{ "authors": [ "MITRE" ], "category": "actor", "description": "Name of ATT&CK Group", "name": "Intrusion Set", "source": "https://github.com/mitre/cti", "type": "mitre-intrusion-set", "uuid": "10df003c-7831-11e7-bdb9-971cdd1218df", "values": [ { "description": "[Ajax Security Team](https://attack.mitre.org/groups/G0130) is a group that has been active since at least 2010 and believed to be operating out of Iran. By 2014 [Ajax Security Team](https://attack.mitre.org/groups/G0130) transitioned from website defacement operations to malware-based cyber espionage campaigns targeting the US defense industrial base and Iranian users of anti-censorship technologies.(Citation: FireEye Operation Saffron Rose 2013)", "meta": { "external_id": "G0130", "refs": [ "https://attack.mitre.org/groups/G0130", "https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf", "https://documents.trendmicro.com/assets/wp/wp-operation-woolen-goldfish.pdf", "https://iranthreats.github.io/resources/attribution-flying-rocket-kitten/", "https://www.crowdstrike.com/blog/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/", "https://www.mandiant.com/sites/default/files/2021-09/rpt-operation-saffron-rose.pdf" ], "synonyms": [ "Ajax Security Team", "Operation Woolen-Goldfish", "AjaxTM", "Rocket Kitten", "Flying Kitten", "Operation Saffron Rose" ] }, "related": [ { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9a2640c2-9f43-46fe-b13f-bde881e55555", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fbd727ea-c0dc-42a9-8448-9e12962d1ab5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "fa19de15-6169-428d-9cd6-3ca3d56075b7", "value": "Ajax Security Team - G0130" }, { "description": "[The White Company](https://attack.mitre.org/groups/G0089) is a likely state-sponsored threat actor with advanced capabilities. From 2017 through 2018, the group led an espionage campaign called Operation Shaheen targeting government and military organizations in Pakistan.(Citation: Cylance Shaheen Nov 2018)", "meta": { "external_id": "G0089", "refs": [ "https://attack.mitre.org/groups/G0089", "https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-library/reports/WhiteCompanyOperationShaheenReport.pdf?_ga=2.161661948.1943296560.1555683782-1066572390.1555511517" ], "synonyms": [ "The White Company" ] }, "related": [ { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2a70812b-f1ef-44db-8578-a496a227aef2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bdb27a1d-1844-42f1-a0c0-826027ae0326", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "6688d679-ccdb-4f12-abf6-c7545dd767a4", "value": "The White Company - G0089" }, { "description": "[Threat Group-3390](https://attack.mitre.org/groups/G0027) is a Chinese threat group that has extensively used strategic Web compromises to target victims.(Citation: Dell TG-3390) The group has been active since at least 2010 and has targeted organizations in the aerospace, government, defense, technology, energy, manufacturing and gambling/betting sectors.(Citation: SecureWorks BRONZE UNION June 2017)(Citation: Securelist LuckyMouse June 2018)(Citation: Trend Micro DRBControl February 2020)", "meta": { "external_id": "G0027", "refs": [ "http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/", "https://attack.mitre.org/groups/G0027", "https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf", "https://research.nccgroup.com/2018/05/18/emissary-panda-a-potential-new-malicious-tool/", "https://securelist.com/luckymouse-hits-national-data-center/86083/", "https://thehackernews.com/2018/06/chinese-watering-hole-attack.html", "https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/", "https://www.secureworks.com/research/bronze-union", "https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage", "https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html" ], "synonyms": [ "Threat Group-3390", "Earth Smilodon", "TG-3390", "Emissary Panda", "BRONZE UNION", "APT27", "Iron Tiger", "LuckyMouse" ] }, "related": [ { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03acae53-9b98-46f6-b204-16b930839055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "506f6f49-7045-4156-9007-7474cb44ad6d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5e814485-012d-423d-b769-026bfed0f451", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6e95feb1-78ee-48d3-b421-4d76663b5c49", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "834e0acd-d92a-4e38-bb14-dc4159d7cb32", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a545456a-f9a7-47ad-9ea6-8b017def38d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c009560a-f097-45a3-8f9f-78ec1440a783", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cfc75b0d-e579-40ae-ad07-a1ce00d49a6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e066bf86-9cfb-407a-9d25-26fd5d91e360", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "fb366179-766c-4a4a-afa1-52bff1fd601c", "value": "Threat Group-3390 - G0027" }, { "description": "[Threat Group-1314](https://attack.mitre.org/groups/G0028) is an unattributed threat group that has used compromised credentials to log into a victim's remote access infrastructure. (Citation: Dell TG-1314)", "meta": { "external_id": "G0028", "refs": [ "http://www.secureworks.com/resources/blog/living-off-the-land/", "https://attack.mitre.org/groups/G0028" ], "synonyms": [ "Threat Group-1314", "TG-1314" ] }, "related": [ { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "d519164e-f5fa-4b8c-a1fb-cf0172ad0983", "value": "Threat Group-1314 - G0028" }, { "description": "[Dragonfly 2.0](https://attack.mitre.org/groups/G0074) is a suspected Russian group that has targeted government entities and multiple U.S. critical infrastructure sectors since at least December 2015. (Citation: US-CERT TA18-074A) (Citation: Symantec Dragonfly Sept 2017) There is debate over the extent of overlap between [Dragonfly 2.0](https://attack.mitre.org/groups/G0074) and [Dragonfly](https://attack.mitre.org/groups/G0035), but there is sufficient evidence to lead to these being tracked as two separate groups. (Citation: Fortune Dragonfly 2.0 Sept 2017)(Citation: Dragos DYMALLOY )", "meta": { "external_id": "G0074", "refs": [ "http://fortune.com/2017/09/06/hack-energy-grid-symantec/", "https://attack.mitre.org/groups/G0074", "https://www.dragos.com/threat/dymalloy/", "https://www.secureworks.com/research/mcmd-malware-analysis", "https://www.secureworks.com/research/threat-profiles/iron-liberty", "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group", "https://www.us-cert.gov/ncas/alerts/TA18-074A" ], "synonyms": [ "Dragonfly 2.0", "IRON LIBERTY", "DYMALLOY", "Berserk Bear" ] }, "related": [ { "dest-uuid": "1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "revoked-by" } ], "uuid": "76d59913-1d24-4992-a8ac-05a3eb093f71", "value": "Dragonfly 2.0 - G0074" }, { "description": "[Lotus Blossom](https://attack.mitre.org/groups/G0030) is a threat group that has targeted government and military organizations in Southeast Asia. (Citation: Lotus Blossom Jun 2015)", "meta": { "external_id": "G0030", "refs": [ "https://attack.mitre.org/groups/G0030", "https://securelist.com/the-spring-dragon-apt/70726/", "https://www.accenture.com/t20180127T003755Z_w_/us-en/_acnmedia/PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf", "https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html" ], "synonyms": [ "Lotus Blossom", "DRAGONFISH", "Spring Dragon" ] }, "related": [ { "dest-uuid": "0f862b01-99da-47cc-9bdb-db4a86a95bb1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32fafa69-fe3c-49db-afd4-aac2664bcf0d", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "7551188b-8f91-4d34-8350-0d0c57b2b913", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "88b7dbc2-32d3-4e31-af2f-3fc24e1582d7", "value": "Lotus Blossom - G0030" }, { "description": "[BRONZE BUTLER](https://attack.mitre.org/groups/G0060) is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in government, biotechnology, electronics manufacturing, and industrial chemistry.(Citation: Trend Micro Daserf Nov 2017)(Citation: Secureworks BRONZE BUTLER Oct 2017)(Citation: Trend Micro Tick November 2019)", "meta": { "external_id": "G0060", "refs": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-butler-daserf-backdoor-now-using-steganography/", "https://attack.mitre.org/groups/G0060", "https://documents.trendmicro.com/assets/pdf/Operation-ENDTRADE-TICK-s-Multi-Stage-Backdoors-for-Attacking-Industries-and-Stealing-Classified-Data.pdf", "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses", "https://www.symantec.com/connect/blogs/tick-cyberespionage-group-zeros-japan" ], "synonyms": [ "BRONZE BUTLER", "REDBALDKNIGHT", "Tick" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "36ede314-7db4-4d09-b53d-81bbfbe5f6f8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "77eae145-55db-4519-8ae5-77b0c7215d69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8be7c69e-d8e3-4970-9668-61de08e508cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a0ebedca-d558-4e48-8ff7-4bf76208d90c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "add6554a-815a-4ac3-9b22-9337b9661ab8", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b6b3dfc7-9a81-43ff-ac04-698bad48973a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c9703cd3-141c-43a0-a926-380082be5d04", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d2c7f8ad-3b50-4cfa-bbb1-799eff06fb40", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec9e00dd-0313-4d5b-8105-c20aa47abffc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f0fc920e-57a3-4af5-89be-9ea594c8b1ea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "93f52415-0fe4-4d3d-896c-fc9b8e88ab90", "value": "BRONZE BUTLER - G0060" }, { "description": "[Dark Caracal](https://attack.mitre.org/groups/G0070) is threat group that has been attributed to the Lebanese General Directorate of General Security (GDGS) and has operated since at least 2012. (Citation: Lookout Dark Caracal Jan 2018)", "meta": { "external_id": "G0070", "refs": [ "https://attack.mitre.org/groups/G0070", "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf" ], "synonyms": [ "Dark Caracal" ] }, "related": [ { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2282a98b-5049-4f61-9381-55baca7c1add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "835a79f1-842d-472d-b8f4-d54b545c341b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a5528622-3a8a-4633-86ce-8cdaf8423858", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a5e91d50-24fa-44ec-9894-39a88f658cea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c41a8b7c-3e42-4eee-b87d-ad8a100ee878", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "8a831aaa-f3e0-47a3-bed8-a9ced744dd12", "value": "Dark Caracal - G0070" }, { "description": "[Cobalt Group](https://attack.mitre.org/groups/G0080) is a financially motivated threat group that has primarily targeted financial institutions since at least 2016. The group has conducted intrusions to steal money via targeting ATM systems, card processing, payment systems and SWIFT systems. [Cobalt Group](https://attack.mitre.org/groups/G0080) has mainly targeted banks in Eastern Europe, Central Asia, and Southeast Asia. One of the alleged leaders was arrested in Spain in early 2018, but the group still appears to be active. The group has been known to target organizations in order to use their access to then compromise additional victims.(Citation: Talos Cobalt Group July 2018)(Citation: PTSecurity Cobalt Group Aug 2017)(Citation: PTSecurity Cobalt Dec 2016)(Citation: Group IB Cobalt Aug 2017)(Citation: Proofpoint Cobalt June 2017)(Citation: RiskIQ Cobalt Nov 2017)(Citation: RiskIQ Cobalt Jan 2018) Reporting indicates there may be links between [Cobalt Group](https://attack.mitre.org/groups/G0080) and both the malware [Carbanak](https://attack.mitre.org/software/S0030) and the group [Carbanak](https://attack.mitre.org/groups/G0008).(Citation: Europol Cobalt Mar 2018)", "meta": { "external_id": "G0080", "refs": [ "https://attack.mitre.org/groups/G0080", "https://blog.morphisec.com/cobalt-gang-2.0", "https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html", "https://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report", "https://web.archive.org/web/20190508170147/https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/", "https://web.archive.org/web/20190508170630/https://www.riskiq.com/blog/labs/cobalt-strike/", "https://www.europol.europa.eu/newsroom/news/mastermind-behind-eur-1-billion-cyber-bank-robbery-arrested-in-spain", "https://www.group-ib.com/blog/cobalt", "https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target", "https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-2017-eng.pdf", "https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-Snatch-eng.pdf", "https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish" ], "synonyms": [ "Cobalt Group", "GOLD KINGSWOOD", "Cobalt Gang", "Cobalt Spider" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "599cd7b5-37b5-4cdd-8174-2811531ce9d0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6e3bd510-6b33-41a4-af80-2d80f3ee0071", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bfd2738c-8b43-43c3-bc9f-d523c8e88bf4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "dc6fe6ee-04c2-49be-ba3d-f38d2463c02a", "value": "Cobalt Group - G0080" }, { "description": "[Deep Panda](https://attack.mitre.org/groups/G0009) is a suspected Chinese threat group known to target many industries, including government, defense, financial, and telecommunications. (Citation: Alperovitch 2014) The intrusion into healthcare company Anthem has been attributed to [Deep Panda](https://attack.mitre.org/groups/G0009). (Citation: ThreatConnect Anthem) This group is also known as Shell Crew, WebMasters, KungFu Kittens, and PinkPanther. (Citation: RSA Shell Crew) [Deep Panda](https://attack.mitre.org/groups/G0009) also appears to be known as Black Vine based on the attribution of both group names to the Anthem intrusion. (Citation: Symantec Black Vine) Some analysts track [Deep Panda](https://attack.mitre.org/groups/G0009) and [APT19](https://attack.mitre.org/groups/G0073) as the same group, but it is unclear from open source information if the groups are the same. (Citation: ICIT China's Espionage Jul 2016)", "meta": { "external_id": "G0009", "refs": [ "https://attack.mitre.org/groups/G0009", "https://web.archive.org/web/20170823094836/http:/www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf", "https://web.archive.org/web/20171017072306/https://icitech.org/icit-brief-chinas-espionage-dynasty-economic-death-by-a-thousand-cuts/", "https://web.archive.org/web/20200424075623/https:/www.crowdstrike.com/blog/deep-thought-chinese-targeting-national-security-think-tanks/", "https://www.rsa.com/content/dam/en/white-paper/rsa-incident-response-emerging-threat-profile-shell-crew.pdf", "https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/" ], "synonyms": [ "Deep Panda", "Shell Crew", "WebMasters", "KungFu Kittens", "PinkPanther", "Black Vine" ] }, "related": [ { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0286e80e-b0ed-464f-ad62-beec8536d0cb", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "066d25c1-71bd-4bd4-8ca7-edbba00063f4", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "91000a8a-58cc-4aba-9ad0-993ad6302b86", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "94379dec-5c87-49db-b36e-66abc0b81344", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "96b08451-b27a-4ff6-893f-790e26393a8e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fbb470da-1d44-4f29-bbb3-9efbe20f94a3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "a653431d-6a5e-4600-8ad3-609b5af57064", "value": "Deep Panda - G0009" }, { "description": "[Wizard Spider](https://attack.mitre.org/groups/G0102) is a Russia-based financially motivated threat group originally known for the creation and deployment of [TrickBot](https://attack.mitre.org/software/S0266) since at least 2016. [Wizard Spider](https://attack.mitre.org/groups/G0102) possesses a diverse aresenal of tools and has conducted ransomware campaigns against a variety of organizations, ranging from major corporations to hospitals.(Citation: CrowdStrike Ryuk January 2019)(Citation: DHS/CISA Ransomware Targeting Healthcare October 2020)(Citation: CrowdStrike Wizard Spider October 2020)", "meta": { "external_id": "G0102", "refs": [ "https://attack.mitre.org/groups/G0102", "https://securityintelligence.com/posts/trickbot-gang-doubles-down-enterprise-infection/", "https://us-cert.cisa.gov/ncas/alerts/aa20-302a", "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/", "https://www.crowdstrike.com/blog/timelining-grim-spiders-big-game-hunting-tactics/", "https://www.crowdstrike.com/blog/wizard-spider-adversary-update/", "https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html", "https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html", "https://www.mandiant.com/sites/default/files/2021-10/fin12-group-profile.pdf", "https://www.secureworks.com/research/threat-profiles/gold-blackburn" ], "synonyms": [ "Wizard Spider", "UNC1878", "TEMP.MixMaster", "Grim Spider", "FIN12", "GOLD BLACKBURN", "ITG23", "Periwinkle Tempest" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00806466-754d-44ea-ad6f-0caf59cb8556", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "066b057c-944e-4cfc-b654-e3dfba04b926", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32066e94-3112-48ca-b9eb-ba2b59d2f023", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4dea7d8e-af94-4bfb-afe4-7ff54f59308b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "63c2a130-8a5b-452f-ad96-07cf0af12ffe", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64764dc6-a032-495f-8250-1e4c06bdc163", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "981acc4c-2ede-4b56-be6e-fa1a75f37acf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "99fdf3b4-96ef-4ab9-b191-fc683441cad0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a020a61c-423f-4195-8c46-ba1d21abba37", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c9b99d03-ff11-4a48-95f0-82660d582c25", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e33267fe-099f-4af2-8730-63d49f8813b2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "dd2d9ca6-505b-4860-a604-233685b802c7", "value": "Wizard Spider - G0102" }, { "description": "[Ember Bear](https://attack.mitre.org/groups/G1003) is a suspected Russian state-sponsored cyber espionage group that has been active since at least March 2021. [Ember Bear](https://attack.mitre.org/groups/G1003) has primarily focused their operations against Ukraine and Georgia, but has also targeted Western European and North American foreign ministries, pharmaceutical companies, and financial sector organizations. Security researchers assess [Ember Bear](https://attack.mitre.org/groups/G1003) likely conducted the [WhisperGate](https://attack.mitre.org/software/S0689) destructive wiper attacks against Ukraine in early 2022.(Citation: CrowdStrike Ember Bear Profile March 2022)(Citation: Mandiant UNC2589 March 2022)(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ) ", "meta": { "external_id": "G1003", "refs": [ "https://attack.mitre.org/groups/G1003", "https://unit42.paloaltonetworks.com/ukraine-targeted-outsteel-saintbot/", "https://www.crowdstrike.com/blog/who-is-ember-bear/", "https://www.mandiant.com/resources/russia-invasion-ukraine-retaliation" ], "synonyms": [ "Ember Bear", "Saint Bear", "UNC2589", "UAC-0056", "Lorec53", "Lorec Bear", "Bleeding Bear" ] }, "related": [ { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "49fee0b0-390e-4bde-97f8-97ed46bd19b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7724581b-06ff-4d2b-b77c-80dc8d53070b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c113230f-f044-423b-af63-9b63c802f5ae", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "a7f57cc1-4540-4429-823f-f4e56b8473c9", "value": "Ember Bear - G1003" }, { "description": "[Dust Storm](https://attack.mitre.org/groups/G0031) is a threat group that has targeted multiple industries in Japan, South Korea, the United States, Europe, and several Southeast Asian countries. (Citation: Cylance Dust Storm)", "meta": { "external_id": "G0031", "refs": [ "https://attack.mitre.org/groups/G0031", "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf" ], "synonyms": [ "Dust Storm" ] }, "related": [ { "dest-uuid": "9e71024e-817f-45b0-92a0-d886c30bc929", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" } ], "uuid": "ae41895a-243f-4a65-b99b-d85022326c31", "value": "Dust Storm - G0031" }, { "description": "[Night Dragon](https://attack.mitre.org/groups/G0014) is a campaign name for activity involving a threat group that has conducted activity originating primarily in China. (Citation: McAfee Night Dragon)", "meta": { "external_id": "G0014", "refs": [ "https://attack.mitre.org/groups/G0014", "https://securingtomorrow.mcafee.com/wp-content/uploads/2011/02/McAfee_NightDragon_wp_draft_to_customersv1-1.pdf" ], "synonyms": [ "Night Dragon" ] }, "related": [ { "dest-uuid": "286cc500-4291-45c2-99a1-e760db176402", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9755ecdc-deb0-40e6-af49-713cb0f8ed92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3714d59-b61e-4713-903a-9b4f04ae7f3d", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" } ], "uuid": "23b6a0f5-fa95-46f9-a6f3-4549c5e45ec8", "value": "Night Dragon - G0014" }, { "description": "[Earth Lusca](https://attack.mitre.org/groups/G1006) is a suspected China-based cyber espionage group that has been active since at least April 2019. [Earth Lusca](https://attack.mitre.org/groups/G1006) has targeted organizations in Australia, China, Hong Kong, Mongolia, Nepal, the Philippines, Taiwan, Thailand, Vietnam, the United Arab Emirates, Nigeria, Germany, France, and the United States. Targets included government institutions, news media outlets, gambling companies, educational institutions, COVID-19 research organizations, telecommunications companies, religious movements banned in China, and cryptocurrency trading platforms; security researchers assess some [Earth Lusca](https://attack.mitre.org/groups/G1006) operations may be financially motivated.(Citation: TrendMicro EarthLusca 2022)\n\n[Earth Lusca](https://attack.mitre.org/groups/G1006) has used malware commonly used by other Chinese threat groups, including [APT41](https://attack.mitre.org/groups/G0096) and the [Winnti Group](https://attack.mitre.org/groups/G0044) cluster, however security researchers assess [Earth Lusca](https://attack.mitre.org/groups/G1006)'s techniques and infrastructure are separate.(Citation: TrendMicro EarthLusca 2022)", "meta": { "external_id": "G1006", "refs": [ "https://attack.mitre.org/groups/G1006", "https://www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf" ], "synonyms": [ "Earth Lusca", "TAG-22" ] }, "related": [ { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8787e86d-8475-4f13-acea-d33eb83b6105", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "981acc4c-2ede-4b56-be6e-fa1a75f37acf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ae797531-3219-49a4-bccf-324ad7a4c7b2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec9e00dd-0313-4d5b-8105-c20aa47abffc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "cc613a49-9bfa-4e22-98d1-15ffbb03f034", "value": "Earth Lusca - G1006" }, { "description": "[Aoqin Dragon](https://attack.mitre.org/groups/G1007) is a suspected Chinese cyber espionage threat group that has been active since at least 2013. [Aoqin Dragon](https://attack.mitre.org/groups/G1007) has primarily targeted government, education, and telecommunication organizations in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. Security researchers noted a potential association between [Aoqin Dragon](https://attack.mitre.org/groups/G1007) and UNC94, based on malware, infrastructure, and targets.(Citation: SentinelOne Aoqin Dragon June 2022)", "meta": { "external_id": "G1007", "refs": [ "https://attack.mitre.org/groups/G1007", "https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/" ], "synonyms": [ "Aoqin Dragon" ] }, "related": [ { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6fb36c6f-bb3d-4ed6-9471-cb9933e5c154", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dff90475-9f72-41a6-84ed-1fbefd3874c0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "64d5f96a-f121-4d19-89f6-6709f5c49faa", "value": "Aoqin Dragon - G1007" }, { "description": "[Blue Mockingbird](https://attack.mitre.org/groups/G0108) is a cluster of observed activity involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems. The earliest observed Blue Mockingbird tools were created in December 2019.(Citation: RedCanary Mockingbird May 2020)", "meta": { "external_id": "G0108", "refs": [ "https://attack.mitre.org/groups/G0108", "https://redcanary.com/blog/blue-mockingbird-cryptominer/" ], "synonyms": [ "Blue Mockingbird" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "73a80fab-2aa3-48e0-a4d0-3a4828200aee", "value": "Blue Mockingbird - G0108" }, { "description": "[Tropic Trooper](https://attack.mitre.org/groups/G0081) is an unaffiliated threat group that has led targeted campaigns against targets in Taiwan, the Philippines, and Hong Kong. [Tropic Trooper](https://attack.mitre.org/groups/G0081) focuses on targeting government, healthcare, transportation, and high-tech industries and has been active since 2011.(Citation: TrendMicro Tropic Trooper Mar 2018)(Citation: Unit 42 Tropic Trooper Nov 2016)(Citation: TrendMicro Tropic Trooper May 2020)", "meta": { "external_id": "G0081", "refs": [ "https://attack.mitre.org/groups/G0081", "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/", "https://documents.trendmicro.com/assets/Tech-Brief-Tropic-Trooper-s-Back-USBferry-Attack-Targets-Air-gapped-Environments.pdf", "https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/", "https://www.crowdstrike.com/blog/on-demand-webcast-crowdstrike-experts-on-covid-19-cybersecurity-challenges-and-recommendations/" ], "synonyms": [ "Tropic Trooper", "Pirate Panda", "KeyBoy" ] }, "related": [ { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5dd649c0-bca4-488b-bd85-b180474ec62e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64764dc6-a032-495f-8250-1e4c06bdc163", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "75bba379-4ba1-467e-8c60-ec2b269ee984", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cb444a16-3ea5-4a91-88c6-f329adcb8af3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec9e00dd-0313-4d5b-8105-c20aa47abffc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "56319646-eb6e-41fc-ae53-aadfa7adb924", "value": "Tropic Trooper - G0081" }, { "description": "[Moses Staff](https://attack.mitre.org/groups/G1009) is a suspected Iranian threat group that has primarily targeted Israeli companies since at least September 2021. [Moses Staff](https://attack.mitre.org/groups/G1009) openly stated their motivation in attacking Israeli companies is to cause damage by leaking stolen sensitive data and encrypting the victim's networks without a ransom demand.(Citation: Checkpoint MosesStaff Nov 2021) \n\nSecurity researchers assess [Moses Staff](https://attack.mitre.org/groups/G1009) is politically motivated, and has targeted government, finance, travel, energy, manufacturing, and utility companies outside of Israel as well, including those in Italy, India, Germany, Chile, Turkey, the UAE, and the US.(Citation: Cybereason StrifeWater Feb 2022)", "meta": { "external_id": "G1009", "refs": [ "https://attack.mitre.org/groups/G1009", "https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/", "https://www.cybereason.com/blog/research/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations" ], "synonyms": [ "Moses Staff" ] }, "related": [ { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2ac41e8b-4865-4ced-839d-78e7852c47f3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5633ffd3-81ef-4f98-8f93-4896b03998f0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fb78294a-7d7a-4d38-8ad0-92e67fddc9f0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "4c4a7846-45d5-4761-8eea-725fa989914c", "value": "Moses Staff - G1009" }, { "description": "[Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group that has been attributed to the Reconnaissance General Bureau.(Citation: US-CERT HIDDEN COBRA June 2017)(Citation: Treasury North Korean Cyber Groups September 2019) The group has been active since at least 2009 and was reportedly responsible for the November 2014 destructive wiper attack against Sony Pictures Entertainment as part of a campaign named Operation Blockbuster by Novetta. Malware used by [Lazarus Group](https://attack.mitre.org/groups/G0032) correlates to other reported campaigns, including Operation Flame, Operation 1Mission, Operation Troy, DarkSeoul, and Ten Days of Rain. (Citation: Novetta Blockbuster)\n\nNorth Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups, such as [Andariel](https://attack.mitre.org/groups/G0138), [APT37](https://attack.mitre.org/groups/G0067), [APT38](https://attack.mitre.org/groups/G0082), and [Kimsuky](https://attack.mitre.org/groups/G0094). ", "meta": { "external_id": "G0032", "refs": [ "https://attack.mitre.org/groups/G0032", "https://blogs.microsoft.com/on-the-issues/2017/12/19/microsoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats/", "https://home.treasury.gov/news/press-releases/sm774", "https://web.archive.org/web/20160226161828/https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf", "https://web.archive.org/web/20210723190317/https://adversary.crowdstrike.com/en-US/adversary/labyrinth-chollima/", "https://www.secureworks.com/about/press/media-alert-secureworks-discovers-north-korean-cyber-threat-group-lazarus-spearphishing", "https://www.us-cert.gov/ncas/alerts/TA17-164A", "https://www.us-cert.gov/ncas/analysis-reports/AR19-100A" ], "synonyms": [ "Lazarus Group", "Labyrinth Chollima", "HIDDEN COBRA", "Guardians of Peace", "ZINC", "NICKEL ACADEMY" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01dbc71d-0ee8-420d-abb4-3dfb6a4bf725", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "069af411-9b24-4e85-b26c-623d035bbe84", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "11e36d5b-6a92-4bf9-8eb7-85eb24f59e22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "16040b1c-ed28-4850-9d8f-bb8b81c42092", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1f6e3702-7ca1-4582-b2e7-4591297d05a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "24b4ce59-eaac-4c8b-8634-9b093b7ccd92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3aa169f8-bbf6-44bb-b57d-7f6ada5c2128", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3b0e52ce-517a-4614-a523-1bd5deef6c5e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ffbdc1f-d2bf-41ab-91a2-c7b857e98079", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "454fe82d-6fd2-4ac6-91ab-28a33fe01369", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "495b6cdb-7b5a-4fbc-8d33-e7ef68806d08", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "68391641-859f-4a9a-9a1e-3e5cf71ec376", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7ba0fc46-197d-466d-8b9f-f1c64d5d81e5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7f4bbe05-1674-4087-8a16-8f1ad61b6152", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "937e4772-8441-4e4a-8bf0-8d447d667e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9b325b06-35a1-457d-be46-a4ecc0b7ff0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9dbdadb6-fdbf-490f-a35f-38762d06a0d2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a04d9a4c-bb52-40bf-98ec-e350c2d6a862", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a1dd2dbd-1550-44bf-abcc-1a4c52e97719", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "aad11e34-02ca-4220-91cd-2ed420af4db3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bd0536d7-b081-43ae-a773-cfb057c5b988", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c11ac61d-50f4-444f-85d8-6f006067f0de", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e2d34c63-6f5a-41f5-86a2-e2380f27f858", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e928333f-f3df-4039-9b8b-556c2add0e42", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ea4c2f9c-9df1-477c-8c42-6da1118f2ac4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f8774023-8021-4ece-9aca-383ac89d2759", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fece06b7-d4b1-42cf-b81a-5323c917546e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "c93fccb1-e8e8-42cf-ae33-2ad1d183913a", "value": "Lazarus Group - G0032" }, { "description": "[Putter Panda](https://attack.mitre.org/groups/G0024) is a Chinese threat group that has been attributed to Unit 61486 of the 12th Bureau of the PLA’s 3rd General Staff Department (GSD). (Citation: CrowdStrike Putter Panda)", "meta": { "external_id": "G0024", "refs": [ "http://blog.cylance.com/puttering-into-the-future", "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf", "https://attack.mitre.org/groups/G0024" ], "synonyms": [ "Putter Panda", "APT2", "MSUpdater" ] }, "related": [ { "dest-uuid": "0ca45163-e223-4167-b1af-f088ed14a93d", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "7bec698a-7e20-4fd3-bb6a-12787770fb1a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "800bdfba-6d66-480f-9f45-15845c05cb5d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8e461ca3-0996-4e6e-a0df-e2a5bbc51ebc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e8268361-a599-4e45-bd3f-71c8c7e700c0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "5ce5392a-3a6c-4e07-9df3-9b6a9159ac45", "value": "Putter Panda - G0024" }, { "description": "[Scarlet Mimic](https://attack.mitre.org/groups/G0029) is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group's motivations appear to overlap with those of the Chinese government. While there is some overlap between IP addresses used by [Scarlet Mimic](https://attack.mitre.org/groups/G0029) and [Putter Panda](https://attack.mitre.org/groups/G0024), it has not been concluded that the groups are the same. (Citation: Scarlet Mimic Jan 2016)", "meta": { "external_id": "G0029", "refs": [ "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/", "https://attack.mitre.org/groups/G0029" ], "synonyms": [ "Scarlet Mimic" ] }, "related": [ { "dest-uuid": "0da10682-85c6-4c0b-bace-ba1f7adfb63e", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "463f68f1-5cde-4dc2-a831-68b73488f8f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "77eae145-55db-4519-8ae5-77b0c7215d69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bb3c1098-d654-4620-bf40-694386d28921", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cb7bcf6f-085f-41db-81ee-4b68481661b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfb5fa9b-3051-4b97-8035-08f80aef945b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "c5574ca0-d5a4-490a-b207-e4658e5fd1d7", "value": "Scarlet Mimic - G0029" }, { "description": "[Poseidon Group](https://attack.mitre.org/groups/G0033) is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from victims to blackmail victim companies into contracting the [Poseidon Group](https://attack.mitre.org/groups/G0033) as a security firm. (Citation: Kaspersky Poseidon Group)", "meta": { "external_id": "G0033", "refs": [ "https://attack.mitre.org/groups/G0033", "https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/" ], "synonyms": [ "Poseidon Group" ] }, "related": [ { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5fc09923-fcff-4e81-9cae-4518ef31cf4d", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "7ecc3b4f-5cdb-457e-b55a-df376b359446", "value": "Poseidon Group - G0033" }, { "description": "[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020)\n\nIn October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)", "meta": { "external_id": "G0034", "refs": [ "https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia//index.html", "https://attack.mitre.org/groups/G0034", "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf", "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/", "https://www.dragos.com/resource/electrum/", "https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html", "https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games", "https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/", "https://www.justice.gov/opa/page/file/1098481/download", "https://www.justice.gov/opa/press-release/file/1328521/download", "https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/", "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory", "https://www.secureworks.com/research/threat-profiles/iron-viking" ], "synonyms": [ "Sandworm Team", "ELECTRUM", "Telebots", "IRON VIKING", "BlackEnergy (Group)", "Quedagh", "Voodoo Bear", "IRIDIUM" ] }, "related": [ { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "051eaca1-958f-4091-9e5f-a9acd8f820b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0cfe31a7-81fc-472c-bc45-e2808d1066a3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "11194d8b-fdce-45d2-8047-df15bb8f16bd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "16cdd21f-da65-4e4f-bc04-dd7d198c7b26", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1da748a5-875d-4212-9222-b4c23ab861be", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b5aa86b-a0df-4382-848d-30abea443327", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2eaa5319-5e1e-4dd7-bbc4-566fced3964a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "308b3d68-a084-4dfb-885a-3125e1a9c1e8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3249e92a-870b-426d-8790-ba311c1abfb4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4800d0f9-00aa-47cd-a4d2-92198585b8fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5719af9d-6b16-46f9-9b28-fb019541ddbb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6a0d0ea9-b2c4-43fe-a552-ac41a3009dc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6ee2dc99-91ad-4534-a7d8-a649358c331f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "76551c52-b111-4884-bc47-ff3e728f0156", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "810d8072-afb6-4a56-9ee7-86379ac4a6f3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a0d774e4-bafc-4292-8651-3ec899391341", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a0e6614a-7740-4b24-bd65-f1bde09fc365", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b350b47f-88fe-4921-8538-6d9c59bac84e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b52d6583-14a2-4ddc-8527-87fd2142558f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "baf60e1a-afe5-4d31-830f-1b1ba2351884", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e221eb77-1502-4129-af1d-fe1ad55e7ec6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3b168bd-fcd7-439e-9382-2e6c2f63514d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e401d4fe-f0c9-44f0-98e6-f93487678808", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "381fcf73-60f6-4ab2-9991-6af3cbc35192", "value": "Sandworm Team - G0034" }, { "description": "[Stealth Falcon](https://attack.mitre.org/groups/G0038) is a threat group that has conducted targeted spyware attacks against Emirati journalists, activists, and dissidents since at least 2012. Circumstantial evidence suggests there could be a link between this group and the United Arab Emirates (UAE) government, but that has not been confirmed. (Citation: Citizen Lab Stealth Falcon May 2016)", "meta": { "external_id": "G0038", "refs": [ "https://attack.mitre.org/groups/G0038", "https://citizenlab.org/2016/05/stealth-falcon/" ], "synonyms": [ "Stealth Falcon" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dab75e38-6969-4e78-9304-dc269c3cbcf0", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "894aab42-3371-47b1-8859-a4a074c804c8", "value": "Stealth Falcon - G0038" }, { "description": "[Winnti Group](https://attack.mitre.org/groups/G0044) is a threat group with Chinese origins that has been active since at least 2010. The group has heavily targeted the gaming industry, but it has also expanded the scope of its targeting.(Citation: Kaspersky Winnti April 2013)(Citation: Kaspersky Winnti June 2015)(Citation: Novetta Winnti April 2015) Some reporting suggests a number of other groups, including [Axiom](https://attack.mitre.org/groups/G0001), [APT17](https://attack.mitre.org/groups/G0025), and [Ke3chang](https://attack.mitre.org/groups/G0004), are closely linked to [Winnti Group](https://attack.mitre.org/groups/G0044).(Citation: 401 TRG Winnti Umbrella May 2018)", "meta": { "external_id": "G0044", "refs": [ "http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates", "https://401trg.github.io/pages/burning-umbrella.html", "https://attack.mitre.org/groups/G0044", "https://securelist.com/games-are-over/70991/", "https://securelist.com/winnti-more-than-just-a-game/37029/", "https://web.archive.org/web/20150412223949/http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf" ], "synonyms": [ "Winnti Group", "Blackfly" ] }, "related": [ { "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8393dac0-0583-456a-9372-fd81691bca20", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "d3afa961-a80c-4043-9509-282cdf69ab21", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "c5947e1c-1cbc-434c-94b8-27c7e3be0fff", "value": "Winnti Group - G0044" }, { "description": "[Gamaredon Group](https://attack.mitre.org/groups/G0047) is a suspected Russian cyber espionage threat group that has targeted military, NGO, judiciary, law enforcement, and non-profit organizations in Ukraine since at least 2013. The name [Gamaredon Group](https://attack.mitre.org/groups/G0047) comes from a misspelling of the word \"Armageddon\", which was detected in the adversary's early campaigns.(Citation: Palo Alto Gamaredon Feb 2017)(Citation: TrendMicro Gamaredon April 2020)(Citation: ESET Gamaredon June 2020)(Citation: Symantec Shuckworm January 2022)(Citation: Microsoft Actinium February 2022)\n\nIn November 2021, the Ukrainian government publicly attributed [Gamaredon Group](https://attack.mitre.org/groups/G0047) to Russia's Federal Security Service (FSB) Center 18.(Citation: Bleepingcomputer Gamardeon FSB November 2021)(Citation: Microsoft Actinium February 2022)", "meta": { "external_id": "G0047", "refs": [ "https://attack.mitre.org/groups/G0047", "https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/", "https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine", "https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/", "https://www.bleepingcomputer.com/news/security/ukraine-links-members-of-gamaredon-hacker-group-to-russian-fsb/", "https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/", "https://www.secureworks.com/research/threat-profiles/iron-tilden", "https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/" ], "synonyms": [ "Gamaredon Group", "IRON TILDEN", "Primitive Bear", "ACTINIUM", "Armageddon", "Shuckworm", "DEV-0157" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03eb4a05-6a02-43f6-afb7-3c7835501828", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1a77e156-76bc-43f5-bdd7-bd67f30fbbbb", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5f9f7648-04ba-4a9f-bb4c-2a13e74572bd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d52291b4-bb23-45a8-aef0-3dc7e986ba15", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "2e290bfe-93b5-48ce-97d6-edcd6d32b7cf", "value": "Gamaredon Group - G0047" }, { "description": "[Charming Kitten](https://attack.mitre.org/groups/G0058) is an Iranian cyber espionage group that has been active since approximately 2014. They appear to focus on targeting individuals of interest to Iran who work in academic research, human rights, and media, with most victims having been located in Iran, the US, Israel, and the UK. [[Charming Kitten](https://attack.mitre.org/groups/G0058) often tries to access private email and Facebook accounts, and sometimes establishes a foothold on victim computers as a secondary objective. The group's TTPs overlap extensively with another group, [Magic Hound](https://attack.mitre.org/groups/G0059), resulting in reporting that may not distinguish between the two groups' activities.(Citation: ClearSky Charming Kitten Dec 2017)", "meta": { "external_id": "G0058", "refs": [ "http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf", "https://attack.mitre.org/groups/G0058" ], "synonyms": [ "Charming Kitten" ] }, "related": [ { "dest-uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "revoked-by" } ], "uuid": "92d5b3fd-3b39-438e-af68-770e447beada", "value": "Charming Kitten - G0058" }, { "description": "[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European, U.S., and Middle Eastern government and military personnel, academics, journalists, and organizations such as the World Health Organization (WHO), via complex social engineering campaigns since at least 2014.(Citation: FireEye APT35 2018)(Citation: ClearSky Kittens Back 3 August 2020)(Citation: Certfa Charming Kitten January 2021)(Citation: Secureworks COBALT ILLUSION Threat Profile)(Citation: Proofpoint TA453 July2021)", "meta": { "external_id": "G0059", "refs": [ "http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf", "https://attack.mitre.org/groups/G0059", "https://blog.certfa.com/posts/charming-kitten-christmas-gift/", "https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/", "https://blogs.microsoft.com/on-the-issues/2020/10/28/cyberattacks-phosphorus-t20-munich-security-conference/", "https://noticeofpleadings.com/phosphorus/files/Complaint.pdf", "https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/", "https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/", "https://securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/", "https://www.clearskysec.com/wp-content/uploads/2019/10/The-Kittens-Are-Back-in-Town-2-1.pdf", "https://www.clearskysec.com/wp-content/uploads/2020/08/The-Kittens-are-Back-in-Town-3.pdf", "https://www.eweek.com/security/newscaster-threat-uses-social-media-for-intelligence-gathering", "https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf", "https://www.proofpoint.com/us/blog/threat-insight/badblood-ta453-targets-us-and-israeli-medical-research-personnel-credential", "https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453", "https://www.secureworks.com/research/threat-profiles/cobalt-illusion" ], "synonyms": [ "Magic Hound", "TA453", "COBALT ILLUSION", "Charming Kitten", "ITG18", "Phosphorus", "Newscaster", "APT35" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0dda99f0-4701-48ca-9774-8504922e92d3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "35ee9bf3-264b-4411-8a8f-b58cec8f35e4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "494ab9f0-36e0-4b06-b10d-57285b040a06", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5282dd9a-d26d-4e16-88b7-7c0f4553daf4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6151cbea-819b-455a-9fa6-99a1cc58797d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7acb15b6-fe2c-4319-b136-6ab36ff0b2d4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "baf60e1a-afe5-4d31-830f-1b1ba2351884", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e48df773-7c95-4a4c-ba70-ea3d15900148", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ed730f20-0e44-48b9-85f8-0e2adeb76867", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "f9d6633a-55e6-4adc-9263-6ae080421a13", "value": "Magic Hound - G0059" }, { "description": "[Stolen Pencil](https://attack.mitre.org/groups/G0086) is a threat group likely originating from DPRK that has been active since at least May 2018. The group appears to have targeted academic institutions, but its motives remain unclear.(Citation: Netscout Stolen Pencil Dec 2018)", "meta": { "external_id": "G0086", "refs": [ "https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/", "https://attack.mitre.org/groups/G0086" ], "synonyms": [ "Stolen Pencil" ] }, "related": [ { "dest-uuid": "0ec2f388-bf0f-4b5c-97b1-fc736d26c25f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "revoked-by" } ], "uuid": "7a0d4c09-dfe7-4fa2-965a-1a0e42fedd70", "value": "Stolen Pencil - G0086" }, { "description": "[Gorgon Group](https://attack.mitre.org/groups/G0078) is a threat group consisting of members who are suspected to be Pakistan-based or have other connections to Pakistan. The group has performed a mix of criminal and targeted attacks, including campaigns against government organizations in the United Kingdom, Spain, Russia, and the United States. (Citation: Unit 42 Gorgon Group Aug 2018)", "meta": { "external_id": "G0078", "refs": [ "https://attack.mitre.org/groups/G0078", "https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/" ], "synonyms": [ "Gorgon Group" ] }, "related": [ { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7cd0bc75-055b-4098-a00e-83dc8beaff14", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4d80f8b-d2b9-4448-8844-4bef777ed676", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "1f21da59-6a13-455b-afd0-d58d0a5a7d27", "value": "Gorgon Group - G0078" }, { "description": "[Bouncing Golf](https://attack.mitre.org/groups/G0097) is a cyberespionage campaign targeting Middle Eastern countries.(Citation: Trend Micro Bouncing Golf 2019)", "meta": { "external_id": "G0097", "refs": [ "https://attack.mitre.org/groups/G0097", "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/" ], "synonyms": [ "Bouncing Golf" ] }, "related": [ { "dest-uuid": "114fed8b-7eed-4136-8b9c-411c5c7fff4b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c19cfc89-5ac6-4d2d-a236-70d2b32e007c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "049cef3b-22d5-4be6-b50c-9839c7a34fdd", "value": "Bouncing Golf - G0097" }, { "description": "[EXOTIC LILY](https://attack.mitre.org/groups/G1011) is a financially motivated group that has been closely linked with [Wizard Spider](https://attack.mitre.org/groups/G0102) and the deployment of ransomware including [Conti](https://attack.mitre.org/software/S0575) and [Diavol](https://attack.mitre.org/software/S0659). [EXOTIC LILY](https://attack.mitre.org/groups/G1011) may be acting as an initial access broker for other malicious actors, and has targeted a wide range of industries including IT, cybersecurity, and healthcare since at least September 2021.(Citation: Google EXOTIC LILY March 2022)", "meta": { "external_id": "G1011", "refs": [ "https://attack.mitre.org/groups/G1011", "https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/" ], "synonyms": [ "EXOTIC LILY" ] }, "related": [ { "dest-uuid": "04378e79-4387-468a-a8f7-f974b8254e44", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "16cdd21f-da65-4e4f-bc04-dd7d198c7b26", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "99fdf3b4-96ef-4ab9-b191-fc683441cad0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a51eb150-93b1-484b-a503-e51453b127a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bbe5b322-e2af-4a5e-9625-a4e62bf84ed3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "129f2f77-1ab2-4c35-bd5e-21260cee92af", "value": "EXOTIC LILY - G1011" }, { "description": "[Tonto Team](https://attack.mitre.org/groups/G0131) is a suspected Chinese state-sponsored cyber espionage threat group that has primarily targeted South Korea, Japan, Taiwan, and the United States since at least 2009; by 2020 they expanded operations to include other Asian as well as Eastern European countries. [Tonto Team](https://attack.mitre.org/groups/G0131) has targeted government, military, energy, mining, financial, education, healthcare, and technology organizations, including through the Heartbeat Campaign (2009-2012) and Operation Bitter Biscuit (2017).(Citation: Kaspersky CactusPete Aug 2020)(Citation: ESET Exchange Mar 2021)(Citation: FireEye Chinese Espionage October 2019)(Citation: ARS Technica China Hack SK April 2017)(Citation: Trend Micro HeartBeat Campaign January 2013)(Citation: Talos Bisonal 10 Years March 2020)", "meta": { "external_id": "G0131", "refs": [ "https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/", "https://attack.mitre.org/groups/G0131", "https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html", "https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/", "https://vb2020.vblocalhost.com/uploads/VB2020-06.pdf", "https://www.crowdstrike.com/blog/adversaries-targeting-the-manufacturing-industry/", "https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf", "https://www.secureworks.com/research/threat-profiles/bronze-huntley", "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the-heartbeat-apt-campaign.pdf?", "https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/" ], "synonyms": [ "Tonto Team", "Earth Akhlut", "BRONZE HUNTLEY", "CactusPete", "Karma Panda" ] }, "related": [ { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65ffc206-d7c1-45b3-b543-f6b726e7840d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec9e00dd-0313-4d5b-8105-c20aa47abffc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "c5b81590-6814-4d2a-8baa-15c4b6c7f960", "value": "Tonto Team - G0131" }, { "description": "[GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) is a financially motivated threat group active since at least 2018 that operates the [REvil](https://attack.mitre.org/software/S0496) Ransomware-as-a Service (RaaS). [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) provides backend infrastructure for affiliates recruited on underground forums to perpetrate high value deployments. By early 2020, [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) started capitalizing on the new trend of stealing data and further extorting the victim to pay for their data to not get publicly leaked.(Citation: Secureworks REvil September 2019)(Citation: Secureworks GandCrab and REvil September 2019)(Citation: Secureworks GOLD SOUTHFIELD)(Citation: CrowdStrike Evolution of Pinchy Spider July 2021)", "meta": { "external_id": "G0115", "refs": [ "https://attack.mitre.org/groups/G0115", "https://www.crowdstrike.com/blog/the-evolution-of-revil-ransomware-and-pinchy-spider/", "https://www.secureworks.com/blog/revil-the-gandcrab-connection", "https://www.secureworks.com/research/revil-sodinokibi-ransomware", "https://www.secureworks.com/research/threat-profiles/gold-southfield" ], "synonyms": [ "GOLD SOUTHFIELD", "Pinchy Spider" ] }, "related": [ { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "842976c7-f9c8-41b2-8371-41dc64fbe261", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "c77c5576-ca19-42ed-a36f-4b4486a84133", "value": "GOLD SOUTHFIELD - G0115" }, { "description": "[Scattered Spider](https://attack.mitre.org/groups/G1015) is a cybercriminal group that has been active since at least 2022 targeting customer relationship management and business-process outsourcing (BPO) firms as well as telecommunications and technology companies. During campaigns [Scattered Spider](https://attack.mitre.org/groups/G1015) has leveraged targeted social-engineering techniques and attempted to bypass popular endpoint security tools.(Citation: CrowdStrike Scattered Spider Profile)(Citation: CrowdStrike Scattered Spider BYOVD January 2023)(Citation: Crowdstrike TELCO BPO Campaign December 2022)", "meta": { "external_id": "G1015", "refs": [ "https://attack.mitre.org/groups/G1015", "https://www.crowdstrike.com/adversaries/scattered-spider/", "https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/", "https://www.crowdstrike.com/blog/scattered-spider-attempts-to-avoid-detection-with-bring-your-own-vulnerable-driver-tactic/" ], "synonyms": [ "Scattered Spider", "Roasted 0ktapus" ] }, "related": [ { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "44d37b89-a739-4810-9111-0d2617a8939b", "value": "Scattered Spider - G1015" }, { "description": "[Operation Wocao](https://attack.mitre.org/groups/G0116) described activities carried out by a China-based cyber espionage adversary. [Operation Wocao](https://attack.mitre.org/groups/G0116) targeted entities within the government, managed service providers, energy, health care, and technology sectors across several countries, including China, France, Germany, the United Kingdom, and the United States. [Operation Wocao](https://attack.mitre.org/groups/G0116) used similar TTPs and tools to APT20, suggesting a possible overlap.(Citation: FoxIT Wocao December 2019)", "meta": { "external_id": "G0116", "refs": [ "https://attack.mitre.org/groups/G0116", "https://www.fox-it.com/media/kadlze5c/201912_report_operation_wocao.pdf" ], "synonyms": [ "Operation Wocao" ] }, "related": [], "uuid": "28f04ed3-8e91-4805-b1f6-869020517871", "value": "Operation Wocao - G0116" }, { "description": "[Fox Kitten](https://attack.mitre.org/groups/G0117) is threat actor with a suspected nexus to the Iranian government that has been active since at least 2017 against entities in the Middle East, North Africa, Europe, Australia, and North America. [Fox Kitten](https://attack.mitre.org/groups/G0117) has targeted multiple industrial verticals including oil and gas, technology, government, defense, healthcare, manufacturing, and engineering.(Citation: ClearkSky Fox Kitten February 2020)(Citation: CrowdStrike PIONEER KITTEN August 2020)(Citation: Dragos PARISITE )(Citation: ClearSky Pay2Kitten December 2020)", "meta": { "external_id": "G0117", "refs": [ "https://attack.mitre.org/groups/G0117", "https://us-cert.cisa.gov/ncas/alerts/aa20-259a", "https://www.clearskysec.com/fox-kitten/", "https://www.clearskysec.com/wp-content/uploads/2020/12/Pay2Kitten.pdf", "https://www.crowdstrike.com/blog/who-is-pioneer-kitten/", "https://www.dragos.com/threat/parisite/" ], "synonyms": [ "Fox Kitten", "UNC757", "Parisite", "Pioneer Kitten" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2f7f03bb-f367-4a5a-ad9b-310a12a48906", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "77ca1aa3-280c-4b67-abaa-e8fb891a8f83", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "c21dd6f1-1364-4a70-a1f7-783080ec34ee", "value": "Fox Kitten - G0117" }, { "description": "[Volt Typhoon](https://attack.mitre.org/groups/G1017) is a People's Republic of China (PRC) state-sponsored actor that has been active since at least 2021. [Volt Typhoon](https://attack.mitre.org/groups/G1017) typically focuses on espionage and information gathering and has targeted critical infrastructure organizations in the US including Guam. [Volt Typhoon](https://attack.mitre.org/groups/G1017) has emphasized stealth in operations using web shells, living-off-the-land (LOTL) binaries, hands on keyboard activities, and stolen credentials.(Citation: Microsoft Volt Typhoon May 2023)(Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023)(Citation: Secureworks BRONZE SILHOUETTE May 2023)", "meta": { "external_id": "G1017", "refs": [ "https://attack.mitre.org/groups/G1017", "https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF", "https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/", "https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations" ], "synonyms": [ "Volt Typhoon", "BRONZE SILHOUETTE" ] }, "related": [ { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "208884f1-7b83-4473-ac22-4e1cf6c41471", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "810d8072-afb6-4a56-9ee7-86379ac4a6f3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "866d0d6d-02c6-42bd-aa2f-02907fdc0969", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "981acc4c-2ede-4b56-be6e-fa1a75f37acf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f91162cc-1686-4ff8-8115-bf3f61a4cc7a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "174279b4-399f-4ddb-966e-5efedd1dd5f2", "value": "Volt Typhoon - G1017" }, { "description": "[Indrik Spider](https://attack.mitre.org/groups/G0119) is a Russia-based cybercriminal group that has been active since at least 2014. [Indrik Spider](https://attack.mitre.org/groups/G0119) initially started with the [Dridex](https://attack.mitre.org/software/S0384) banking Trojan, and then by 2017 they began running ransomware operations using [BitPaymer](https://attack.mitre.org/software/S0570), [WastedLocker](https://attack.mitre.org/software/S0612), and Hades ransomware. Following U.S. sanctions and an indictment in 2019, [Indrik Spider](https://attack.mitre.org/groups/G0119) changed their tactics and diversified their toolset.(Citation: Crowdstrike Indrik November 2018)(Citation: Crowdstrike EvilCorp March 2021)(Citation: Treasury EvilCorp Dec 2019)", "meta": { "external_id": "G0119", "refs": [ "https://attack.mitre.org/groups/G0119", "https://home.treasury.gov/news/press-releases/sm845", "https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/", "https://www.crowdstrike.com/blog/hades-ransomware-successor-to-indrik-spiders-wastedlocker/" ], "synonyms": [ "Indrik Spider", "Evil Corp" ] }, "related": [ { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "46cbafbc-8907-42d3-9002-5327c26f8927", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7b5df47-73bb-4d47-b701-869f185633a6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f01e2711-4b48-4192-a2e8-5f56c945ca19", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fa766a65-5136-4ff3-8429-36d08eaa0100", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "01e28736-2ffc-455b-9880-ed4d1407ae07", "value": "Indrik Spider - G0119" }, { "description": "[Silent Librarian](https://attack.mitre.org/groups/G0122) is a group that has targeted research and proprietary data at universities, government agencies, and private sector companies worldwide since at least 2013. Members of [Silent Librarian](https://attack.mitre.org/groups/G0122) are known to have been affiliated with the Iran-based Mabna Institute which has conducted cyber intrusions at the behest of the government of Iran, specifically the Islamic Revolutionary Guard Corps (IRGC).(Citation: DOJ Iran Indictments March 2018)(Citation: Phish Labs Silent Librarian)(Citation: Malwarebytes Silent Librarian October 2020)", "meta": { "external_id": "G0122", "refs": [ "https://attack.mitre.org/groups/G0122", "https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/", "https://info.phishlabs.com/blog/silent-librarian-more-to-the-story-of-the-iranian-mabna-institute-indictment", "https://www.justice.gov/usao-sdny/press-release/file/1045781/download", "https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian", "https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities", "https://www.secureworks.com/blog/cobalt-dickens-goes-back-to-school-again" ], "synonyms": [ "Silent Librarian", "TA407", "COBALT DICKENS" ] }, "related": [ { "dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "16cdd21f-da65-4e4f-bc04-dd7d198c7b26", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "76551c52-b111-4884-bc47-ff3e728f0156", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "84ae8255-b4f4-4237-b5c5-e717405a9701", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "90784c1e-4aba-40eb-9adf-7556235e6384", "value": "Silent Librarian - G0122" }, { "description": "[Volatile Cedar](https://attack.mitre.org/groups/G0123) is a Lebanese threat group that has targeted individuals, companies, and institutions worldwide. [Volatile Cedar](https://attack.mitre.org/groups/G0123) has been operating since 2012 and is motivated by political and ideological interests.(Citation: CheckPoint Volatile Cedar March 2015)(Citation: ClearSky Lebanese Cedar Jan 2021)", "meta": { "external_id": "G0123", "refs": [ "https://attack.mitre.org/groups/G0123", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/03/20082004/volatile-cedar-technical-report.pdf", "https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf" ], "synonyms": [ "Volatile Cedar", "Lebanese Cedar" ] }, "related": [ { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6a21e3a4-5ffe-4581-af9a-6a54c7536f44", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "751b77e6-af1f-483b-93fe-eddf17f92a64", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bed04f7d-e48a-4e76-bd0f-4c57fe31fc46", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "b2e34388-6938-4c59-a702-80dc219e15e3", "value": "Volatile Cedar - G0123" }, { "description": "[Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that was first observed in 2017 but may have been conducting operations since at least 2014. [Mustang Panda](https://attack.mitre.org/groups/G0129) has targeted government entities, nonprofits, religious, and other non-governmental organizations in the U.S., Europe, Mongolia, Myanmar, Pakistan, and Vietnam, among others.(Citation: Crowdstrike MUSTANG PANDA June 2018)(Citation: Anomali MUSTANG PANDA October 2019)(Citation: Secureworks BRONZE PRESIDENT December 2019) ", "meta": { "external_id": "G0129", "refs": [ "https://attack.mitre.org/groups/G0129", "https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf", "https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations", "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-june-mustang-panda/", "https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european", "https://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader", "https://www.secureworks.com/research/bronze-president-targets-ngos" ], "synonyms": [ "Mustang Panda", "TA416", "RedDelta", "BRONZE PRESIDENT" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03acae53-9b98-46f6-b204-16b930839055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "11f29a39-0942-4d62-92b6-fe236cf3066e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "84771bc3-f6a0-403e-b144-01af70e5fda0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "420ac20b-f2b9-42b8-aa1a-6d4b72895ca4", "value": "Mustang Panda - G0129" }, { "description": "\n[Nomadic Octopus](https://attack.mitre.org/groups/G0133) is a Russian-speaking cyber espionage threat group that has primarily targeted Central Asia, including local governments, diplomatic missions, and individuals, since at least 2014. [Nomadic Octopus](https://attack.mitre.org/groups/G0133) has been observed conducting campaigns involving Android and Windows malware, mainly using the Delphi programming language, and building custom variants.(Citation: Security Affairs DustSquad Oct 2018)(Citation: Securelist Octopus Oct 2018)(Citation: ESET Nomadic Octopus 2018)", "meta": { "external_id": "G0133", "refs": [ "https://attack.mitre.org/groups/G0133", "https://securelist.com/octopus-infested-seas-of-central-asia/88200/", "https://securityaffairs.co/wordpress/77165/apt/russia-linked-apt-dustsquad.html", "https://www.securityweek.com/russia-linked-hackers-target-diplomatic-entities-central-asia", "https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/Cherepanov-VB2018-Octopus.pdf" ], "synonyms": [ "Nomadic Octopus", "DustSquad" ] }, "related": [ { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e2031fd5-02c2-43d4-85e2-b64f474530c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "fed4f0a2-4347-4530-b0f5-6dfd49b29172", "value": "Nomadic Octopus - G0133" }, { "description": "[Aquatic Panda](https://attack.mitre.org/groups/G0143) is a suspected China-based threat group with a dual mission of intelligence collection and industrial espionage. Active since at least May 2020, [Aquatic Panda](https://attack.mitre.org/groups/G0143) has primarily targeted entities in the telecommunications, technology, and government sectors.(Citation: CrowdStrike AQUATIC PANDA December 2021)", "meta": { "external_id": "G0143", "refs": [ "https://attack.mitre.org/groups/G0143", "https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/" ], "synonyms": [ "Aquatic Panda" ] }, "related": [ { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "64b52e7d-b2c4-4a02-9372-08a463f5dc11", "value": "Aquatic Panda - G0143" }, { "description": "[Transparent Tribe](https://attack.mitre.org/groups/G0134) is a suspected Pakistan-based threat group that has been active since at least 2013, primarily targeting diplomatic, defense, and research organizations in India and Afghanistan.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Kaspersky Transparent Tribe August 2020)(Citation: Talos Transparent Tribe May 2021)", "meta": { "external_id": "G0134", "refs": [ "https://adversary.crowdstrike.com/en-US/adversary/mythic-leopard/", "https://attack.mitre.org/groups/G0134", "https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html", "https://securelist.com/transparent-tribe-part-1/98127/", "https://unit42.paloaltonetworks.com/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/", "https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf", "https://www.secureworks.com/research/threat-profiles/copper-fieldstone" ], "synonyms": [ "Transparent Tribe", "COPPER FIELDSTONE", "APT36", "Mythic Leopard", "ProjectM" ] }, "related": [ { "dest-uuid": "084517bc-b8e7-5c86-a218-3f19e1379f3e", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "326af1cd-78e7-45b7-a326-125d2f7ef8f2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53ab35c2-d00e-491a-8753-41d35ae7e547", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5864e59f-eb4c-43ad-83b2-b5e4fae056c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6c2550d5-a01a-4bbb-a004-6ead348ba623", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "e44e0985-bc65-4a8f-b578-211c858128e3", "value": "Transparent Tribe - G0134" }, { "description": "[Ferocious Kitten](https://attack.mitre.org/groups/G0137) is a threat group that has primarily targeted Persian-speaking individuals in Iran since at least 2015.(Citation: Kaspersky Ferocious Kitten Jun 2021)", "meta": { "external_id": "G0137", "refs": [ "https://attack.mitre.org/groups/G0137", "https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/" ], "synonyms": [ "Ferocious Kitten" ] }, "related": [ { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "532c6004-b1e8-415b-9516-f7c14ba783b1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64764dc6-a032-495f-8250-1e4c06bdc163", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "77eae145-55db-4519-8ae5-77b0c7215d69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "6566aac9-dad8-4332-ae73-20c23bad7f02", "value": "Ferocious Kitten - G0137" }, { "description": "[LAPSUS$](https://attack.mitre.org/groups/G1004) is cyber criminal threat group that has been active since at least mid-2021. [LAPSUS$](https://attack.mitre.org/groups/G1004) specializes in large-scale social engineering and extortion operations, including destructive attacks without the use of ransomware. The group has targeted organizations globally, including in the government, manufacturing, higher education, energy, healthcare, technology, telecommunications, and media sectors.(Citation: BBC LAPSUS Apr 2022)(Citation: MSTIC DEV-0537 Mar 2022)(Citation: UNIT 42 LAPSUS Mar 2022)", "meta": { "external_id": "G1004", "refs": [ "https://attack.mitre.org/groups/G1004", "https://unit42.paloaltonetworks.com/lapsus-group/", "https://www.bbc.com/news/technology-60953527", "https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/" ], "synonyms": [ "LAPSUS$", "DEV-0537" ] }, "related": [ { "dest-uuid": "0a241b6c-7bb2-48f9-98f7-128145b4d27f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5282dd9a-d26d-4e16-88b7-7c0f4553daf4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6a5d222a-a7e0-4656-b110-782c33098289", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6ee2dc99-91ad-4534-a7d8-a649358c331f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "70857657-bd0b-4695-ad3e-b13f92cac1b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "70910fbd-58dc-4c1c-8c48-814d11fcd022", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7ad38ef1-381a-406d-872a-38b136eb5ecc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9664ad0e-789e-40ac-82e2-d7b17fbe8fb3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b24e2a20-3b3d-4bf0-823b-1ed765398fb0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c2f59d25-87fe-44aa-8f83-e8e59d077bf5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c9e0c59e-162e-40a4-b8b1-78fab4329ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc723aff-ec88-40e3-a224-5af9fd983cc4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cf1c2504-433f-4c4e-a1f8-91de45a0318c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7", "value": "LAPSUS$ - G1004" }, { "description": "[APT-C-36](https://attack.mitre.org/groups/G0099) is a suspected South America espionage group that has been active since at least 2018. The group mainly targets Colombian government institutions as well as important corporations in the financial sector, petroleum industry, and professional manufacturing.(Citation: QiAnXin APT-C-36 Feb2019)", "meta": { "external_id": "G0099", "refs": [ "https://attack.mitre.org/groups/G0099", "https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" ], "synonyms": [ "APT-C-36", "Blind Eagle" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f8cd191-902c-4e83-bf20-b57c8c4640e9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "c4d50cdf-87ce-407d-86d8-862883485842", "value": "APT-C-36 - G0099" }, { "description": "[TEMP.Veles](https://attack.mitre.org/groups/G0088) is a Russia-based threat group that has targeted critical infrastructure. The group has been observed utilizing TRITON, a malware framework designed to manipulate industrial safety systems.(Citation: FireEye TRITON 2019)(Citation: FireEye TEMP.Veles 2018)(Citation: FireEye TEMP.Veles JSON April 2019)", "meta": { "external_id": "G0088", "refs": [ "https://attack.mitre.org/groups/G0088", "https://dragos.com/resource/xenotime/", "https://pylos.co/2019/04/12/a-xenotime-to-remember-veles-in-the-wild/", "https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html ", "https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html", "https://www.fireeye.com/content/dam/fireeye-www/blog/files/TRITON_Appendix_C.html" ], "synonyms": [ "TEMP.Veles", "XENOTIME" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "20a66013-8dab-4ca3-a67d-766c842c561c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6d4a7fb3-5a24-42be-ae61-6728a2b581f6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "795c1a92-3a26-453e-b99a-6a566aa94dc6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "9538b1a4-4120-4e2d-bf59-3b11fcab05a4", "value": "TEMP.Veles - G0088" }, { "description": "[FIN10](https://attack.mitre.org/groups/G0051) is a financially motivated threat group that has targeted organizations in North America since at least 2013 through 2016. The group uses stolen data exfiltrated from victims to extort organizations. (Citation: FireEye FIN10 June 2017)", "meta": { "external_id": "G0051", "refs": [ "https://attack.mitre.org/groups/G0051", "https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin10.pdf" ], "synonyms": [ "FIN10" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "fbe9387f-34e6-4828-ac28-3080020c597b", "value": "FIN10 - G0051" }, { "description": "[APT12](https://attack.mitre.org/groups/G0005) is a threat group that has been attributed to China. The group has targeted a variety of victims including but not limited to media outlets, high-tech companies, and multiple governments.