MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

adding targeted sectors

pull/865/head
Delta-Sierra 2023-09-15 10:21:44 +02:00
parent 214ac5d329
commit db23d6eb4c
1 changed files with 74 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
clusters/threat-actor.json
View File

@ -2982,6 +2982,11 @@
"https://www.kaspersky.com/blog/financial-trojans-2019/25690/",
"https://www.welivesecurity.com/2015/04/09/operation-buhtrap/",
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf"
],
"targeted-sector": [
"Bank",
"Payment",
"Finance"
]
},
"uuid": "b737c51f-b579-49d5-a907-743b2e6d03cb",
@ -3002,6 +3007,11 @@
"synonyms": [
"FIN4",
"G0085"
],
"targeted-sector": [
"Health",
"Finance",
"Pharmacy"
]
},
"uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57",
@ -3020,7 +3030,10 @@
"description": "This group's activity was first observed in November 2013. It leverages a banking Trojan more commonly known as Shylock which aims to compromise online banking credentials and credentials related to Bitcoin wallets.",
"meta": {
"attribution-confidence": "50",
"country": "RU"
"country": "RU",
"targeted-sector": [
"Bank"
]
},
"uuid": "7dd7a8df-9012-4d14-977f-b3f9f71266b4",
"value": "SHARK SPIDER"
@ -3032,6 +3045,10 @@
"country": "RU",
"refs": [
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
],
"targeted-sector": [
"Manufacturing",
"Industrial"
]
},
"uuid": "db774b7d-a0ee-4375-b24e-fd278f5ab2fd",
@ -3264,6 +3281,10 @@
"APT-C-35",
"SectorE02",
"Orange Kala"
],
"targeted-sector": [
"Government, Administration",
"Security Service"
]
},
"related": [
@ -3364,6 +3385,14 @@
"synonyms": [
"SyrianElectronicArmy",
"SEA"
],
"targeted-sector": [
"Country",
"Defense",
"Opposition",
"Political party",
"News - Media",
"Government, Administration"
]
},
"uuid": "4265d44e-8372-4ed0-b428-b331a5443d7d",
@ -3403,6 +3432,11 @@
"TMP.Lapis",
"Green Havildar",
"COPPER FIELDSTONE"
],
"targeted-sector": [
"Activists",
"Civil society",
"Military"
]
},
"related": [
@ -3447,6 +3481,12 @@
"synonyms": [
"FruityArmor",
"G0038"
],
"targeted-sector": [
"Activists",
"Dissidents",
"Journalist",
"Civil society"
]
},
"related": [
@ -3516,6 +3556,10 @@
"G0040",
"Orange Athos",
"Thirsty Gemini"
],
"targeted-sector": [
"Finance",
"Diplomacy"
]
},
"related": [
@ -3558,6 +3602,9 @@
"synonyms": [
"G0029",
"Golfing Taurus"
],
"targeted-sector": [
"Activists"
]
},
"related": [
@ -3683,6 +3730,9 @@
"Sauron",
"Project Sauron",
"G0041"
],
"targeted-sector": [
"Intelligence"
]
},
"related": [
@ -3727,6 +3777,9 @@
],
"synonyms": [
"G0036"
],
"targeted-sector": [
"Bank"
]
},
"related": [
@ -3825,7 +3878,10 @@
"description": "Libyan Scorpions is a malware operation in use since September 2015 and operated by a politically motivated group whose main objective is intelligence gathering, spying on influentials and political figures and operate an espionage campaign within Libya.",
"meta": {
"attribution-confidence": "50",
"country": "LY"
"country": "LY",
"targeted-sector": [
"Intelligence"
]
},
"uuid": "815cbe98-e157-4078-9caa-c5a25dd64731",
"value": "Libyan Scorpions"
@ -3911,6 +3967,15 @@
"ATK40",
"G0049",
"Evasive Serpens"
],
"targeted-sector": [
"Chemical",
"Energy",
"engineering",
"Finance",
"Government, Administration",
"Telecoms",
"Other"
]
},
"related": [
@ -4059,6 +4124,10 @@
],
"suspected-victims": [
"Ukraine"
],
"targeted-sector": [
"Think Tanks",
"Government, Administration"
]
},
"uuid": "3d5192f2-f235-46fd-aa68-dd00cc17d632",
@ -4069,6 +4138,9 @@
"meta": {
"refs": [
"https://blogs.technet.microsoft.com/mmpc/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/"
],
"targeted-sector": [
"Energy"
]
},
"related": [