chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team

pull/691/head
Rony 2022-03-15 15:02:57 +05:30 committed by GitHub
parent b978bb1c86
commit eebda5f955
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 25 deletions

View File

@ -3138,19 +3138,31 @@
"value": "Lazarus Group"
},
{
"description": "VICEROY TIGER is an adversary with a nexus to India that has historically targeted entities throughout multiple sectors. Older activity targeted multiple sectors and countries; however, since 2015 this adversary appears to focus on entities in Pakistan with a particular focus on government and security organizations. This adversary consistently leverages spear phishing emails containing malicious Microsoft Office documents, malware designed to target the Android mobile platform, and phishing activity designed to harvest user credentials. In March 2017, the 360 Chasing Team found a sample of targeted attacks that confirmed the previously unknown sample of APT's attack actions, which the organization can now trace back at least in April 2016. The chasing team named the attack organization APT-C-35. In June 2017, the 360 Threat Intelligence Center discovered the organizations new attack activity, confirmed and exposed the gangs targeted attacks against Pakistan, and analyzed in detail. The unique EHDevel malicious code framework used by the organization.",
"meta": {
"attribution-confidence": "50",
"country": "IN",
"refs": [
"https://kung_foo.keybase.pub/papers_and_presentations/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf"
"https://kung_foo.keybase.pub/papers_and_presentations/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf",
"https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/",
"https://www.netscout.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia",
"https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china-en/",
"https://www.crowdstrike.com/blog/viceroy-tiger-delivers-new-zero-day-exploit/index.html",
"https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/",
"https://unit42.paloaltonetworks.com/threat-assessment-hangover-threat-group/",
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf",
"https://blog.cyble.com/2021/07/22/donot-apt-group-delivers-a-spyware-variant-of-chat-app/",
"https://adversary.crowdstrike.com/en-US/adversary/viceroy-tiger"
],
"synonyms": [
"Appin",
"OperationHangover"
"OPERATION HANGOVER",
"Donot Team",
"APT-C-35",
"SectorE02"
]
},
"uuid": "e2b87f81-a6a1-4524-b03f-193c3191d239",
"value": "Viceroy Tiger"
"value": "VICEROY TIGER"
},
{
"meta": {
@ -6179,27 +6191,6 @@
"uuid": "71a3b962-9a36-11e8-88f8-b31d20c6fa2a",
"value": "RedAlpha"
},
{
"description": "In March 2017, the 360 Chasing Team found a sample of targeted attacks that confirmed the previously unknown sample of APT's attack actions, which the organization can now trace back at least in April 2016. The chasing team named the attack organization APT-C-35. In June 2017, the 360 Threat Intelligence Center discovered the organizations new attack activity, confirmed and exposed the gangs targeted attacks against Pakistan, and analyzed in detail. The unique EHDevel malicious code framework used by the organization",
"meta": {
"refs": [
"https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/",
"https://www.netscout.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia",
"https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china-en/",
"https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/",
"https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-investigates-donot-team-cyberespionage-targeting-military-governments-in-south-asia/",
"https://github.com/eset/malware-ioc/tree/master/donot"
],
"synonyms": [
"DoNot Team",
"Donot Team",
"APT-C-35",
"SectorE02"
]
},
"uuid": "b9dc4e81-909f-4324-8b25-a0f359cd88e0",
"value": "APT-C-35"
},
{
"description": "This threat actor targets organizations in the finance, defense, aerospace, technology, health-care, and automotive sectors and media organizations in East Asia for the purpose of espionage. Believed to be responsible for the targeting of South Korean actors prior to the meeting of Donald J. Trump and Kim Jong-un",
"meta": {