(Citation: Meyers Numbered Panda)", "meta": { "external_id": "G0005", "refs": [ "http://www.crowdstrike.com/blog/whois-numbered-panda/", "https://attack.mitre.org/groups/G0005", "https://www.fireeye.com/blog/threat-research/2014/09/darwins-favorite-apt-group-2.html" ], "synonyms": [ "APT12", "IXESHE", "DynCalc", "Numbered Panda", "DNSCALC" ] }, "related": [ { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "48146604-6693-4db1-bd94-159744726514", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "83a766f8-1501-4b3a-a2de-2e2849e8dfc1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8beac7c2-48d2-4cd9-9b15-6c452f38ac06", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ad4f146f-e3ec-444a-ba71-24bffd7f0f8e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "c47f937f-1022-4f42-8525-e7a4779a14cb", "value": "APT12 - G0005" }, { "description": "[APT30](https://attack.mitre.org/groups/G0013) is a threat group suspected to be associated with the Chinese government. While [Naikon](https://attack.mitre.org/groups/G0019) shares some characteristics with [APT30](https://attack.mitre.org/groups/G0013), the two groups do not appear to be exact matches.(Citation: FireEye APT30)(Citation: Baumgartner Golovkin Naikon 2015)", "meta": { "external_id": "G0013", "refs": [ "https://attack.mitre.org/groups/G0013", "https://securelist.com/the-naikon-apt/69953/", "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf" ], "synonyms": [ "APT30" ] }, "related": [ { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "43213480-78f7-4fb3-976f-d48f5f6a4c2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8b880b41-5139-4807-baa9-309690218719", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b1de6916-7a22-4460-8d26-6b5483ffaa2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fb261c56-b80e-43a9-8351-c84081e7213d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd", "value": "APT30 - G0013" }, { "description": "[APT1](https://attack.mitre.org/groups/G0006) is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398. (Citation: Mandiant APT1)", "meta": { "external_id": "G0006", "refs": [ "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf", "https://attack.mitre.org/groups/G0006", "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf" ], "synonyms": [ "APT1", "Comment Crew", "Comment Group", "Comment Panda" ] }, "related": [ { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1cb7e1cc-d695-42b1-92f4-fd0112a3c9be", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "1d808f62-cf63-4063-9727-ff6132514c22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2fab555f-7664-4623-b4e0-1675ae38190b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "488da8ed-2887-4ef6-a39a-5b69bc6682c6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4900fabf-1142-4c1f-92f5-0b590e049077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4fa49fc0-9162-4bdb-a37e-7aa3dcb6d38b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "54eb2bab-125f-4d1c-b999-0c692860bafe", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a84dc36-df0d-4053-9b7c-f0c388a57283", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a52edc76-328d-4596-85e7-d56ef5a9eb69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "aadaee0d-794c-4642-8293-7ec22a99fb1a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b45747dc-87ca-4597-a245-7e16a61bc491", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b8eb28e4-48a6-40ae-951a-328714f75eda", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c9cd7ec9-40b7-49db-80be-1399eddd9c52", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f2e8c7a1-cae1-45c4-baf0-6f21bdcbb2c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "6a2e693f-24e5-451a-9f88-b36a108e5662", "value": "APT1 - G0006" }, { "description": "[Axiom](https://attack.mitre.org/groups/G0001) is a suspected Chinese cyber espionage group that has targeted the aerospace, defense, government, manufacturing, and media sectors since at least 2008. Some reporting suggests a degree of overlap between [Axiom](https://attack.mitre.org/groups/G0001) and [Winnti Group](https://attack.mitre.org/groups/G0044) but the two groups appear to be distinct based on differences in reporting on TTPs and targeting.(Citation: Kaspersky Winnti April 2013)(Citation: Kaspersky Winnti June 2015)(Citation: Novetta Winnti April 2015)", "meta": { "external_id": "G0001", "refs": [ "http://blogs.cisco.com/security/talos/threat-spotlight-group-72", "https://attack.mitre.org/groups/G0001", "https://securelist.com/games-are-over/70991/", "https://securelist.com/winnti-more-than-just-a-game/37029/", "https://web.archive.org/web/20150412223949/http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf", "https://web.archive.org/web/20230115144216/http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf" ], "synonyms": [ "Axiom", "Group 72" ] }, "related": [ { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "197ef1b9-e764-46c3-b96c-23f77985dc81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "73a4793a-ce55-4159-b2a6-208ef29b326f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "810d8072-afb6-4a56-9ee7-86379ac4a6f3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "94379dec-5c87-49db-b36e-66abc0b81344", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "95047f03-4811-4300-922e-1ba937d53a61", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cfc75b0d-e579-40ae-ad07-a1ce00d49a6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fb28627c-d6ea-4c35-b138-ab5e96ae5445", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "a0cb9370-e39b-44d5-9f50-ef78e412b973", "value": "Axiom - G0001" }, { "description": "[Inception](https://attack.mitre.org/groups/G0100) is a cyber espionage group active since at least 2014. The group has targeted multiple industries and governmental entities primarily in Russia, but has also been active in the United States and throughout Europe, Asia, Africa, and the Middle East.(Citation: Unit 42 Inception November 2018)(Citation: Symantec Inception Framework March 2018)(Citation: Kaspersky Cloud Atlas December 2014)", "meta": { "external_id": "G0100", "refs": [ "https://attack.mitre.org/groups/G0100", "https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies", "https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/" ], "synonyms": [ "Inception", "Inception Framework", "Cloud Atlas" ] }, "related": [ { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53486bc7-7748-4716-8190-e4f1fde04c53", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8caa18af-4758-4fd3-9600-e8af579e89ed", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "ead23196-d7b6-4ce6-a124-4ab4b67d81bd", "value": "Inception - G0100" }, { "description": "[Turla](https://attack.mitre.org/groups/G0010) is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least 2004, spanning a range of industries including government, embassies, military, education, research and pharmaceutical companies. [Turla](https://attack.mitre.org/groups/G0010) is known for conducting watering hole and spearphishing campaigns, and leveraging in-house tools and malware, such as [Uroburos](https://attack.mitre.org/software/S0022).(Citation: Kaspersky Turla)(Citation: ESET Gazer Aug 2017)(Citation: CrowdStrike VENOMOUS BEAR)(Citation: ESET Turla Mosquito Jan 2018)(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023)", "meta": { "external_id": "G0010", "refs": [ "http://www.secureworks.com/research/threat-profiles/iron-hunter", "https://attack.mitre.org/groups/G0010", "https://blog.talosintelligence.com/2021/09/tinyturla.html", "https://securelist.com/introducing-whitebear/81638/", "https://securelist.com/the-epic-turla-operation/65545/", "https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity", "https://www.cisa.gov/sites/default/files/2023-05/aa23-129a_snake_malware_2.pdf", "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-march-venomous-bear/", "https://www.leonardo.com/documents/20142/10868623/Malware+Technical+Insight+_Turla+%E2%80%9CPenquin_x64%E2%80%9D.pdf", "https://www.threatminer.org/report.php?q=waterbug-attack-group.pdf&y=2015#gsc.tab=0&gsc.q=waterbug-attack-group.pdf&gsc.page=1", "https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/", "https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf", "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf" ], "synonyms": [ "Turla", "IRON HUNTER", "Group 88", "Belugasturgeon", "Waterbug", "WhiteBear", "Snake", "Krypton", "Venomous Bear" ] }, "related": [ { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "02c5abff-30bf-4703-ab92-1f6072fae939", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09fcc02f-f9d4-43fa-8609-5e5e186b7103", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2a7c1bb7-cd12-456e-810d-ab3bf8457bab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2cf7dec3-66fc-423f-b2c7-58f1de243b4e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30489451-5886-4c46-90c9-0dff9adc5252", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "39cc9f64-cf74-4a48-a4d8-fe98c54a02e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "536be338-e2ef-4a6b-afb6-8d5568b91eb2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6b62e336-176f-417b-856a-8552dd8c44e1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "76abb3ef-dafd-4762-97cb-a35379429db4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "80a014ba-3fef-4768-990b-37d8bd10d7f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "925a6c52-5cf0-4fec-99de-b0d6917d8593", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92b55426-109f-4d93-899f-1833ce91ff90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ae797531-3219-49a4-bccf-324ad7a4c7b2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b1595ddd-a783-482a-90e1-8afc8d48467e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b35068ec-107a-4266-bda8-eb7036267aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c097471c-2405-4393-b6d7-afbcb5f0cd11", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d18cb958-f4ad-4fb3-bb4f-e8994d206550", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "da5880b4-f7da-4869-85f2-e0aba84b8565", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dcac85c1-6485-4790-84f6-de5e6f6b91dd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fa80877c-f509-4daf-8b62-20aba1635f68", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "7a19ecb1-3c65-4de3-a230-993516aed6a6", "value": "Turla - G0010" }, { "description": "[APT32](https://attack.mitre.org/groups/G0050) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments, dissidents, and journalists with a strong focus on Southeast Asian countries like Vietnam, the Philippines, Laos, and Cambodia. They have extensively used strategic web compromises to compromise victims.(Citation: FireEye APT32 May 2017)(Citation: Volexity OceanLotus Nov 2017)(Citation: ESET OceanLotus)", "meta": { "external_id": "G0050", "refs": [ "https://attack.mitre.org/groups/G0050", "https://www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf", "https://www.cybereason.com/blog/operation-cobalt-kitty-apt", "https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html", "https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/", "https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/", "https://www.welivesecurity.com/2019/03/20/fake-or-fake-keeping-up-with-oceanlotus-decoys/" ], "synonyms": [ "APT32", "SeaLotus", "OceanLotus", "APT-C-00" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "02c5abff-30bf-4703-ab92-1f6072fae939", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "08e844a8-371f-4fe3-9d1f-e056e64a7fde", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30489451-5886-4c46-90c9-0dff9adc5252", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5282dd9a-d26d-4e16-88b7-7c0f4553daf4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7dbb67c7-270a-40ad-836e-c45f8948aa5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8c1d01ff-fdc0-4586-99bd-c248e0761af5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "98e8a977-3416-43aa-87fa-33e287e9c14c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9ca488bd-9587-48ef-b923-1743523e63b2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "aa29ae56-e54b-47a2-ad16-d3ab0242d5d7", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "ad1a6df6-2251-5e47-a245-8693c1ace8fb", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eac3d77f-2b7b-4599-ba74-948dc16633ad", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f25aab1a-0cef-4910-a85d-bb38b32ea41a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6ae7a52-f3b6-4525-9daf-640c083f006e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "247cb30b-955f-42eb-97a5-a89fef69341e", "value": "APT32 - G0050" }, { "description": "[TA505](https://attack.mitre.org/groups/G0092) is a cyber criminal group that has been active since at least 2014. [TA505](https://attack.mitre.org/groups/G0092) is known for frequently changing malware, driving global trends in criminal malware distribution, and ransomware campaigns involving [Clop](https://attack.mitre.org/software/S0611).(Citation: Proofpoint TA505 Sep 2017)(Citation: Proofpoint TA505 June 2018)(Citation: Proofpoint TA505 Jan 2019)(Citation: NCC Group TA505)(Citation: Korean FSI TA505 2020)", "meta": { "external_id": "G0092", "refs": [ "https://attack.mitre.org/groups/G0092", "https://research.nccgroup.com/2020/11/18/ta505-a-brief-history-of-their-time/", "https://securityintelligence.com/posts/ta505-continues-to-infect-networks-with-sdbbot-rat/", "https://www.fsec.or.kr/user/bbs/fsec/163/344/bbsDataView/1382.do?page=1&column=&search=&searchSDate=&searchEDate=&bbsDataCategory=", "https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505", "https://www.proofpoint.com/us/threat-insight/post/ta505-shifts-times", "https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter" ], "synonyms": [ "TA505", "Hive0065" ] }, "related": [ { "dest-uuid": "00806466-754d-44ea-ad6f-0caf59cb8556", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "05318127-5962-444b-b900-a9dcfe0ff6e9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "066b057c-944e-4cfc-b654-e3dfba04b926", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "099ecff2-41b8-436d-843c-038a9aa9aa69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "43155329-3edf-47a6-9a14-7dac899b01e4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "432555de-63bf-4f2a-a3fa-f720a4561078", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e7c2fba-7cca-486c-9582-4c1bb2851961", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92b03a94-7147-4952-9d5a-b4d24da7487c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "aae22730-e571-4d17-b037-65f2a3e26213", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cad3ba95-8c89-4146-ab10-08daa813f9de", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f01e2711-4b48-4192-a2e8-5f56c945ca19", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f9b05f33-d45d-4e4d-aafe-c208d38a0080", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "7eda3dd8-b09b-4705-8090-c2ad9fb8c14d", "value": "TA505 - G0092" }, { "description": "[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub August 2020) This group has been active since at least 2004.(Citation: DOJ GRU Indictment Jul 2018) (Citation: Ars Technica GRU indictment Jul 2018) (Citation: Crowdstrike DNC June 2016) (Citation: FireEye APT28) (Citation: SecureWorks TG-4127) (Citation: FireEye APT28 January 2017) (Citation: GRIZZLY STEPPE JAR) (Citation: Sofacy DealersChoice) (Citation: Palo Alto Sofacy 06-2018) (Citation: Symantec APT28 Oct 2018) (Citation: ESET Zebrocy May 2019)\n\n[APT28](https://attack.mitre.org/groups/G0007) reportedly compromised the Hillary Clinton campaign, the Democratic National Committee, and the Democratic Congressional Campaign Committee in 2016 in an attempt to interfere with the U.S. presidential election. (Citation: Crowdstrike DNC June 2016) In 2018, the US indicted five GRU Unit 26165 officers associated with [APT28](https://attack.mitre.org/groups/G0007) for cyber operations (including close-access operations) conducted between 2014 and 2018 against the World Anti-Doping Agency (WADA), the US Anti-Doping Agency, a US nuclear facility, the Organization for the Prohibition of Chemical Weapons (OPCW), the Spiez Swiss Chemicals Laboratory, and other organizations.(Citation: US District Court Indictment GRU Oct 2018) Some of these were conducted with the assistance of GRU Unit 74455, which is also referred to as [Sandworm Team](https://attack.mitre.org/groups/G0034). ", "meta": { "external_id": "G0007", "refs": [ "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf", "https://arstechnica.com/information-technology/2018/07/from-bitly-to-x-agent-how-gru-hackers-targeted-the-2016-presidential-election/", "https://attack.mitre.org/groups/G0007", "https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html", "https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF", "https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/", "https://researchcenter.paloaltonetworks.com/2018/03/unit42-sofacy-uses-dealerschoice-target-european-government-agency/", "https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/", "https://securelist.com/a-slice-of-2017-sofacy-activity/83930/", "https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/", "https://www.accenture.com/t20181129T203820Z__w__/us-en/_acnmedia/PDF-90/Accenture-snakemackerel-delivers-zekapab-malware.pdf#zoom=50", "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/", "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf", "https://www.justice.gov/file/1080281/download", "https://www.justice.gov/opa/page/file/1098481/download", "https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/", "https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign", "https://www.symantec.com/blogs/election-security/apt28-espionage-military-government", "https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf", "https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/", "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" ], "synonyms": [ "APT28", "SNAKEMACKEREL", "Swallowtail", "Group 74", "Sednit", "Sofacy", "Pawn Storm", "Fancy Bear", "STRONTIUM", "Tsar Team", "Threat Group-4127", "TG-4127" ] }, "related": [ { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "08d20cd2-f084-45ee-8558-fa6ef5a18519", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "213cdde9-c11a-4ea9-8ce0-c868e9826fec", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2dd34b01-6110-4aac-835d-b5e7b936b0be", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3d9f700c-5eb5-5d36-a6e7-47b55f2844cd", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "45242287-2964-4a3e-9373-159fad4d8195", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "50d6688b-0985-4f3d-8cbe-0c796b30703b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "56660521-6db4-4e5a-a927-464f22954b7c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "59a97b15-8189-4d51-9404-e1ce8ea4a069", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5b4ee3ea-eee3-4c8e-8323-85ae32658754", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "60c18d06-7b91-4742-bae3-647845cd9d81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7343e208-7cab-45f2-a47b-41ba5e2f0fab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8ae43c46-57ef-47d5-a77a-eebb35628db2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f460983-1bbb-4e7e-8094-f0b5e720f658", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "90ec2b22-7061-4469-b539-0989ec4f96c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "99164b38-1775-40bc-b77b-a2373b14540a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a1dd2dbd-1550-44bf-abcc-1a4c52e97719", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a4f57468-fbd5-49e4-8476-52088220b92d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "af2ad3b7-ab6a-4807-91fd-51bcaff9acbb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b865dded-0553-4962-a44b-6fe7863effed", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c8655260-9f4b-44e3-85e1-6538a5f6e4f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ccd61dfc-b03f-4689-8c18-7c97eab08472", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d20b397a-ea47-48a9-b503-2e2a3551e11d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f005e783-57d4-4837-88ad-dbe7faee1c51", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f108215f-3487-489d-be8b-80e346d32518", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f91162cc-1686-4ff8-8115-bf3f61a4cc7a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fb575479-14ef-41e9-bfab-0b7cf10bec73", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "bef4c620-0787-42a8-a96d-b7eb6e85917c", "value": "APT28 - G0007" }, { "description": "[Equation](https://attack.mitre.org/groups/G0020) is a sophisticated threat group that employs multiple remote access tools. The group is known to use zero-day exploits and has developed the capability to overwrite the firmware of hard disk drives. (Citation: Kaspersky Equation QA)", "meta": { "external_id": "G0020", "refs": [ "https://attack.mitre.org/groups/G0020", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_group_questions_and_answers.pdf" ], "synonyms": [ "Equation" ] }, "related": [ { "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "791481f8-e96a-41be-b089-a088763083d4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfebc3b7-d19d-450b-81c7-6dafe4184c04", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "96e239be-ad99-49eb-b127-3007b8c1bec9", "value": "Equation - G0020" }, { "description": "[Moafee](https://attack.mitre.org/groups/G0002) is a threat group that appears to operate from the Guandong Province of China. Due to overlapping TTPs, including similar custom tools, Moafee is thought to have a direct or indirect relationship with the threat group [DragonOK](https://attack.mitre.org/groups/G0017). (Citation: Haq 2014)", "meta": { "external_id": "G0002", "refs": [ "https://attack.mitre.org/groups/G0002", "https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html" ], "synonyms": [ "Moafee" ] }, "related": [ { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a9b44750-992c-4743-8922-129880d277ea", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "2e5d3a83-fe00-41a5-9b60-237efc84832f", "value": "Moafee - G0002" }, { "description": "[Ke3chang](https://attack.mitre.org/groups/G0004) is a threat group attributed to actors operating out of China. [Ke3chang](https://attack.mitre.org/groups/G0004) has targeted oil, government, diplomatic, military, and NGOs in Central and South America, the Caribbean, Europe, and North America since at least 2010.