "59266c02-e3c8-47a6-b00c-bbb50c8975e9",
|
"uuid": "59266c02-e3c8-47a6-b00c-bbb50c8975e9",
|
||||||
"value": "WellMail"
|
"value": "WellMail"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF"
|
||||||
|
],
|
||||||
|
"synonyms": [],
|
||||||
|
"type": [
|
||||||
|
"Backdoor",
|
||||||
|
"Rootkit"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [],
|
||||||
|
"uuid": "a0a46c1b-e774-410e-a84b-020b2558d851",
|
||||||
|
"value": "Drovorub"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 137
|
"version": 138
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue