MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge https://github.com/MISP/misp-galaxy

pull/843/head
Delta-Sierra 2023-04-19 15:06:51 +02:00
parent 6b8994271e 4277fd393e
commit ecb7e79a6e
2 changed files with 872 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

864
clusters/microsoft-activity-group.json
View File

@ -340,6 +340,870 @@
], ],
"uuid": "d7247cf9-13b6-4781-b789-a5f33521633b", "uuid": "d7247cf9-13b6-4781-b789-a5f33521633b",
"value": "NOBELIUM" "value": "NOBELIUM"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "CN",
"synonyms": [
"APT41",
"BARIUM"
]
},
"uuid": "2fc42ffc-dd1a-560e-ac97-05e8fa27bbe5",
"value": "Brass Typhoon"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "CN",
"synonyms": [
"CHROMIUM",
"ControlX"
]
},
"uuid": "3f8b7c98-7484-523f-9d58-181274e6fc8f",
"value": "Charcoal Typhoon"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "CN",
"synonyms": [
"DEV-0322"
]
},
"uuid": "0bebd962-191a-5671-b5b0-f6de7c8180fc",
"value": "Circle Typhoon"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "CN",
"synonyms": [
"APT40",
"GADOLINIUM",
"Kryptonite Panda",
"Leviathan",
"TEMP.Periscope"
]
},
"uuid": "dbc45b46-5b64-50d4-b0f1-d7de888d4e85",
"value": "Gingham Typhoon"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "CN",
"synonyms": [
"GALLIUM"
]
},
"uuid": "ae4036de-c901-5f21-808a-f5c071ef509b",
"value": "Granite Typhoon"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "CN",
"synonyms": [
"DEV-0234"
]
},
"uuid": "aa45a89c-4c2b-5f6b-9a3d-51abccaa9623",
"value": "Lilac Typhoon"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "CN",
"synonyms": [
"APT5",
"Keyhole Panda",
"MANGANESE",
"TABCTENG"
]
},
"uuid": "fa562b27-d3ff-5e7c-9079-c957eb01a0e0",
"value": "Mulberry Typhoon"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "CN",
"synonyms": [
"APT15",
"NICKEL",
"Vixen Panda",
"ke3chang"
]
},
"uuid": "66571167-13fe-5817-93e0-54ae8f206fdc",
"value": "Nylon Typhoon"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "CN",
"synonyms": [
"APT30",
"LotusBlossom",
"RADIUM"
]
},
"uuid": "b3c378fc-1ce3-5a46-a32e-f55a584c6536",
"value": "Raspberry Typhoon"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "CN",
"synonyms": [
"HAFNIUM"
]
},
"uuid": "9728610a-17cb-5cac-9322-ef19ae296a29",
"value": "Silk Typhoon"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "CN",
"synonyms": [
"APT31",
"ZIRCONIUM"
]
},
"uuid": "27eb4928-b3e6-5ae1-bbb6-f73bce8d7c69",
"value": "Violet Typhoon"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Financially motivated",
"synonyms": [
"Bronze Starlight",
"DEV-0401",
"Emperor Dragonfly"
]
},
"uuid": "43fe584d-88e5-5f2b-a9fd-a866e62040bb",
"value": "Cinnamon Tempest"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Financially motivated",
"synonyms": [
"DEV-0950",
"FIN11",
"TA505"
]
},
"uuid": "b27dcdee-14b1-5842-86b3-32eacec94584",
"value": "Lace Tempest"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Financially motivated",
"synonyms": [
"DEV-0206",
"Purple Vallhund"
]
},
"uuid": "1b1524f4-16b0-5b85-aea4-844babea4ccb",
"value": "Mustard Tempest"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Financially motivated",
"synonyms": [
"DEV-0193",
"UNC2053",
"Wizard Spider"
]
},
"uuid": "120dc1ae-e850-5059-a4fb-520748ca6881",
"value": "Periwinkle Tempest"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Financially motivated",
"synonyms": [
"Choziosi loader",
"Chrome Loader",
"ClickPirate",
"DEV-0796"
]
},
"uuid": "3c9a0350-8d17-5624-872c-fe44969a5888",
"value": "Phlox Tempest"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Financially motivated",
"synonyms": [
"DEV-0237",
"FIN12"
]
},
"uuid": "567ea386-a78f-5550-ae7c-9c9eacdf45af",
"value": "Pistachio Tempest"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Financially motivated",
"synonyms": [
"Carbon Spider",
"ELBRUS",
"FIN7"
]
},
"uuid": "9471ad21-0553-5483-bf7c-e6ad9c062c79",
"value": "Sangria Tempest"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Financially motivated",
"synonyms": [
"CHIMBORAZO",
"TA505"
]
},
"uuid": "c85120d0-c397-5d30-9d57-3b019090acd5",
"value": "Spandex Tempest"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Financially motivated",
"synonyms": [
"DEV-0537",
"LAPSUS$"
]
},
"uuid": "d4dfb329-822c-5db3-a078-a8c0f77924da",
"value": "Strawberry Tempest"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Financially motivated",
"synonyms": [
"DEV-0832"
]
},
"uuid": "a01da064-988c-5ad3-92c6-9537adb6a5f0",
"value": "Vanilla Tempest"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Financially motivated",
"synonyms": [
"DEV-0504"
]
},
"uuid": "0662a721-a92e-50b3-a5ac-0c4142ac9aeb",
"value": "Velvet Tempest"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Financially motivated",
"synonyms": [
"PARINACOTA",
"Wadhrama"
]
},
"uuid": "5939e42e-06d0-5719-8072-62f0fc0821e8",
"value": "Wine Tempest"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Group in development",
"synonyms": [
"DEV-0257",
"UNC1151"
]
},
"uuid": "60ac9e2c-b3b2-5c6b-913e-935952e14c28",
"value": "Storm-0257"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "IR",
"synonyms": [
"NEPTUNIUM",
"Vice Leaker"
]
},
"uuid": "b06ff51a-77e7-5b7f-9938-4a2d37bce5a4",
"value": "Cotton Sandstorm"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "IR",
"synonyms": [
"CURIUM",
"TA456",
"Tortoise Shell"
]
},
"uuid": "b76e22b0-26a4-50ca-b876-09bc90a81b3b",
"value": "Crimson Sandstorm"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "IR",
"synonyms": [
"DEV-0228"
]
},
"uuid": "badacab7-5097-5817-8516-d8a72de2a71b",
"value": "Cuboid Sandstorm"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "IR",
"synonyms": [
"DEV-0343"
]
},
"uuid": "395473c6-be98-5369-82d1-cdbc97b3fddc",
"value": "Gray Sandstorm"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "IR",
"synonyms": [
"APT34",
"Cobalt Gypsy",
"EUROPIUM",
"OilRig"
]
},
"uuid": "b6260d6d-a2f7-5b79-8132-5c456a225f53",
"value": "Hazel Sandstorm"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "IR",
"synonyms": [
"Fox Kitten",
"PioneerKitten",
"RUBIDIUM",
"UNC757"
]
},
"uuid": "0757856a-1313-57d8-bb6c-f4c537e110da",
"value": "Lemon Sandstorm"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "IR",
"synonyms": [
"MERCURY",
"MuddyWater",
"SeedWorm",
"Static Kitten",
"TEMP.Zagros"
]
},
"uuid": "da68ca6d-250f-50f1-a585-240475fdbb35",
"value": "Mango Sandstorm"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "IR",
"synonyms": [
"DEV-0500",
"Moses Staff"
]
},
"uuid": "ef415059-e150-5324-877e-44b65ab022f5",
"value": "Marigold Sandstorm"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "IR",
"synonyms": [
"APT35",
"Charming Kitten",
"PHOSPHORUS"
]
},
"uuid": "400cd1b8-52b7-5a5c-984f-9b4af35ea231",
"value": "Mint Sandstorm"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "IR",
"synonyms": [
"APT33",
"HOLMIUM",
"Refined Kitten"
]
},
"uuid": "4c0f085a-70b1-5ee6-a45a-dc368f03e701",
"value": "Peach Sandstorm"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "IR",
"synonyms": [
"AMERICIUM",
"Agrius",
"BlackShadow",
"Deadwood",
"SharpBoys"
]
},
"uuid": "cca311c0-dc91-5aee-b282-5e412040dac3",
"value": "Pink Sandstorm"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "IR",
"synonyms": [
"DEV-0146",
"ZeroCleare"
]
},
"uuid": "562049d7-78f5-5a65-b7db-c509c9f483f7",
"value": "Pumpkin Sandstorm"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "IR",
"synonyms": [
"BOHRIUM"
]
},
"uuid": "4426d375-1435-5ccc-8c1f-f8688bd11f80",
"value": "Smoke Sandstorm"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "LB",
"synonyms": [
"POLONIUM"
]
},
"uuid": "ce5357da-0e15-5022-bd4f-74aa689d0b2e",
"value": "Plaid Rain"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "KP",
"synonyms": [
"Labyrinth Chollima",
"Lazarus",
"ZINC"
]
},
"uuid": "9630b0aa-ee9e-5b58-9f79-cf7fa8d291a8",
"value": "Diamond Sleet"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "KP",
"synonyms": [
"Kimsuky",
"THALLIUM",
"Velvet Chollima"
]
},
"uuid": "44be06b1-e17a-5ea6-a0a2-067933a7af77",
"value": "Emerald Sleet"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "KP",
"synonyms": [
"Konni",
"OSMIUM"
]
},
"uuid": "5163b2d9-7521-5225-a7a8-88d881fbc406",
"value": "Opal Sleet"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "KP",
"synonyms": [
"LAWRENCIUM"
]
},
"uuid": "1c5c67ad-c241-5103-99d0-daab5a554b0d",
"value": "Pearl Sleet"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "KP",
"synonyms": [
"CERIUM"
]
},
"uuid": "c29e7262-6a6f-501d-8c00-57f75f2172a3",
"value": "Ruby Sleet"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "KP",
"synonyms": [
"BlueNoroff",
"COPERNICIUM",
"Genie Spider"
]
},
"uuid": "3a32c54d-d86a-55de-b16a-d9a08a5cf49b",
"value": "Sapphire Sleet"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "KP",
"synonyms": [
"DEV-0530",
"H0lyGh0st"
]
},
"uuid": "ab314f1c-8d07-5edb-bb32-64d1105f74ff",
"value": "Storm-0530"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Private Sector Offensive Actor",
"synonyms": [
"Candiru",
"SOURGUM"
]
},
"uuid": "1b15288c-ff19-5f52-8c4b-6185de934ff8",
"value": "Caramel Tsunami"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Private Sector Offensive Actor",
"synonyms": [
"DSIRF",
"KNOTWEED"
]
},
"uuid": "9a4a662a-84a9-5b86-b241-7c5eef9cea4d",
"value": "Denim Tsunami"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Private Sector Offensive Actor",
"synonyms": [
"DEV-0336",
"NSO Group"
]
},
"uuid": "af54315b-3561-5046-8b9b-c3e9e05c0f77",
"value": "Night Tsunami"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Private Sector Offensive Actor",
"synonyms": [
"CyberRoot",
"DEV-0605"
]
},
"uuid": "2263b6c9-861a-5971-b882-9ea4a84fcf74",
"value": "Wisteria Tsunami"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "RU",
"synonyms": [
"ACTINIUM",
"Gamaredon",
"Primitive Bear",
"UNC530"
]
},
"uuid": "fc77a775-d06f-5efc-a6fa-0b2af01902a7",
"value": "Aqua Blizzard"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "RU",
"synonyms": [
"DEV-0586"
]
},
"uuid": "7f190457-6829-55c4-9b6b-bccdadb747cb",
"value": "Cadet Blizzard"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "RU",
"synonyms": [
"APT28",
"Fancy Bear",
"STRONTIUM"
]
},
"uuid": "8d84d7b0-7716-5ab3-a3a4-f373dd148347",
"value": "Forest Blizzard"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "RU",
"synonyms": [
"BROMINE",
"Crouching Yeti",
"Energetic Bear"
]
},
"uuid": "45d0f984-2b63-517b-922a-12924bcf4f68",
"value": "Ghost Blizzard"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "RU",
"synonyms": [
"APT29",
"Cozy Bear",
"NOBELIUM"
]
},
"uuid": "31982812-c8bf-5e85-b0ba-0c64a7d05d20",
"value": "Midnight Blizzard"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "RU",
"synonyms": [
"IRIDIUM",
"Sandworm"
]
},
"uuid": "473eb51c-36cb-5e3a-8347-2f57df809be9",
"value": "Seashell Blizzard"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "RU",
"synonyms": [
"Callisto",
"Reuse Team",
"SEABORGIUM"
]
},
"uuid": "06630ccd-98ed-5aec-8083-e04c894bd2d6",
"value": "Star Blizzard"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "RU",
"synonyms": [
"DEV-0665"
]
},
"uuid": "79f8646f-d127-51b7-b502-b096b445c322",
"value": "Sunglow Blizzard"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "KR",
"synonyms": [
"DUBNIUM",
"Dark Hotel",
"Tapaoux"
]
},
"uuid": "0a4ddab3-a1a6-5372-b11f-5edc25c0e548",
"value": "Zigzag Hail"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "TR",
"synonyms": [
"SILICON",
"Sea Turtle"
]
},
"uuid": "fc91881e-92c0-5a63-a0b9-b253958a594e",
"value": "Marbled Dust"
},
{
"meta": {
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"country": "VN",
"synonyms": [
"APT32",
"BISMUTH",
"OceanLotus"
]
},
"uuid": "37808cab-cbb3-560b-bebd-375fa328ea1e",
"value": "Canvas Cyclone"
} }
], ],
"version": 13 "version": 13