(Citation: Mandiant Operation Ke3chang November 2014)(Citation: NCC Group APT15 Alive and Strong)(Citation: APT15 Intezer June 2018)(Citation: Microsoft NICKEL December 2021)", "meta": { "external_id": "G0004", "refs": [ "https://attack.mitre.org/groups/G0004", "https://research.nccgroup.com/2018/03/10/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/", "https://web.archive.org/web/20180615122133/https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/", "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-ke3chang.pdf", "https://www.mandiant.com/resources/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs", "https://www.microsoft.com/security/blog/2021/12/06/nickel-targeting-government-organizations-across-latin-america-and-europe" ], "synonyms": [ "Ke3chang", "APT15", "Mirage", "Vixen Panda", "GREF", "Playful Dragon", "RoyalAPT", "NICKEL" ] }, "related": [ { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "33b9e38f-103c-412d-bdcf-904a91fff1e4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4b6ec280-7bbb-48ff-ae59-b189520ebe83", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4d7bf2ac-f953-4907-b114-be44dc174d67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "77eae145-55db-4519-8ae5-77b0c7215d69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3cedcfe-6515-4348-af65-7f2c4157bf0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "6713ab67-e25b-49cc-808d-2b36d4fbc35c", "value": "Ke3chang - G0004" }, { "description": "[Cleaver](https://attack.mitre.org/groups/G0003) is a threat group that has been attributed to Iranian actors and is responsible for activity tracked as Operation Cleaver. (Citation: Cylance Cleaver) Strong circumstantial evidence suggests Cleaver is linked to Threat Group 2889 (TG-2889). (Citation: Dell Threat Group 2889)", "meta": { "external_id": "G0003", "refs": [ "http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/", "https://attack.mitre.org/groups/G0003", "https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf" ], "synonyms": [ "Cleaver", "Threat Group 2889", "TG-2889" ] }, "related": [ { "dest-uuid": "11e17436-6ede-4733-8547-4ce0254ea19e", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "271e6d40-e191-421a-8f87-a8102452c201", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "86724806-7ec9-4a48-a0a7-ecbde3bf4810", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c2ffd229-11bb-4fd8-9208-edbe97b14c93", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d56c99fa-4710-472c-81a6-41b7a84ea4be", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "f98bac6b-12fd-4cad-be84-c84666932232", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "fddd81e9-dd3d-477e-9773-4fb8ae227234", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fde50aaa-f5de-4cb8-989a-babb57d6a704", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "8f5e8dc7-739d-4f5e-a8a1-a66e004d7063", "value": "Cleaver - G0003" }, { "description": "[Patchwork](https://attack.mitre.org/groups/G0040) is a cyber espionage group that was first observed in December 2015. While the group has not been definitively attributed, circumstantial evidence suggests the group may be a pro-Indian or Indian entity. [Patchwork](https://attack.mitre.org/groups/G0040) has been seen targeting industries related to diplomatic and government agencies. Much of the code used by this group was copied and pasted from online forums. [Patchwork](https://attack.mitre.org/groups/G0040) was also seen operating spearphishing campaigns targeting U.S. think tank groups in March and April of 2018.(Citation: Cymmetria Patchwork) (Citation: Symantec Patchwork)(Citation: TrendMicro Patchwork Dec 2017)(Citation: Volexity Patchwork June 2018)", "meta": { "external_id": "G0040", "refs": [ "http://enterprise-manage.norman.c.bitbit.net/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf", "http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries", "https://attack.mitre.org/groups/G0040", "https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf", "https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/", "https://securelist.com/the-dropping-elephant-actor/75328/", "https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/", "https://web.archive.org/web/20180825085952/https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf", "https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf", "https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/" ], "synonyms": [ "Patchwork", "Hangover Group", "Dropping Elephant", "Chinastrats", "MONSOON", "Operation Hangover" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "18d473a5-831b-47a5-97a1-a32156299825", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "231a81cd-4e24-590b-b084-1a4715b30d67", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "34b3f738-bd64-40e5-a112-29b0542bc8bf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "85b39628-204a-48d2-b377-ec368cbcb7ca", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ab3580c8-8435-4117-aace-3d9fbe46aa56", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c13d9621-aca7-436b-ab3d-3a95badb3d00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1183cb9-258e-4f2f-8415-50ac8252c49e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e9595678-d269-469e-ae6b-75e49259de63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f5352566-1a64-49ac-8f7f-97e1d1a03300", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0", "value": "Patchwork - G0040" }, { "description": "[Carbanak](https://attack.mitre.org/groups/G0008) is a cybercriminal group that has used [Carbanak](https://attack.mitre.org/software/S0030) malware to target financial institutions since at least 2013. [Carbanak](https://attack.mitre.org/groups/G0008) may be linked to groups tracked separately as [Cobalt Group](https://attack.mitre.org/groups/G0080) and [FIN7](https://attack.mitre.org/groups/G0046) that have also used [Carbanak](https://attack.mitre.org/software/S0030) malware.(Citation: Kaspersky Carbanak)(Citation: FireEye FIN7 April 2017)(Citation: Europol Cobalt Mar 2018)(Citation: Secureworks GOLD NIAGARA Threat Profile)(Citation: Secureworks GOLD KINGSWOOD Threat Profile)", "meta": { "external_id": "G0008", "refs": [ "https://attack.mitre.org/groups/G0008", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064518/Carbanak_APT_eng.pdf", "https://www.europol.europa.eu/newsroom/news/mastermind-behind-eur-1-billion-cyber-bank-robbery-arrested-in-spain", "https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html", "https://www.fox-it.com/en/news/blog/anunak-aka-carbanak-update/", "https://www.secureworks.com/research/threat-profiles/gold-kingswood?filter=item-financial-gain", "https://www.secureworks.com/research/threat-profiles/gold-niagara" ], "synonyms": [ "Carbanak", "Anunak" ] }, "related": [ { "dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a4aba29f-fb91-50d9-bdf9-2b184922a200", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "55033a4d-3ffe-46b2-99b4-2c1541e9ce1c", "value": "Carbanak - G0008" }, { "description": "[WIRTE](https://attack.mitre.org/groups/G0090) is a threat group that has been active since at least August 2018. [WIRTE](https://attack.mitre.org/groups/G0090) has targeted government, diplomatic, financial, military, legal, and technology organizations in the Middle East and Europe.(Citation: Lab52 WIRTE Apr 2019)(Citation: Kaspersky WIRTE November 2021)", "meta": { "external_id": "G0090", "refs": [ "https://attack.mitre.org/groups/G0090", "https://lab52.io/blog/wirte-group-attacking-the-middle-east/", "https://securelist.com/wirtes-campaign-in-the-middle-east-living-off-the-land-since-at-least-2019/105044" ], "synonyms": [ "WIRTE" ] }, "related": [ { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "73d08401-005f-4e1f-90b9-8f45d120879f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9020f5c7-efde-4125-a4f1-1b70f1274ddd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "f8cb7b36-62ef-4488-8a6d-a7033e3271c1", "value": "WIRTE - G0090" }, { "description": "[HEXANE](https://attack.mitre.org/groups/G1001) is a cyber espionage threat group that has targeted oil & gas, telecommunications, aviation, and internet service provider organizations since at least 2017. Targeted companies have been located in the Middle East and Africa, including Israel, Saudi Arabia, Kuwait, Morocco, and Tunisia. [HEXANE](https://attack.mitre.org/groups/G1001)'s TTPs appear similar to [APT33](https://attack.mitre.org/groups/G0064) and [OilRig](https://attack.mitre.org/groups/G0049) but due to differences in victims and tools it is tracked as a separate entity.(Citation: Dragos Hexane)(Citation: Kaspersky Lyceum October 2021)(Citation: ClearSky Siamesekitten August 2021)(Citation: Accenture Lyceum Targets November 2021)", "meta": { "external_id": "G1001", "refs": [ "https://attack.mitre.org/groups/G1001", "https://dragos.com/resource/hexane/", "https://vblocalhost.com/uploads/VB2021-Kayal-etal.pdf", "https://www.accenture.com/us-en/blogs/cyber-defense/iran-based-lyceum-campaigns", "https://www.clearskysec.com/siamesekitten/", "https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign" ], "synonyms": [ "HEXANE", "Lyceum", "Siamesekitten", "Spirlin" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "197ef1b9-e764-46c3-b96c-23f77985dc81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4b57c098-f043-4da2-83ef-7588a6d426bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5282dd9a-d26d-4e16-88b7-7c0f4553daf4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64764dc6-a032-495f-8250-1e4c06bdc163", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8a2867f9-e8fc-4bf1-a860-ef6e46311900", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "99854cc8-f202-4e03-aa0a-4f8a4af93229", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "aea6d6b8-d832-4c90-a1bb-f52c6684db6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b8d48deb-450c-44f6-a934-ac8765aa89cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc723aff-ec88-40e3-a224-5af9fd983cc4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e7863f5d-cb6a-4f81-8804-0a635eec160a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "f29b7c5e-2439-42ad-a86f-9f8984fafae3", "value": "HEXANE - G1001" }, { "description": "[Frankenstein](https://attack.mitre.org/groups/G0101) is a campaign carried out between January and April 2019 by unknown threat actors. The campaign name comes from the actors' ability to piece together several unrelated components.(Citation: Talos Frankenstein June 2019) ", "meta": { "external_id": "G0101", "refs": [ "https://attack.mitre.org/groups/G0101", "https://blog.talosintelligence.com/2019/06/frankenstein-campaign.html" ], "synonyms": [ "Frankenstein" ] }, "related": [], "uuid": "6b1b551c-d770-4f95-8cfc-3cd253c4c04e", "value": "Frankenstein - G0101" }, { "description": "[PittyTiger](https://attack.mitre.org/groups/G0011) is a threat group believed to operate out of China that uses multiple different types of malware to maintain command and control.(Citation: Bizeul 2014)(Citation: Villeneuve 2014)", "meta": { "external_id": "G0011", "refs": [ "https://airbus-cyber-security.com/the-eye-of-the-tiger/", "https://attack.mitre.org/groups/G0011", "https://www.fireeye.com/blog/threat-research/2014/07/spy-of-the-tiger.html" ], "synonyms": [ "PittyTiger" ] }, "related": [ { "dest-uuid": "251fbae2-78f6-4de7-84f6-194c727a64ad", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4d37813c-b8e9-4e58-a758-03168d8aa189", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b07c2c47-fefb-4d7c-a69e-6a3296171f54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "fe98767f-9df8-42b9-83c9-004b1dec8647", "value": "PittyTiger - G0011" }, { "description": "[APT16](https://attack.mitre.org/groups/G0023) is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. (Citation: FireEye EPS Awakens Part 2)", "meta": { "external_id": "G0023", "refs": [ "https://attack.mitre.org/groups/G0023", "https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html" ], "synonyms": [ "APT16" ] }, "related": [ { "dest-uuid": "3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5b6ce031-bb86-407a-9984-2b9700ac4549", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e51398e6-53dc-4e9f-a323-e54683d8672b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "d6e88e18-81e8-4709-82d8-973095da1e70", "value": "APT16 - G0023" }, { "description": "[APT17](https://attack.mitre.org/groups/G0025) is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. (Citation: FireEye APT17)", "meta": { "external_id": "G0025", "refs": [ "https://attack.mitre.org/groups/G0025", "https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf" ], "synonyms": [ "APT17", "Deputy Dog" ] }, "related": [ { "dest-uuid": "271e6d40-e191-421a-8f87-a8102452c201", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "72c8d526-1247-42d4-919c-6d7a31ca8f39", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9108e212-1c94-4f8d-be76-1aad9b4c86a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "99e30d89-9361-4b73-a999-9e5ff9320bcb", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "090242d7-73fc-4738-af68-20162f7a5aae", "value": "APT17 - G0025" }, { "description": "[APT18](https://attack.mitre.org/groups/G0026) is a threat group that has operated since at least 2009 and has targeted a range of industries, including technology, manufacturing, human rights groups, government, and medical. (Citation: Dell Lateral Movement)", "meta": { "external_id": "G0026", "refs": [ "http://www.secureworks.com/resources/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems/", "https://attack.mitre.org/groups/G0026", "https://www.anomali.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop", "https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop" ], "synonyms": [ "APT18", "TG-0416", "Dynamite Panda", "Threat Group-0416" ] }, "related": [ { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "9e2bba94-950b-4fcf-8070-cb3f816c5f4e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b96680d1-5eb3-4f07-b95c-00ab904ac236", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e066bf86-9cfb-407a-9d25-26fd5d91e360", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648", "value": "APT18 - G0026" }, { "description": "[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April 2021) They have operated since at least 2008, often targeting government networks in Europe and NATO member countries, research institutes, and think tanks. [APT29](https://attack.mitre.org/groups/G0016) reportedly compromised the Democratic National Committee starting in the summer of 2015.(Citation: F-Secure The Dukes)(Citation: GRIZZLY STEPPE JAR)(Citation: Crowdstrike DNC June 2016)(Citation: UK Gov UK Exposes Russia SolarWinds April 2021)\n\nIn April 2021, the US and UK governments attributed the [SolarWinds Compromise](https://attack.mitre.org/campaigns/C0024) to the SVR; public statements included citations to [APT29](https://attack.mitre.org/groups/G0016), Cozy Bear, and The Dukes.(Citation: NSA Joint Advisory SVR SolarWinds April 2021)(Citation: UK NSCS Russia SolarWinds April 2021) Industry reporting also referred to the actors involved in this campaign as UNC2452, NOBELIUM, StellarParticle, Dark Halo, and SolarStorm.(Citation: FireEye SUNBURST Backdoor December 2020)(Citation: MSTIC NOBELIUM Mar 2021)(Citation: CrowdStrike SUNSPOT Implant January 2021)(Citation: Volexity SolarWinds)(Citation: Cybersecurity Advisory SVR TTP May 2021)(Citation: Unit 42 SolarStorm December 2020)", "meta": { "external_id": "G0016", "refs": [ "http://www.secureworks.com/research/threat-profiles/iron-hemlock", "https://attack.mitre.org/groups/G0016", "https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attacks/", "https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF", "https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/", "https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/", "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/", "https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/", "https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/", "https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf", "https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html", "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html", "https://www.gov.uk/government/news/russia-uk-and-us-expose-global-campaigns-of-malign-activity-by-russian-intelligence-services", "https://www.gov.uk/government/news/russia-uk-exposes-russian-involvement-in-solarwinds-cyber-compromise", "https://www.mandiant.com/resources/blog/unc3524-eye-spy-email", "https://www.microsoft.com/security/blog/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/", "https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/", "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/", "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/", "https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf", "https://www.ncsc.gov.uk/files/Advisory-further-TTPs-associated-with-SVR-cyber-actors.pdf", "https://www.ncsc.gov.uk/news/uk-and-us-call-out-russia-for-solarwinds-compromise", "https://www.pwc.co.uk/issues/cyber-security-services/insights/cleaning-up-after-wellmess.html", "https://www.pwc.co.uk/issues/cyber-security-services/insights/wellmess-analysis-command-control.html", "https://www.secureworks.com/research/threat-profiles/iron-ritual", "https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf", "https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/", "https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf", "https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/" ], "synonyms": [ "APT29", "IRON RITUAL", "IRON HEMLOCK", "NobleBaron", "Dark Halo", "StellarParticle", "NOBELIUM", "UNC2452", "YTTRIUM", "The Dukes", "Cozy Bear", "CozyDuke", "SolarStorm", "Blue Kitsune", "UNC3524" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00c3bfcb-99bd-4767-8c03-b08f585f5c8a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "066b057c-944e-4cfc-b654-e3dfba04b926", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "11f8d7eb-1927-4806-9267-3a11d4d4d6be", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "199463de-d9be-46d6-bb41-07234c1dd5a6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1cec9319-743b-4840-bb65-431547bce82a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2c5281dd-b5fd-4531-8aea-c1bf8a0f8756", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2daa14d6-cbf3-4308-bb8e-213c324a08e4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2eb9b131-d333-4a48-9eb4-d8dec46c19ee", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2f8229dc-da94-41c6-89ba-b5b6c32f6b7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32f49626-87f4-4d6c-8f59-a0dca953fe26", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3a4197ae-ec63-4162-907b-9a073d1157e4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3d52e51e-f6db-4719-813c-48002a99f43a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3d57dcc4-be99-4613-9482-d5218f5ec13e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "47124daf-44be-4530-9c63-038bc64318dd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4816d361-f82b-4a18-aa05-b215e7cf9200", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4efc3e00-72f2-466a-ab7c-8a7dc6603b19", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "54a01db0-9fab-4d5f-8209-53cef8425f4a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "54ca26f3-c172-4231-93e5-ccebcac2161f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "55bb4471-ff1f-43b4-88c1-c9384ec47abf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5c747acd-47f0-4c5a-b9e5-213541fc01e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5e595477-2e78-4ce7-ae42-e0b059b17808", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5e7ef1dc-7fb6-4913-ac75-e06113b59e0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65370d0b-3bd4-4653-8cf9-daf56f6be830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "67e6d66b-1b82-4699-b47a-e2efb6268d14", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6dbdc657-d8e0-4f2f-909b-7251b3e72c6d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "72911fe3-f085-40f7-b4f2-f25a4221fe44", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7decb26c-715c-40cf-b7e0-026f7d7cc215", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e7c2fba-7cca-486c-9582-4c1bb2851961", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8861073d-d1b8-4941-82ce-dce621d398f0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f104855-e5b7-4077-b1f5-bc3103b41abe", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "959f3b19-2dc8-48d5-8942-c66813a5101a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "95e2cbae-d82c-4f7b-b63c-16462015d35d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "96eca9b9-b37f-42f1-96dc-a2c441403194", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "979adb5a-dc30-48f0-9e3d-9a26d866928c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a8839c95-029f-44cf-8f3d-a3cf2039e927", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ae9d818d-95d0-41da-b045-9cabea1ca164", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b136d088-a829-432c-ac26-5529c26d4c7e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b2056ff0-00b9-482e-b11c-c771daa5f28a", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b7010785-699f-412f-ba49-524da6033c76", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bdad6f3b-de88-42fa-9295-d29b5271808e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf48e7f8-752c-4ce8-bf8f-748edacd8fa6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c26f1c05-b861-4970-94dc-2f7f921a3074", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cbf646f1-7db5-4dc6-808b-0094313949df", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d4dc46e3-5ba5-45b9-8204-010867cacfcb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d94b3ae9-8059-4989-8e9f-ea0f601f80a7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dca670cf-eeec-438f-8185-fd959d9ef211", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e33e4603-afab-402d-b2a1-248d435b5fe0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6ef745b-077f-42e1-a37d-29eecff9c754", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "899ce53f-13a0-479b-a0e4-67d46e241542", "value": "APT29 - G0016" }, { "description": "[BITTER](https://attack.mitre.org/groups/G1002) is a suspected South Asian cyber espionage threat group that has been active since at least 2013. [BITTER](https://attack.mitre.org/groups/G1002) has primarily targeted government, energy, and engineering organizations in Pakistan, China, Bangladesh, and Saudi Arabia.(Citation: Cisco Talos Bitter Bangladesh May 2022)(Citation: Forcepoint BITTER Pakistan Oct 2016)", "meta": { "external_id": "G1002", "refs": [ "https://attack.mitre.org/groups/G1002", "https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html", "https://www.forcepoint.com/blog/x-labs/bitter-targeted-attack-against-pakistan" ], "synonyms": [ "BITTER", "T-APT-17" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "97cfbdc6-504d-41e9-a46c-78a9f806ff0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "7f848c02-4d1e-4808-a4ae-4670681370a9", "value": "BITTER - G1002" }, { "description": "[Darkhotel](https://attack.mitre.org/groups/G0012) is a suspected South Korean threat group that has targeted victims primarily in East Asia since at least 2004. The group's name is based on cyber espionage operations conducted via hotel Internet networks against traveling executives and other select guests. [Darkhotel](https://attack.mitre.org/groups/G0012) has also conducted spearphishing campaigns and infected victims through peer-to-peer and file sharing networks.(Citation: Kaspersky Darkhotel)(Citation: Securelist Darkhotel Aug 2015)(Citation: Microsoft Digital Defense FY20 Sept 2020)", "meta": { "external_id": "G0012", "refs": [ "https://attack.mitre.org/groups/G0012", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070903/darkhotel_kl_07.11.pdf", "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWxPuf", "https://securelist.com/darkhotels-attacks-in-2015/71713/", "https://www.microsoft.com/security/blog/2016/06/09/reverse-engineering-dubnium-2/", "https://www.microsoft.com/security/blog/2016/06/20/reverse-engineering-dubniums-flash-targeting-exploit/", "https://www.microsoft.com/security/blog/2016/07/14/reverse-engineering-dubnium-stage-2-payload-analysis/" ], "synonyms": [ "Darkhotel", "DUBNIUM" ] }, "related": [ { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f52ab8b8-71f2-5a88-946f-853dc3441efe", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" } ], "uuid": "9e729a7e-0dd6-4097-95bf-db8d64911383", "value": "Darkhotel - G0012" }, { "description": "[Evilnum](https://attack.mitre.org/groups/G0120) is a financially motivated threat group that has been active since at least 2018.(Citation: ESET EvilNum July 2020)", "meta": { "external_id": "G0120", "refs": [ "https://attack.mitre.org/groups/G0120", "https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/" ], "synonyms": [ "Evilnum" ] }, "related": [ { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7cdfccda-2950-4167-981a-60872ff5d0db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bfd2738c-8b43-43c3-bc9f-d523c8e88bf4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "1f0f9a14-11aa-49aa-9174-bcd0eaa979de", "value": "Evilnum - G0120" }, { "description": "[Molerats](https://attack.mitre.org/groups/G0021) is an Arabic-speaking, politically-motivated threat group that has been operating since 2012. The group's victims have primarily been in the Middle East, Europe, and the United States.(Citation: DustySky)(Citation: DustySky2)(Citation: Kaspersky MoleRATs April 2019)(Citation: Cybereason Molerats Dec 2020)", "meta": { "external_id": "G0021", "refs": [ "http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf", "https://attack.mitre.org/groups/G0021", "https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/", "https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf", "https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf", "https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html" ], "synonyms": [ "Molerats", "Operation Molerats", "Gaza Cybergang" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03ea629c-517a-41e3-94f8-c7e5368cf8f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0ba9281c-93fa-4b29-8e9e-7ef918c7b13a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ae6097d-d700-46c6-8b21-42fc0bcb48fa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "687c23e4-4e25-4ee7-a870-c5e002511f54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8a59f456-79a0-4151-9f56-9b1a67332af2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f7c2e501-73b1-400f-a5d9-2e2e07b7dfde", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" } ], "uuid": "df71bb3b-813c-45eb-a8bc-f2a419837411", "value": "Molerats - G0021" }, { "description": "[admin@338](https://attack.mitre.org/groups/G0018) is a China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs such as [PoisonIvy](https://attack.mitre.org/software/S0012), as well as some non-public backdoors. (Citation: FireEye admin@338)", "meta": { "external_id": "G0018", "refs": [ "https://attack.mitre.org/groups/G0018", "https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html" ], "synonyms": [ "admin@338" ] }, "related": [ { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "123bd7b3-675c-4b1a-8482-c55782b20e2b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2a6f4c7b-e690-4cc7-ab6b-1f821fb6b80b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac4bce1f-b3ec-4c44-bd36-b6cc986b319b", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "16ade1aa-0ea1-4bb7-88cc-9079df2ae756", "value": "admin@338 - G0018" }, { "description": "[APT19](https://attack.mitre.org/groups/G0073) is a Chinese-based threat group that has targeted a variety of industries, including defense, finance, energy, pharmaceutical, telecommunications, high tech, education, manufacturing, and legal services. In 2017, a phishing campaign was used to target seven law and investment firms. (Citation: FireEye APT19) Some analysts track [APT19](https://attack.mitre.org/groups/G0073) and [Deep Panda](https://attack.mitre.org/groups/G0009) as the same group, but it is unclear from open source information if the groups are the same. (Citation: ICIT China's Espionage Jul 2016) (Citation: FireEye APT Groups) (Citation: Unit 42 C0d0so0 Jan 2016)", "meta": { "external_id": "G0073", "refs": [ "https://attack.mitre.org/groups/G0073", "https://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/", "https://web.archive.org/web/20171017072306/https://icitech.org/icit-brief-chinas-espionage-dynasty-economic-death-by-a-thousand-cuts/", "https://www.darkreading.com/attacks-breaches/chinese-hacking-group-codoso-team-uses-forbescom-as-watering-hole-/d/d-id/1319059", "https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html", "https://www.fireeye.com/current-threats/apt-groups.html#apt19" ], "synonyms": [ "APT19", "Codoso", "C0d0so0", "Codoso Team", "Sunshop Group" ] }, "related": [ { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "fe8796a4-2a02-41a0-9d27-7aa1e995feb6", "value": "APT19 - G0073" }, { "description": "[Mofang](https://attack.mitre.org/groups/G0103) is a likely China-based cyber espionage group, named for its frequent practice of imitating a victim's infrastructure. This adversary has been observed since at least May 2012 conducting focused attacks against government and critical infrastructure in Myanmar, as well as several other countries and sectors including military, automobile, and weapons industries.(Citation: FOX-IT May 2016 Mofang)", "meta": { "external_id": "G0103", "refs": [ "https://attack.mitre.org/groups/G0103", "https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf" ], "synonyms": [ "Mofang" ] }, "related": [ { "dest-uuid": "115f88dd-0618-4389-83cb-98d33ae81848", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5763217a-05b6-4edd-9bca-057e47b5e403", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "88489675-d216-4884-a98f-49a89fcc1643", "value": "Mofang - G0103" }, { "description": "[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed targeting healthcare, telecom, technology, and video game industries in 14 countries. [APT41](https://attack.mitre.org/groups/G0096) overlaps at least partially with public reporting on groups including BARIUM and [Winnti Group](https://attack.mitre.org/groups/G0044).(Citation: FireEye APT41 Aug 2019)(Citation: Group IB APT 41 June 2021)\n", "meta": { "external_id": "G0096", "refs": [ "https://attack.mitre.org/groups/G0096", "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf", "https://www.group-ib.com/blog/colunmtk-apt41/", "https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf" ], "synonyms": [ "APT41", "Wicked Panda" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "38952eac-cb1b-4a71-bad2-ee8223a1c8fe", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64764dc6-a032-495f-8250-1e4c06bdc163", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6c575670-d14c-4c7f-9b9d-fd1b363e255d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8787e86d-8475-4f13-acea-d33eb83b6105", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "94379dec-5c87-49db-b36e-66abc0b81344", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9b19d6b4-cfcb-492f-8ca8-8449e7331573", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba78a1c-186f-4112-9e6a-be1839f030f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cfc75b0d-e579-40ae-ad07-a1ce00d49a6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec9e00dd-0313-4d5b-8105-c20aa47abffc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "18854f55-ac7c-4634-bd9a-352dd07613b7", "value": "APT41 - G0096" }, { "description": "[LazyScripter](https://attack.mitre.org/groups/G0140) is threat group that has mainly targeted the airlines industry since at least 2018, primarily using open-source toolsets.(Citation: MalwareBytes LazyScripter Feb 2021)", "meta": { "external_id": "G0140", "refs": [ "https://attack.mitre.org/groups/G0140", "https://www.malwarebytes.com/resources/files/2021/02/lazyscripter.pdf" ], "synonyms": [ "LazyScripter" ] }, "related": [ { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2f7f03bb-f367-4a5a-ad9b-310a12a48906", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7cd0bc75-055b-4098-a00e-83dc8beaff14", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c8655260-9f4b-44e3-85e1-6538a5f6e4f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df9b350b-d4f9-4e79-a826-75cc75fbc1eb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "abc5a1d4-f0dc-49d1-88a1-4a80e478bb03", "value": "LazyScripter - G0140" }, { "description": "Operation [Sharpshooter](https://attack.mitre.org/groups/G0104) is the name of a cyber espionage campaign discovered in October 2018 targeting nuclear, defense, energy, and financial companies. Though overlaps between this adversary and [Lazarus Group](https://attack.mitre.org/groups/G0032) have been noted, definitive links have not been established.(Citation: McAfee Sharpshooter December 2018)", "meta": { "external_id": "G0104", "refs": [ "https://attack.mitre.org/groups/G0104", "https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf" ], "synonyms": [ "Sharpshooter" ] }, "related": [], "uuid": "5e78ae92-3ffd-4b16-bf62-e798529d73f1", "value": "Sharpshooter - G0104" }, { "description": "[Strider](https://attack.mitre.org/groups/G0041) is a threat group that has been active since at least 2011 and has targeted victims in Russia, China, Sweden, Belgium, Iran, and Rwanda.(Citation: Symantec Strider Blog)(Citation: Kaspersky ProjectSauron Blog)", "meta": { "external_id": "G0041", "refs": [ "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets", "https://attack.mitre.org/groups/G0041", "https://securelist.com/faq-the-projectsauron-apt/75533/", "https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf" ], "synonyms": [ "Strider", "ProjectSauron" ] }, "related": [ { "dest-uuid": "24ce266c-1860-5e04-a107-48d1d39f8ebf", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "3731fbcd-0e43-47ae-ae6c-d15e510f0d42", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69d6f4a9-fcf0-4f51-bca7-597c51ad0bb8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfebc3b7-d19d-450b-81c7-6dafe4184c04", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f3179cfb-9c86-4980-bd6b-e4fa74adaaa7", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "277d2f87-2ae5-4730-a3aa-50c1fdff9656", "value": "Strider - G0041" }, { "description": "[DarkVishnya](https://attack.mitre.org/groups/G0105) is a financially motivated threat actor targeting financial institutions in Eastern Europe. In 2017-2018 the group attacked at least 8 banks in this region.(Citation: Securelist DarkVishnya Dec 2018)", "meta": { "external_id": "G0105", "refs": [ "https://attack.mitre.org/groups/G0105", "https://securelist.com/darkvishnya/89169/" ], "synonyms": [ "DarkVishnya" ] }, "related": [ { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d40239b3-05ff-46d8-9bdd-b46d13463ef9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "813636db-3939-4a45-bea9-6113e970c029", "value": "DarkVishnya - G0105" }, { "description": "[POLONIUM](https://attack.mitre.org/groups/G1005) is a Lebanon-based group that has primarily targeted Israeli organizations, including critical manufacturing, information technology, and defense industry companies, since at least February 2022. Security researchers assess [POLONIUM](https://attack.mitre.org/groups/G1005) has coordinated their operations with multiple actors affiliated with Iran’s Ministry of Intelligence and Security (MOIS), based on victim overlap as well as common techniques and tooling.(Citation: Microsoft POLONIUM June 2022)", "meta": { "external_id": "G1005", "refs": [ "https://attack.mitre.org/groups/G1005", "https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/" ], "synonyms": [ "POLONIUM" ] }, "related": [ { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "750eb92a-7fdf-451e-9592-1d42357018f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d23de441-f9cf-4802-b1ff-f588a11a896b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "5f3d0238-d058-44a9-8812-3dd1b6741a8c", "value": "POLONIUM - G1005" }, { "description": "[Taidoor](https://attack.mitre.org/groups/G0015) has been deprecated, as the only technique it was linked to was deprecated in ATT&CK v7.", "meta": { "external_id": "G0015", "refs": [ "https://attack.mitre.org/groups/G0015" ], "synonyms": [ "Taidoor" ] }, "related": [], "uuid": "59140a2e-d117-4206-9b2c-2a8662bd9d46", "value": "Taidoor - G0015" }, { "description": "[FIN8](https://attack.mitre.org/groups/G0061) is a financially motivated threat group that has been active since at least January 2016, and known for targeting organizations in the hospitality, retail, entertainment, insurance, technology, chemical, and financial sectors. In June 2021, security researchers detected [FIN8](https://attack.mitre.org/groups/G0061) switching from targeting point-of-sale (POS) devices to distributing a number of ransomware variants.(Citation: FireEye Obfuscation June 2017)(Citation: FireEye Fin8 May 2016)(Citation: Bitdefender Sardonic Aug 2021)(Citation: Symantec FIN8 Jul 2023)", "meta": { "external_id": "G0061", "refs": [ "https://attack.mitre.org/groups/G0061", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/syssphinx-fin8-backdoor", "https://web.archive.org/web/20170923102302/https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html", "https://www.bitdefender.com/files/News/CaseStudies/study/401/Bitdefender-PR-Whitepaper-FIN8-creat5619-en-EN.pdf", "https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html" ], "synonyms": [ "FIN8", "Syssphinx" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0c52f5bc-557d-4083-bd27-66d7cdb794bb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3553b49d-d4ae-4fb6-ab17-0adbc520c888", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "38952eac-cb1b-4a71-bad2-ee8223a1c8fe", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "54895630-efd2-4608-9c24-319de972a9eb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5c6ed2dc-37f4-40ea-b2e1-4c76140a388c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "981acc4c-2ede-4b56-be6e-fa1a75f37acf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a78ae9fe-71cd-4563-9213-7b6260bd9a73", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c4de7d83-e875-4c88-8b5d-06c41e5b7e79", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "fd19bd82-1b14-49a1-a176-6cdc46b8a826", "value": "FIN8 - G0061" }, { "description": "[Rocke](https://attack.mitre.org/groups/G0106) is an alleged Chinese-speaking adversary whose primary objective appeared to be cryptojacking, or stealing victim system resources for the purposes of mining cryptocurrency. The name [Rocke](https://attack.mitre.org/groups/G0106) comes from the email address \"rocke@live.cn\" used to create the wallet which held collected cryptocurrency. Researchers have detected overlaps between [Rocke](https://attack.mitre.org/groups/G0106) and the Iron Cybercrime Group, though this attribution has not been confirmed.(Citation: Talos Rocke August 2018)", "meta": { "external_id": "G0106", "refs": [ "https://attack.mitre.org/groups/G0106", "https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html" ], "synonyms": [ "Rocke" ] }, "related": [ { "dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "44102191-3a31-45f8-acbe-34bdb441d5ad", "value": "Rocke - G0106" }, { "description": "[DragonOK](https://attack.mitre.org/groups/G0017) is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, [DragonOK](https://attack.mitre.org/groups/G0017) is thought to have a direct or indirect relationship with the threat group [Moafee](https://attack.mitre.org/groups/G0002). (Citation: Operation Quantum Entanglement) It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT. (Citation: New DragonOK)", "meta": { "external_id": "G0017", "refs": [ "http://researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/", "https://attack.mitre.org/groups/G0017", "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf" ], "synonyms": [ "DragonOK" ] }, "related": [ { "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a9b44750-992c-4743-8922-129880d277ea", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "f3bdec95-3d62-42d9-a840-29630f6cdc1a", "value": "DragonOK - G0017" }, { "description": "[Orangeworm](https://attack.mitre.org/groups/G0071) is a group that has targeted organizations in the healthcare sector in the United States, Europe, and Asia since at least 2015, likely for the purpose of corporate espionage.(Citation: Symantec Orangeworm April 2018)", "meta": { "external_id": "G0071", "refs": [ "https://attack.mitre.org/groups/G0071", "https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia" ], "synonyms": [ "Orangeworm" ] }, "related": [ { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30489451-5886-4c46-90c9-0dff9adc5252", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c11ac61d-50f4-444f-85d8-6f006067f0de", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c2417bab-3189-4d4d-9d60-96de2cdaf0ab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "5636b7b3-d99b-4edd-aa05-ee649c1d4ef1", "value": "Orangeworm - G0071" }, { "description": "[Whitefly](https://attack.mitre.org/groups/G0107) is a cyber espionage group that has been operating since at least 2017. The group has targeted organizations based mostly in Singapore across a wide variety of sectors, and is primarily interested in stealing large amounts of sensitive information. The group has been linked to an attack against Singapore’s largest public health organization, SingHealth.(Citation: Symantec Whitefly March 2019)", "meta": { "external_id": "G0107", "refs": [ "https://attack.mitre.org/groups/G0107", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/whitefly-espionage-singapore" ], "synonyms": [ "Whitefly" ] }, "related": [ { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "b74f909f-8e52-4b69-b770-162bf59a1b4e", "value": "Whitefly - G0107" }, { "description": "[SideCopy](https://attack.mitre.org/groups/G1008) is a Pakistani threat group that has primarily targeted South Asian countries, including Indian and Afghani government personnel, since at least 2019. [SideCopy](https://attack.mitre.org/groups/G1008)'s name comes from its infection chain that tries to mimic that of [Sidewinder](https://attack.mitre.org/groups/G0121), a suspected Indian threat group.(Citation: MalwareBytes SideCopy Dec 2021)", "meta": { "external_id": "G1008", "refs": [ "https://attack.mitre.org/groups/G1008", "https://www.malwarebytes.com/blog/news/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure" ], "synonyms": [ "SideCopy" ] }, "related": [ { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "36801ffb-5c85-4c50-9121-6122e389366d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3e4e2c79-2b27-4245-a5c1-5586a3cbd8f5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c877e33f-1df6-40d6-b1e7-ce70f16f4979", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "03be849d-b5a2-4766-9dda-48976bae5710", "value": "SideCopy - G1008" }, { "description": "[Naikon](https://attack.mitre.org/groups/G0019) is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020).(Citation: CameraShy) Active since at least 2010, [Naikon](https://attack.mitre.org/groups/G0019) has primarily conducted operations against government, military, and civil organizations in Southeast Asia, as well as against international bodies such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN).(Citation: CameraShy)(Citation: Baumgartner Naikon 2015) \n\nWhile [Naikon](https://attack.mitre.org/groups/G0019) shares some characteristics with [APT30](https://attack.mitre.org/groups/G0013), the two groups do not appear to be exact matches.(Citation: Baumgartner Golovkin Naikon 2015)", "meta": { "external_id": "G0019", "refs": [ "http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf", "https://attack.mitre.org/groups/G0019", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf", "https://securelist.com/the-naikon-apt/69953/" ], "synonyms": [ "Naikon" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "007b44b6-e4c5-480b-b5b9-56f2081b1b7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "22addc7b-b39f-483d-979a-1b35147da5de", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "22b17791-45bf-45c0-9322-ff1a0af5cf2b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "29231689-5837-4a7a-aafc-1b65b3f50cc7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3161d76a-e2b2-4b97-9906-24909b735386", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7f8730af-f683-423f-9ee1-5f6875a80481", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8c553311-0baa-4146-997a-f79acef3d831", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050", "value": "Naikon - G0019" }, { "description": "[Silence](https://attack.mitre.org/groups/G0091) is a financially motivated threat actor targeting financial institutions in different countries. The group was first seen in June 2016. Their main targets reside in Russia, Ukraine, Belarus, Azerbaijan, Poland and Kazakhstan. They compromised various banking systems, including the Russian Central Bank's Automated Workstation Client, ATMs, and card processing.(Citation: Cyber Forensicator Silence Jan 2019)(Citation: SecureList Silence Nov 2017) ", "meta": { "external_id": "G0091", "refs": [ "https://attack.mitre.org/groups/G0091", "https://cyberforensicator.com/2019/01/20/silence-dissecting-malicious-chm-files-and-performing-forensic-analysis/", "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf", "https://securelist.com/the-silence/83009/" ], "synonyms": [ "Silence", "Whisper Spider" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "96fd6cc4-a693-4118-83ec-619e5352d07d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "d13c8a7f-740b-4efa-a232-de7d6bb05321", "value": "Silence - G0091" }, { "description": "[APT3](https://attack.mitre.org/groups/G0022) is a China-based threat group that researchers have attributed to China's Ministry of State Security.(Citation: FireEye Clandestine Wolf)(Citation: Recorded Future APT3 May 2017) This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap.(Citation: FireEye Clandestine Wolf)(Citation: FireEye Operation Double Tap) As of June 2015, the group appears to have shifted from targeting primarily US victims to primarily political organizations in Hong Kong.(Citation: Symantec Buckeye)\n\nIn 2017, MITRE developed an APT3 Adversary Emulation Plan.(Citation: APT3 Adversary Emulation Plan)", "meta": { "external_id": "G0022", "refs": [ "http://pwc.blogs.com/cyber_security_updates/2015/07/pirpi-scanbox.html", "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong", "https://attack.mitre.org/docs/APT3_Adversary_Emulation_Plan.pdf", "https://attack.mitre.org/groups/G0022", "https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html", "https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html", "https://www.recordedfuture.com/chinese-mss-behind-apt3/" ], "synonyms": [ "APT3", "Gothic Panda", "Pirpi", "UPS Team", "Buckeye", "Threat Group-0110", "TG-0110" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4e6b9625-bbda-4d96-a652-b3bb45453f26", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58adaaa8-f1e8-4606-9a08-422e568461eb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c9703cd3-141c-43a0-a926-380082be5d04", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d144c83e-2302-4947-9e24-856fbf7949ae", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6d1d2cb-12f5-4221-9636-44606ea1f3f8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "0bbdf25b-30ff-4894-a1cd-49260d0dd2d9", "value": "APT3 - G0022" }, { "description": "[APT38](https://attack.mitre.org/groups/G0082) is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020) Active since at least 2014, [APT38](https://attack.mitre.org/groups/G0082) has targeted banks, financial institutions, casinos, cryptocurrency exchanges, SWIFT system endpoints, and ATMs in at least 38 countries worldwide. Significant operations include the 2016 Bank of Bangladesh heist, during which [APT38](https://attack.mitre.org/groups/G0082) stole $81 million, as well as attacks against Bancomext (2018) and Banco de Chile (2018); some of their attacks have been destructive.(Citation: CISA AA20-239A BeagleBoyz August 2020)(Citation: FireEye APT38 Oct 2018)(Citation: DOJ North Korea Indictment Feb 2021)(Citation: Kaspersky Lazarus Under The Hood Blog 2017)\n\nNorth Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.", "meta": { "external_id": "G0082", "refs": [ "https://attack.mitre.org/groups/G0082", "https://content.fireeye.com/apt/rpt-apt38", "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf", "https://securelist.com/lazarus-under-the-hood/77908/", "https://us-cert.cisa.gov/ncas/alerts/aa20-239a", "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-april-stardust-chollima/", "https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and", "https://www.secureworks.com/research/threat-profiles/nickel-gladstone" ], "synonyms": [ "APT38", "NICKEL GLADSTONE", "BeagleBoyz", "Bluenoroff", "Stardust Chollima" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "454fe82d-6fd2-4ac6-91ab-28a33fe01369", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53ab35c2-d00e-491a-8753-41d35ae7e547", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f504411-cb96-4dac-a537-8d2bb7679c59", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e221eb77-1502-4129-af1d-fe1ad55e7ec6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6f4af06-fbb5-5471-82ae-b0bdb4d446ce", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "e928333f-f3df-4039-9b8b-556c2add0e42", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "00f67a77-86a4-4adf-be26-1a54fc713340", "value": "APT38 - G0082" }, { "description": "[TA459](https://attack.mitre.org/groups/G0062) is a threat group believed to operate out of China that has targeted countries including Russia, Belarus, Mongolia, and others. (Citation: Proofpoint TA459 April 2017)", "meta": { "external_id": "G0062", "refs": [ "https://attack.mitre.org/groups/G0062", "https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts" ], "synonyms": [ "TA459" ] }, "related": [ { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4ab44516-ad75-4e43-a280-705dc0420e2f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c6472ae1-c6ad-4cf1-8d6e-8c94b94fe314", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "cafd0bf8-2b9c-46c7-ae3c-3e0f42c5062e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "62a64fd3-aaf7-4d09-a375-d6f8bb118481", "value": "TA459 - G0062" }, { "meta": { "external_id": "G0042", "refs": [ "https://attack.mitre.org/groups/G0042" ] }, "related": [ { "dest-uuid": "17862c7d-9e60-48a0-b48e-da4dc4c3f6b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "revoked-by" }, { "dest-uuid": "18d473a5-831b-47a5-97a1-a32156299825", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" } ], "uuid": "9559ecaf-2e75-48a7-aee8-9974020bc772", "value": "MONSOON - G0042" }, { "description": "[CopyKittens](https://attack.mitre.org/groups/G0052) is an Iranian cyber espionage group that has been operating since at least 2013. It has targeted countries including Israel, Saudi Arabia, Turkey, the U.S., Jordan, and Germany. The group is responsible for the campaign known as Operation Wilted Tulip.