12
clusters/threat-actor.json
View File

@ -841,7 +841,8 @@
"https://unit42.paloaltonetworks.com/atoms/iron-taurus/", "https://unit42.paloaltonetworks.com/atoms/iron-taurus/",
"https://www.mandiant.com/resources/insights/apt-groups", "https://www.mandiant.com/resources/insights/apt-groups",
"https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf", "https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf",
"https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/" "https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/",
"https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html"
], ],
"synonyms": [ "synonyms": [
"GreedyTaotie", "GreedyTaotie",
@ -856,7 +857,8 @@
"BRONZE UNION", "BRONZE UNION",
"Lucky Mouse", "Lucky Mouse",
"G0027", "G0027",
"Iron Taurus" "Iron Taurus",
"Earth Smilodon"
] ]
}, },
"related": [ "related": [
@ -7470,7 +7472,8 @@
"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf", "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf",
"https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf", "https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf",
"https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf", "https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf",
"https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/" "https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/",
"https://services.google.com/fh/files/blogs/gcat_threathorizons_full_apr2023.pdf"
], ],
"synonyms": [ "synonyms": [
"G0096", "G0096",
@ -7486,7 +7489,8 @@
"Red Kelpie", "Red Kelpie",
"G0044", "G0044",
"Earth Baku", "Earth Baku",
"Amoeba" "Amoeba",
"HOODOO"
] ]
}, },
"related": [ "related": [