(Citation: ClearSky CopyKittens March 2017)(Citation: ClearSky Wilted Tulip July 2017)(Citation: CopyKittens Nov 2015)", "meta": { "external_id": "G0052", "refs": [ "http://www.clearskysec.com/copykitten-jpost/", "http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf", "https://attack.mitre.org/groups/G0052", "https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf" ], "synonyms": [ "CopyKittens" ] }, "related": [ { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0b32ec39-ba61-4864-9ebe-b4b0b73caf9a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1cc934e4-b01d-4543-a011-b988dfc1a458", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8cca9a1d-66e4-4bc4-ad49-95f759f4c1ae", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "dcd81c6e-ebf7-4a16-93e0-9a97fa49c88a", "value": "CopyKittens - G0052" }, { "description": "[Honeybee](https://attack.mitre.org/groups/G0072) is a campaign led by an unknown actor that targets humanitarian aid organizations and has been active in Vietnam, Singapore, Argentina, Japan, Indonesia, and Canada. It has been an active operation since August of 2017 and as recently as February 2018. (Citation: McAfee Honeybee)", "meta": { "external_id": "G0072", "refs": [ "https://attack.mitre.org/groups/G0072", "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/" ], "synonyms": [ "Honeybee" ] }, "related": [], "uuid": "ebb73863-fa44-4617-b4cb-b9ed3414eb87", "value": "Honeybee - G0072" }, { "description": "[APT33](https://attack.mitre.org/groups/G0064) is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors. (Citation: FireEye APT33 Sept 2017) (Citation: FireEye APT33 Webinar Sept 2017)", "meta": { "external_id": "G0064", "refs": [ "https://attack.mitre.org/groups/G0064", "https://www.brighttalk.com/webcast/10703/275683", "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html", "https://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint/", "https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage" ], "synonyms": [ "APT33", "HOLMIUM", "Elfin" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2a70812b-f1ef-44db-8578-a496a227aef2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4b57c098-f043-4da2-83ef-7588a6d426bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f69ec6d-cb6b-42af-b8e2-920a2aa4be10", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8dbadf80-468c-4a62-b817-4e4d8b606887", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "90ac9266-68ce-46f2-b24f-5eb3b2a8ea38", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4d80f8b-d2b9-4448-8844-4bef777ed676", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cb69b20d-56d0-41ab-8440-4a4b251614d4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e85cae1a-bce3-4ac4-b36b-b00acac0567b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f5352566-1a64-49ac-8f7f-97e1d1a03300", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "fbd29c89-18ba-4c2d-b792-51c0adee049f", "value": "APT33 - G0064" }, { "description": "APT34 is an Iranian cyber espionage group that has been active since at least 2014. The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. FireEye assesses that the group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests. APT34 loosely aligns with public reporting related to OilRig, but may not wholly align due to companies tracking threat groups in different ways. (Citation: FireEye APT34 Dec 2017)", "meta": { "external_id": "G0057", "refs": [ "https://attack.mitre.org/groups/G0057" ] }, "related": [ { "dest-uuid": "4ca1929c-7d64-4aab-b849-badbfc0c760d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "revoked-by" } ], "uuid": "68ba94ab-78b8-43e7-83e2-aed3466882c6", "value": "APT34 - G0057" }, { "description": "[Group5](https://attack.mitre.org/groups/G0043) is a threat group with a suspected Iranian nexus, though this attribution is not definite. The group has targeted individuals connected to the Syrian opposition via spearphishing and watering holes, normally using Syrian and Iranian themes. [Group5](https://attack.mitre.org/groups/G0043) has used two commonly available remote access tools (RATs), [njRAT](https://attack.mitre.org/software/S0385) and [NanoCore](https://attack.mitre.org/software/S0336), as well as an Android RAT, DroidJack. (Citation: Citizen Lab Group5)", "meta": { "external_id": "G0043", "refs": [ "https://attack.mitre.org/groups/G0043", "https://citizenlab.ca/2016/08/group5-syria/" ], "synonyms": [ "Group5" ] }, "related": [ { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4d80f8b-d2b9-4448-8844-4bef777ed676", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "7331c66a-5601-4d3f-acf6-ad9e3035eb40", "value": "Group5 - G0043" }, { "description": "[FIN5](https://attack.mitre.org/groups/G0053) is a financially motivated threat group that has targeted personally identifiable information and payment card information. The group has been active since at least 2008 and has targeted the restaurant, gaming, and hotel industries. The group is made up of actors who likely speak Russian. (Citation: FireEye Respond Webinar July 2017) (Citation: Mandiant FIN5 GrrCON Oct 2016) (Citation: DarkReading FireEye FIN5 Oct 2015)", "meta": { "external_id": "G0053", "refs": [ "https://attack.mitre.org/groups/G0053", "https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?", "https://www.youtube.com/watch?v=fevGZs0EQu8", "https://www2.fireeye.com/WBNR-Are-you-ready-to-respond.html" ], "synonyms": [ "FIN5" ] }, "related": [ { "dest-uuid": "0e18b800-906c-4e44-a143-b11c72b3448b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9752aef4-a1f3-4328-929f-b64eb0536090", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "85403903-15e0-4f9f-9be4-a259ecad4022", "value": "FIN5 - G0053" }, { "description": "[Dragonfly](https://attack.mitre.org/groups/G0035) is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16.(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022) Active since at least 2010, [Dragonfly](https://attack.mitre.org/groups/G0035) has targeted defense and aviation companies, government entities, companies related to industrial control systems, and critical infrastructure sectors worldwide through supply chain, spearphishing, and drive-by compromise attacks.(Citation: Symantec Dragonfly)(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Symantec Dragonfly Sept 2017)(Citation: Fortune Dragonfly 2.0 Sept 2017)(Citation: Gigamon Berserk Bear October 2021)(Citation: CISA AA20-296A Berserk Bear December 2020)(Citation: Symantec Dragonfly 2.0 October 2017)", "meta": { "external_id": "G0035", "refs": [ "http://fortune.com/2017/09/06/hack-energy-grid-symantec/", "https://attack.mitre.org/groups/G0035", "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7382dce7-0260-4782-84cc-890971ed3f17&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks", "https://vblocalhost.com/uploads/VB2021-Slowik.pdf", "https://www.cisa.gov/uscert/ncas/alerts/aa20-296a#revisions", "https://www.dragos.com/threat/dymalloy/", "https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet", "https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical", "https://www.mandiant.com/resources/ukraine-crisis-cyber-threats", "https://www.secureworks.com/research/mcmd-malware-analysis", "https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector", "https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector" ], "synonyms": [ "Dragonfly", "TEMP.Isotope", "DYMALLOY", "Berserk Bear", "TG-4192", "Crouching Yeti", "IRON LIBERTY", "Energetic Bear" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "083bb47b-02c8-4423-81a2-f9ef58572974", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a63f900-5e7e-4928-a746-dd4558e1df71", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64d6559c-6d5c-4585-bbf9-c17868f763ee", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "6ee2dc99-91ad-4534-a7d8-a649358c331f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "82cb34ba-02b5-432b-b2d2-07f55cbf674d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "975737f1-b10d-476f-8bda-3ec26ea57172", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c4810609-7da6-48ec-8057-1b70a7814db0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1", "value": "Dragonfly - G0035" }, { "description": "[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East. [APT37](https://attack.mitre.org/groups/G0067) has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018.(Citation: FireEye APT37 Feb 2018)(Citation: Securelist ScarCruft Jun 2016)(Citation: Talos Group123)\n\nNorth Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.", "meta": { "external_id": "G0067", "refs": [ "https://attack.mitre.org/groups/G0067", "https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html", "https://securelist.com/operation-daybreak/75100/", "https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/", "https://www.crowdstrike.com/adversaries/ricochet-chollima/", "https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/", "https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf" ], "synonyms": [ "APT37", "InkySquid", "ScarCruft", "Reaper", "Group123", "TEMP.Reaper", "Ricochet Chollima" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0852567d-7958-4f4b-8947-4f840ec8d57d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "211cfe9f-2676-4e1c-a5f5-2c8091da2a68", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "414dc555-c79e-4b24-a2da-9b607f7eaf16", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4189a679-72ed-4a89-a57c-7f689712ecf8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "49abab73-3c5c-476e-afd5-69b5c732d845", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "50cd027f-df14-40b2-aa22-bf5de5061163", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "53a42597-1974-4b8e-84fd-3675e8992053", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53d47b09-09c2-4015-8d37-6633ecd53f79", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "96c3508e-f5f9-52b4-9d1e-b246d68f643d", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2282af0-f9dd-4373-9b92-eaf9e11e0c71", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "4a2ce82e-1a74-468a-a6fb-bbead541383c", "value": "APT37 - G0067" }, { "description": "[FIN6](https://attack.mitre.org/groups/G0037) is a cyber crime group that has stolen payment card data and sold it for profit on underground marketplaces. This group has aggressively targeted and compromised point of sale (PoS) systems in the hospitality and retail sectors.(Citation: FireEye FIN6 April 2016)(Citation: FireEye FIN6 Apr 2019)", "meta": { "external_id": "G0037", "refs": [ "https://attack.mitre.org/groups/G0037", "https://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report", "https://securityintelligence.com/posts/itg08-aka-fin6-partners-with-trickbot-gang-uses-anchor-framework/", "https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/", "https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html", "https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf" ], "synonyms": [ "FIN6", "Magecart Group 6", "ITG08", "Skeleton Spider" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1cdbbcab-903a-414d-8eb0-439a97343737", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "432555de-63bf-4f2a-a3fa-f720a4561078", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5af7a825-2d9f-400d-931a-e00eb9e27f48", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "647894f6-1723-4cba-aba4-0ef0966d5302", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a020a61c-423f-4195-8c46-ba1d21abba37", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bfd2738c-8b43-43c3-bc9f-d523c8e88bf4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c9b99d03-ff11-4a48-95f0-82660d582c25", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d9f7383c-95ec-4080-bbce-121c9384457b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "2a7914cf-dff3-428d-ab0f-1014d1c28aeb", "value": "FIN6 - G0037" }, { "description": "[GCMAN](https://attack.mitre.org/groups/G0036) is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. (Citation: Securelist GCMAN)", "meta": { "external_id": "G0036", "refs": [ "https://attack.mitre.org/groups/G0036", "https://securelist.com/apt-style-bank-robberies-increase-with-metel-gcman-and-carbanak-2-0-attacks/73638/" ], "synonyms": [ "GCMAN" ] }, "related": [ { "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d93889de-b4bc-4a29-9ce7-d67717c140a0", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" } ], "uuid": "0ea72cd5-ca30-46ba-bc04-378f701c658f", "value": "GCMAN - G0036" }, { "description": "[BlackOasis](https://attack.mitre.org/groups/G0063) is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group has shown interest in prominent figures in the United Nations, as well as opposition bloggers, activists, regional news correspondents, and think tanks. (Citation: Securelist BlackOasis Oct 2017) (Citation: Securelist APT Trends Q2 2017) A group known by Microsoft as [NEODYMIUM](https://attack.mitre.org/groups/G0055) is reportedly associated closely with [BlackOasis](https://attack.mitre.org/groups/G0063) operations, but evidence that the group names are aliases has not been identified. (Citation: CyberScoop BlackOasis Oct 2017)", "meta": { "external_id": "G0063", "refs": [ "https://attack.mitre.org/groups/G0063", "https://securelist.com/apt-trends-report-q2-2017/79332/", "https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/", "https://www.cyberscoop.com/middle-eastern-hacking-group-using-finfisher-malware-conduct-international-espionage/" ], "synonyms": [ "BlackOasis" ] }, "related": [ { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "da49b9f1-ca99-443f-9728-0a074db66850", "value": "BlackOasis - G0063" }, { "description": "[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since at least 2014. [APT39](https://attack.mitre.org/groups/G0087) has primarily targeted the travel, hospitality, academic, and telecommunications industries in Iran and across Asia, Africa, Europe, and North America to track individuals and entities considered to be a threat by the MOIS.(Citation: FireEye APT39 Jan 2019)(Citation: Symantec Chafer Dec 2015)(Citation: FBI FLASH APT39 September 2020)(Citation: Dept. of Treasury Iran Sanctions September 2020)(Citation: DOJ Iran Indictments September 2020)", "meta": { "external_id": "G0087", "refs": [ "https://attack.mitre.org/groups/G0087", "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf", "https://home.treasury.gov/news/press-releases/sm1127", "https://www.darkreading.com/attacks-breaches/iran-ups-its-traditional-cyber-espionage-tradecraft/d/d-id/1333764", "https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html", "https://www.iranwatch.org/sites/default/files/public-intelligence-alert.pdf", "https://www.justice.gov/opa/pr/department-justice-and-partner-departments-and-agencies-conduct-coordinated-actions-disrupt", "https://www.symantec.com/connect/blogs/iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets" ], "synonyms": [ "APT39", "ITG07", "Chafer", "Remix Kitten" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a705b085-1eae-455e-8f4d-842483d814eb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c4810609-7da6-48ec-8057-1b70a7814db0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfa03c7d-79ed-4ce2-b9d1-ddc9dbf56ad2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ecc2f65a-b452-4eaf-9689-7e181f17f7a5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "44e43fad-ffcb-4210-abcf-eaaed9735f80", "value": "APT39 - G0087" }, { "description": "[SilverTerrier](https://attack.mitre.org/groups/G0083) is a Nigerian threat group that has been seen active since 2014. [SilverTerrier](https://attack.mitre.org/groups/G0083) mainly targets organizations in high technology, higher education, and manufacturing.(Citation: Unit42 SilverTerrier 2018)(Citation: Unit42 SilverTerrier 2016)", "meta": { "external_id": "G0083", "refs": [ "https://attack.mitre.org/groups/G0083", "https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/whitepapers/unit42-silverterrier-rise-of-nigerian-business-email-compromise", "https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/silverterrier-next-evolution-in-nigerian-cybercrime.pdf" ], "synonyms": [ "SilverTerrier" ] }, "related": [ { "dest-uuid": "2a70812b-f1ef-44db-8578-a496a227aef2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53ab35c2-d00e-491a-8753-41d35ae7e547", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "851e071f-208d-4c79-adc6-5974c85c78f3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4d80f8b-d2b9-4448-8844-4bef777ed676", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cb741463-f0fe-42e0-8d45-bc7e8335f5ae", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e7a5229f-05eb-440e-b982-9a6d2b2b87c8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "76565741-3452-4069-ab08-80c0ea95bbeb", "value": "SilverTerrier - G0083" }, { "description": "[GALLIUM](https://attack.mitre.org/groups/G0093) is a cyberespionage group that has been active since at least 2012, primarily targeting telecommunications companies, financial institutions, and government entities in Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia, and Vietnam. Security researchers have identified [GALLIUM](https://attack.mitre.org/groups/G0093) as a likely Chinese state-sponsored group, based in part on tools used and TTPs commonly associated with Chinese threat actors.(Citation: Cybereason Soft Cell June 2019)(Citation: Microsoft GALLIUM December 2019)(Citation: Unit 42 PingPull Jun 2022)", "meta": { "external_id": "G0093", "refs": [ "https://attack.mitre.org/groups/G0093", "https://unit42.paloaltonetworks.com/pingpull-gallium/", "https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers", "https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/" ], "synonyms": [ "GALLIUM", "Operation Soft Cell" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3a0f6128-0a01-421d-8eca-e57d8671b1f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "63c4511b-2d6e-4bb2-b582-e2e99a8a467d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "06a11b7e-2a36-47fe-8d3e-82c265df3258", "value": "GALLIUM - G0093" }, { "description": "[Suckfly](https://attack.mitre.org/groups/G0039) is a China-based threat group that has been active since at least 2014. (Citation: Symantec Suckfly March 2016)", "meta": { "external_id": "G0039", "refs": [ "http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks", "http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates", "https://attack.mitre.org/groups/G0039" ], "synonyms": [ "Suckfly" ] }, "related": [ { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5abb12e7-5066-4f84-a109-49a037205c76", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "9e9b9415-a7df-406b-b14d-92bfe6809fbe", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "5cbe0d3b-6fb1-471f-b591-4b192915116d", "value": "Suckfly - G0039" }, { "description": "[FIN4](https://attack.mitre.org/groups/G0085) is a financially-motivated threat group that has targeted confidential information related to the public financial market, particularly regarding healthcare and pharmaceutical companies, since at least 2013.(Citation: FireEye Hacking FIN4 Dec 2014)(Citation: FireEye FIN4 Stealing Insider NOV 2014) [FIN4](https://attack.mitre.org/groups/G0085) is unique in that they do not infect victims with typical persistent malware, but rather they focus on capturing credentials authorized to access email and other non-public correspondence.(Citation: FireEye Hacking FIN4 Dec 2014)(Citation: FireEye Hacking FIN4 Video Dec 2014)", "meta": { "external_id": "G0085", "refs": [ "https://attack.mitre.org/groups/G0085", "https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html", "https://www.mandiant.com/sites/default/files/2021-09/rpt-fin4.pdf", "https://www2.fireeye.com/WBNR-14Q4NAMFIN4.html" ], "synonyms": [ "FIN4" ] }, "related": [ { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0cf55441-b176-4332-89e7-2c4c7799d0ff", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "d0b3393b-3bec-4ba3-bda9-199d30db47b6", "value": "FIN4 - G0085" }, { "description": "[menuPass](https://attack.mitre.org/groups/G0045) is a threat group that has been active since at least 2006. Individual members of [menuPass](https://attack.mitre.org/groups/G0045) are known to have acted in association with the Chinese Ministry of State Security's (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company.(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)\n\n[menuPass](https://attack.mitre.org/groups/G0045) has targeted healthcare, defense, aerospace, finance, maritime, biotechnology, energy, and government sectors globally, with an emphasis on Japanese organizations. In 2016 and 2017, the group is known to have targeted managed IT service providers (MSPs), manufacturing and mining companies, and a university.(Citation: Palo Alto menuPass Feb 2017)(Citation: Crowdstrike CrowdCast Oct 2013)(Citation: FireEye Poison Ivy)(Citation: PWC Cloud Hopper April 2017)(Citation: FireEye APT10 April 2017)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)", "meta": { "external_id": "G0045", "refs": [ "http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/", "http://web.archive.org/web/20220810112638/https:/www.accenture.com/t20180423T055005Z_w_/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf", "https://attack.mitre.org/groups/G0045", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage", "https://web.archive.org/web/20220224041316/https:/www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf", "https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html", "https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html", "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf", "https://www.justice.gov/opa/page/file/1122671/download", "https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion", "https://www.slideshare.net/CrowdStrike/crowd-casts-monthly-you-have-an-adversary-problem" ], "synonyms": [ "menuPass", "Cicada", "POTASSIUM", "Stone Panda", "APT10", "Red Apollo", "CVNX", "HOGFISH" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "17b40f60-729f-4fe8-8aea-cc9ee44a95d5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "292eb0c5-b8e8-4af6-9e8f-0fda6b4528d3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2f1a9fd0-3b7c-4d77-a358-78db13adbe78", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3240cbe4-c550-443b-aa76-cc2a7058b870", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "434ba392-ebdc-488b-b1ef-518deea65774", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "56b37b05-72e7-4a89-ba8a-61ce45269a8c", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7c58fff0-d206-4db1-96b1-e3a9e0e320b9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "94d6d788-07bb-4dcc-b62f-e02626b00108", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9de2308e-7bed-43a3-8e58-f194b3586700", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b77b563c-34bb-4fb8-86a3-3694338f7b47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bba595da-b73a-4354-aa6c-224d4de7cb4e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c256da91-6dd5-40b2-beeb-ee3b22ab3d27", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dc5d1a33-62aa-4a0c-aa8c-589b87beb11e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fb4e3792-e915-4fdd-a9cd-92dfa2ace7aa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f", "value": "menuPass - G0045" }, { "description": "[Sowbug](https://attack.mitre.org/groups/G0054) is a threat group that has conducted targeted attacks against organizations in South America and Southeast Asia, particularly government entities, since at least 2015. (Citation: Symantec Sowbug Nov 2017)", "meta": { "external_id": "G0054", "refs": [ "https://attack.mitre.org/groups/G0054", "https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments" ], "synonyms": [ "Sowbug" ] }, "related": [ { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "196f1f32-e0c2-4d46-99cd-234d4b6befe1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1ca3b039-404e-4132-88c2-4e41235cd2f5", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "96566860-9f11-4b6f-964d-1c924e4f24a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "d1acfbb3-647b-4723-9154-800ec119006e", "value": "Sowbug - G0054" }, { "description": "[FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. [FIN7](https://attack.mitre.org/groups/G0046) has primarily targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media, food and beverage, transportation, and utilities industries in the U.S. A portion of [FIN7](https://attack.mitre.org/groups/G0046) was run out of a front company called Combi Security and often used point-of-sale malware for targeting efforts. Since 2020, [FIN7](https://attack.mitre.org/groups/G0046) shifted operations to a big game hunting (BGH) approach including use of [REvil](https://attack.mitre.org/software/S0496) ransomware and their own Ransomware as a Service (RaaS), Darkside. FIN7 may be linked to the [Carbanak](https://attack.mitre.org/groups/G0008) Group, but there appears to be several groups using [Carbanak](https://attack.mitre.org/software/S0030) malware and are therefore tracked separately.(Citation: FireEye FIN7 March 2017)(Citation: FireEye FIN7 April 2017)(Citation: FireEye CARBANAK June 2017)(Citation: FireEye FIN7 Aug 2018)(Citation: CrowdStrike Carbon Spider August 2021)(Citation: Mandiant FIN7 Apr 2022)", "meta": { "external_id": "G0046", "refs": [ "http://blog.morphisec.com/fin7-attacks-restaurant-industry", "https://attack.mitre.org/groups/G0046", "https://securityintelligence.com/posts/ransomware-2020-attack-trends-new-techniques-affecting-organizations-worldwide/", "https://web.archive.org/web/20180808125108/https:/www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html", "https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-1/", "https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html", "https://www.fireeye.com/blog/threat-research/2017/05/fin7-shim-databases-persistence.html", "https://www.fireeye.com/blog/threat-research/2017/06/behind-the-carbanak-backdoor.html", "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html", "https://www.mandiant.com/resources/evolution-of-fin7", "https://www.secureworks.com/research/threat-profiles/gold-niagara" ], "synonyms": [ "FIN7", "GOLD NIAGARA", "ITG14", "Carbon Spider" ] }, "related": [ { "dest-uuid": "00220228-a5a4-4032-a30d-826bb55aa3fb", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "04fc1842-f9e4-47cf-8cb8-5c61becad142", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "065196de-d7e8-4888-acfb-b2134022ba1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0ced8926-914e-4c78-bc93-356fb90dbd1f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "17e919aa-4a49-445c-b103-dbb8df9e7351", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "56d10a7f-bb42-4267-9b4c-63abb9c06010", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "72f54d66-675d-4587-9bd3-4ed09f9522e4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8fc6c9e7-a162-4ca4-a488-f1819e9a7b06", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bd7a9e13-69fa-4243-a5e5-04326a63f9f2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c4810609-7da6-48ec-8057-1b70a7814db0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f559f945-eb8b-48b1-904c-68568deebed3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f59508a6-3615-47c3-b493-6676e1a39a87", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f74a5069-015d-4404-83ad-5ca01056c0dc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "3753cc21-2dae-4dfb-8481-d004e74502cc", "value": "FIN7 - G0046" }, { "description": "[Gallmaker](https://attack.mitre.org/groups/G0084) is a cyberespionage group that has targeted victims in the Middle East and has been active since at least December 2017. The group has mainly targeted victims in the defense, military, and government sectors.(Citation: Symantec Gallmaker Oct 2018)", "meta": { "external_id": "G0084", "refs": [ "https://attack.mitre.org/groups/G0084", "https://www.symantec.com/blogs/threat-intelligence/gallmaker-attack-group" ], "synonyms": [ "Gallmaker" ] }, "related": [ { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "2fd2be6a-d3a2-4a65-b499-05ea2693abee", "value": "Gallmaker - G0084" }, { "description": "[RTM](https://attack.mitre.org/groups/G0048) is a cybercriminal group that has been active since at least 2015 and is primarily interested in users of remote banking systems in Russia and neighboring countries. The group uses a Trojan by the same name ([RTM](https://attack.mitre.org/software/S0148)). (Citation: ESET RTM Feb 2017)", "meta": { "external_id": "G0048", "refs": [ "https://attack.mitre.org/groups/G0048", "https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf" ], "synonyms": [ "RTM" ] }, "related": [ { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92ec0cbd-2c30-44a2-b270-73f4ec949841", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "c416b28c-103b-4df1-909e-78089a7e0e5f", "value": "RTM - G0048" }, { "description": "[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially focused on targeting South Korean government entities, think tanks, and individuals identified as experts in various fields, and expanded its operations to include the United States, Russia, Europe, and the UN. [Kimsuky](https://attack.mitre.org/groups/G0094) has focused its intelligence collection activities on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions.(Citation: EST Kimsuky April 2019)(Citation: BRI Kimsuky April 2019)(Citation: Cybereason Kimsuky November 2020)(Citation: Malwarebytes Kimsuky June 2021)(Citation: CISA AA20-301A Kimsuky)\n\n[Kimsuky](https://attack.mitre.org/groups/G0094) was assessed to be responsible for the 2014 Korea Hydro & Nuclear Power Co. compromise; other notable campaigns include Operation STOLEN PENCIL (2018), Operation Kabar Cobra (2019), and Operation Smoke Screen (2019).(Citation: Netscout Stolen Pencil Dec 2018)(Citation: EST Kimsuky SmokeScreen April 2019)(Citation: AhnLab Kimsuky Kabar Cobra Feb 2019)\n\nNorth Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.", "meta": { "external_id": "G0094", "refs": [ "https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/", "https://attack.mitre.org/groups/G0094", "https://blog.alyac.co.kr/2234", "https://blog.alyac.co.kr/attachment/cfile5.uf@99A0CD415CB67E210DCEB3.pdf", "https://blog.malwarebytes.com/threat-analysis/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor/", "https://brica.de/alerts/alert/public/1255063/kimsuky-unveils-apt-campaign-smoke-screen-aimed-at-korea-and-america/", "https://global.ahnlab.com/global/upload/download/techreport/%5BAnalysis_Report%5DOperation%20Kabar%20Cobra.pdf", "https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/", "https://threatconnect.com/blog/kimsuky-phishing-operations-putting-in-work/", "https://us-cert.cisa.gov/ncas/alerts/aa20-301a", "https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite", "https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/" ], "synonyms": [ "Kimsuky", "STOLEN PENCIL", "Thallium", "Black Banshee", "Velvet Chollima" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "071d5d65-83ec-4a55-acfa-be7d5f28ba9a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "16cdd21f-da65-4e4f-bc04-dd7d198c7b26", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "28b97733-ef07-4414-aaa5-df50b2d30cc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "295721d2-ee20-4fa3-ade3-37f4146b4570", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5256c0f8-9108-4c92-8b09-482dfacdcd94", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6e561441-8431-4773-a9b8-ccf28ef6a968", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "76551c52-b111-4884-bc47-ff3e728f0156", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8bdfe255-e658-4ddd-a11c-b854762e451d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "937e4772-8441-4e4a-8bf0-8d447d667e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "98034fef-d9fb-4667-8dc4-2eab6231724c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b9799466-9dd7-4098-b2d6-f999ce50b9a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bbe5b322-e2af-4a5e-9625-a4e62bf84ed3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c9703cd3-141c-43a0-a926-380082be5d04", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1b7830a-fced-4be3-a99c-f495af9d9e1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edadea33-549c-4ed1-9783-8f5a5853cbdf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f4b843c1-7e92-4701-8fed-ce82f8be2636", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "0ec2f388-bf0f-4b5c-97b1-fc736d26c25f", "value": "Kimsuky - G0094" }, { "description": "[OilRig](https://attack.mitre.org/groups/G0049) is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including financial, government, energy, chemical, and telecommunications. It appears the group carries out supply chain attacks, leveraging the trust relationship between organizations to attack their primary targets. FireEye assesses that the group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests.(Citation: Palo Alto OilRig April 2017)(Citation: ClearSky OilRig Jan 2017)(Citation: Palo Alto OilRig May 2016)(Citation: Palo Alto OilRig Oct 2016)(Citation: Unit42 OilRig Playbook 2023)(Citation: FireEye APT34 Dec 2017)(Citation: Unit 42 QUADAGENT July 2018)", "meta": { "external_id": "G0049", "refs": [ "http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/", "http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/", "http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/", "http://www.clearskysec.com/oilrig/", "https://attack.mitre.org/groups/G0049", "https://pan-unit42.github.io/playbook_viewer/", "https://pan-unit42.github.io/playbook_viewer/?pb=evasive-serpens", "https://research.checkpoint.com/2021/irans-apt34-returns-with-an-updated-arsenal/", "https://researchcenter.paloaltonetworks.com/2018/07/unit42-oilrig-targets-technology-service-provider-government-agency-quadagent/", "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-november-helix-kitten/", "https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html", "https://www.secureworks.com/research/threat-profiles/cobalt-gypsy" ], "synonyms": [ "OilRig", "COBALT GYPSY", "IRN2", "APT34", "Helix Kitten", "Evasive Serpens" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0998045d-f96e-4284-95ce-3c8219707486", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09b2cd76-c674-47cc-9f57-d2f2ad150a46", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "294e2560-bd48-44b2-9da2-833b5588ad11", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42be2a84-5a5c-4c6d-9864-3f09d75bb0ba", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4664b683-f578-434f-919b-1c1aad2a1111", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4b346d12-7f91-48d2-8f06-b26ffa0d825b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5be33fef-39c0-4532-84ee-bea31e1b5324", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8e101fdd-9f7f-4916-bb04-6bd9e94c129c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a0082cfa-32e2-42b8-92d8-5c7a7409dcf1", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b9eec47e-98f4-4b3c-b574-3fa8a87ebe05", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf147104-abf9-4221-95d1-e81585859441", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cf23bf4a-e003-4116-bbae-1ea6c558d565", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d5268dfb-ae2b-4e0e-ac07-02a460613d8a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df4cd566-ff2f-4d08-976d-8c86e95782de", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eff1a885-6f90-42a1-901f-eef6e7a1905e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "4ca1929c-7d64-4aab-b849-badbfc0c760d", "value": "OilRig - G0049" }, { "description": "[NEODYMIUM](https://attack.mitre.org/groups/G0055) is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called [PROMETHIUM](https://attack.mitre.org/groups/G0056) due to overlapping victim and campaign characteristics. (Citation: Microsoft NEODYMIUM Dec 2016) (Citation: Microsoft SIR Vol 21) [NEODYMIUM](https://attack.mitre.org/groups/G0055) is reportedly associated closely with [BlackOasis](https://attack.mitre.org/groups/G0063) operations, but evidence that the group names are aliases has not been identified. (Citation: CyberScoop BlackOasis Oct 2017)", "meta": { "external_id": "G0055", "refs": [ "http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf", "https://attack.mitre.org/groups/G0055", "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/", "https://www.cyberscoop.com/middle-eastern-hacking-group-using-finfisher-malware-conduct-international-espionage/" ], "synonyms": [ "NEODYMIUM" ] }, "related": [ { "dest-uuid": "47b5007a-3fb1-466a-9578-629e6e735493", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "a8d3d497-2da9-4797-8e0b-ed176be08654", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ada08ea8-4517-4eea-aff1-3ad69e5466bb", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" } ], "uuid": "025bdaa9-897d-4bad-afa6-013ba5734653", "value": "NEODYMIUM - G0055" }, { "description": "[PROMETHIUM](https://attack.mitre.org/groups/G0056) is an activity group focused on espionage that has been active since at least 2012. The group has conducted operations globally with a heavy emphasis on Turkish targets. [PROMETHIUM](https://attack.mitre.org/groups/G0056) has demonstrated similarity to another activity group called [NEODYMIUM](https://attack.mitre.org/groups/G0055) due to overlapping victim and campaign characteristics.(Citation: Microsoft NEODYMIUM Dec 2016)(Citation: Microsoft SIR Vol 21)(Citation: Talos Promethium June 2020)", "meta": { "external_id": "G0056", "refs": [ "http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf", "https://attack.mitre.org/groups/G0056", "https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html", "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/", "https://www.bitdefender.com/files/News/CaseStudies/study/353/Bitdefender-Whitepaper-StrongPity-APT.pdf" ], "synonyms": [ "PROMETHIUM", "StrongPity" ] }, "related": [ { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1cec9319-743b-4840-bb65-431547bce82a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "20945359-3b39-4542-85ef-08ecb4e1c174", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "34b3f738-bd64-40e5-a112-29b0542bc8bf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "43894e2a-174e-4931-94a8-2296afe8f650", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "5744f91a-d2d8-4f92-920f-943dd80c578f", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "691c60e2-273d-4d56-9ce6-b67e0f8719ad", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8868cb5b-d575-4a60-acb2-07d37389a2fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "efed95ba-d7e8-47ff-8c53-99c42426ee7c", "value": "PROMETHIUM - G0056" }, { "description": "[Leviathan](https://attack.mitre.org/groups/G0065) is a Chinese state-sponsored cyber espionage group that has been attributed to the Ministry of State Security's (MSS) Hainan State Security Department and an affiliated front company.(Citation: CISA AA21-200A APT40 July 2021) Active since at least 2009, [Leviathan](https://attack.mitre.org/groups/G0065) has targeted the following sectors: academia, aerospace/aviation, biomedical, defense industrial base, government, healthcare, manufacturing, maritime, and transportation across the US, Canada, Europe, the Middle East, and Southeast Asia.(Citation: CISA AA21-200A APT40 July 2021)(Citation: Proofpoint Leviathan Oct 2017)(Citation: FireEye Periscope March 2018)", "meta": { "external_id": "G0065", "refs": [ "https://attack.mitre.org/groups/G0065", "https://us-cert.cisa.gov/ncas/alerts/aa21-200a", "https://www.accenture.com/us-en/blogs/cyber-defense/mudcarps-focus-on-submarine-technologies", "https://www.crowdstrike.com/blog/two-birds-one-stone-panda/", "https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html", "https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html", "https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/", "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets", "https://www.secureworks.com/research/threat-profiles/bronze-mohawk" ], "synonyms": [ "Leviathan", "MUDCARP", "Kryptonite Panda", "Gadolinium", "BRONZE MOHAWK", "TEMP.Jumper", "APT40", "TEMP.Periscope" ] }, "related": [ { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "049ff071-0b3c-4712-95d2-d21c6aa54501", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "06d735e7-1db1-4dbe-ab4b-acbe419f902b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0c8465c0-d0b4-4670-992e-4eee8d7ff952", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "242f3da3-4425-4d11-8f5c-b842886da966", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "274770e0-2612-4ccf-a678-ef8e7bad365d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57d83eac-a2ea-42b0-a7b2-c80c55157790", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5b4b6980-3bc7-11e8-84d6-879aaac37dd9", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64764dc6-a032-495f-8250-1e4c06bdc163", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65013dd2-bc61-43e3-afb5-a14c4fa7437a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "705f0783-5f7d-4491-b6b7-9628e6e006d2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7451bcf9-e6e6-4a70-bc3d-1599173d0035", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "94379dec-5c87-49db-b36e-66abc0b81344", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d69c8146-ab35-4d50-8382-6fc80e641d43", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "7113eaa5-ba79-4fb3-b68a-398ee9cd698e", "value": "Leviathan - G0065" }, { "description": "[Rancor](https://attack.mitre.org/groups/G0075) is a threat group that has led targeted campaigns against the South East Asia region. [Rancor](https://attack.mitre.org/groups/G0075) uses politically-motivated lures to entice victims to open malicious documents. (Citation: Rancor Unit42 June 2018)", "meta": { "external_id": "G0075", "refs": [ "https://attack.mitre.org/groups/G0075", "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/" ], "synonyms": [ "Rancor" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cde2d700-9ed1-46cf-9bce-07364fe8b24f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d186c1d6-e3ac-4c3d-a534-9ddfeb8c57bb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "f40eb8ce-2a74-4e56-89a1-227021410142", "value": "Rancor - G0075" }, { "description": "[Machete](https://attack.mitre.org/groups/G0095) is a suspected Spanish-speaking cyber espionage group that has been active since at least 2010. It has primarily focused its operations within Latin America, with a particular emphasis on Venezuela, but also in the US, Europe, Russia, and parts of Asia. [Machete](https://attack.mitre.org/groups/G0095) generally targets high-profile organizations such as government institutions, intelligence services, and military units, as well as telecommunications and power companies.(Citation: Cylance Machete Mar 2017)(Citation: Securelist Machete Aug 2014)(Citation: ESET Machete July 2019)(Citation: 360 Machete Sep 2020)", "meta": { "external_id": "G0095", "refs": [ "https://attack.mitre.org/groups/G0095", "https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/", "https://securelist.com/el-machete/66108/", "https://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html", "https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf" ], "synonyms": [ "Machete", "APT-C-43", "El Machete" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "35cd1d01-1ede-44d2-b073-a264d727bc04", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d0b9840d-efe2-5200-89d1-2f1a37737e30", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "38863958-a201-4ce1-9dbe-539b0b6804e0", "value": "Machete - G0095" }, { "description": "[Elderwood](https://attack.mitre.org/groups/G0066) is a suspected Chinese cyber espionage group that was reportedly responsible for the 2009 Google intrusion known as Operation Aurora. (Citation: Security Affairs Elderwood Sept 2012) The group has targeted defense organizations, supply chain manufacturers, human rights and nongovernmental organizations (NGOs), and IT service providers. (Citation: Symantec Elderwood Sept 2012) (Citation: CSM Elderwood Sept 2012)", "meta": { "external_id": "G0066", "refs": [ "http://securityaffairs.co/wordpress/8528/hacking/elderwood-project-who-is-behind-op-aurora-and-ongoing-attacks.html", "https://attack.mitre.org/groups/G0066", "https://web.archive.org/web/20190717233006/http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf", "https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China" ], "synonyms": [ "Elderwood", "Elderwood Gang", "Beijing Group", "Sneaky Panda" ] }, "related": [ { "dest-uuid": "039814a0-88de-46c5-a4fb-b293db21880a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "48523614-309e-43bf-a2b8-705c2b45d7b2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "73a4793a-ce55-4159-b2a6-208ef29b326f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "79499993-a8d6-45eb-b343-bf58dea5bdde", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c251e4a5-9a2e-4166-8e42-442af75c3b9a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "da754aeb-a86d-4874-b388-d1d2028a56be", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e811ff6a-4cef-4856-a6ae-a7daf9ed39ae", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e9e9bfe2-76f4-4870-a2a1-b7af89808613", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f4d8a2d6-c684-453a-8a14-cf4a94f755c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "03506554-5f37-4f8f-9ce4-0e9f01a1b484", "value": "Elderwood - G0066" }, { "description": "[Thrip](https://attack.mitre.org/groups/G0076) is an espionage group that has targeted satellite communications, telecoms, and defense contractor companies in the U.S. and Southeast Asia. The group uses custom malware as well as \"living off the land\" techniques. (Citation: Symantec Thrip June 2018)", "meta": { "external_id": "G0076", "refs": [ "https://attack.mitre.org/groups/G0076", "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets" ], "synonyms": [ "Thrip" ] }, "related": [ { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8d9e758b-735f-4cbc-ba7c-32cd15138b2a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "d69e568e-9ac8-4c08-b32c-d93b43ba9172", "value": "Thrip - G0076" }, { "description": "[PLATINUM](https://attack.mitre.org/groups/G0068) is an activity group that has targeted victims since at least 2009. The group has focused on targets associated with governments and related organizations in South and Southeast Asia. (Citation: Microsoft PLATINUM April 2016)", "meta": { "external_id": "G0068", "refs": [ "https://attack.mitre.org/groups/G0068", "https://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf" ], "synonyms": [ "PLATINUM" ] }, "related": [ { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f1ad2ef-41d4-4b7a-9304-ddae68ea3005", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "154e97b5-47ef-415a-99a6-2157f1b50339", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "1fc5671f-5757-43bf-8d6d-a9a93b03713a", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "de6cb631-52f6-4169-a73b-7965390b0c30", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e170995d-4f61-4f17-b60e-04f9a06ee517", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "f9c06633-dcff-48a1-8588-759e7cec5694", "value": "PLATINUM - G0068" }, { "description": "[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at least 2017, [MuddyWater](https://attack.mitre.org/groups/G0069) has targeted a range of government and private organizations across sectors, including telecommunications, local government, defense, and oil and natural gas organizations, in the Middle East, Asia, Africa, Europe, and North America.(Citation: Unit 42 MuddyWater Nov 2017)(Citation: Symantec MuddyWater Dec 2018)(Citation: ClearSky MuddyWater Nov 2018)(Citation: ClearSky MuddyWater June 2019)(Citation: Reaqta MuddyWater November 2017)(Citation: DHS CISA AA22-055A MuddyWater February 2022)(Citation: Talos MuddyWater Jan 2022)", "meta": { "external_id": "G0069", "refs": [ "https://attack.mitre.org/groups/G0069", "https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html", "https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/", "https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/", "https://www.anomali.com/blog/probable-iranian-cyber-actors-static-kitten-conducting-cyberespionage-campaign-targeting-uae-and-kuwait-government-agencies", "https://www.cisa.gov/uscert/ncas/alerts/aa22-055a", "https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf", "https://www.clearskysec.com/wp-content/uploads/2019/06/Clearsky-Iranian-APT-group-%E2%80%98MuddyWater%E2%80%99-Adds-Exploits-to-Their-Arsenal.pdf", "https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/", "https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html", "https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group", "https://www.trendmicro.com/en_us/research/21/c/earth-vetala---muddywater-continues-to-target-organizations-in-t.html" ], "synonyms": [ "MuddyWater", "Earth Vetala", "MERCURY", "Static Kitten", "Seedworm", "TEMP.Zagros" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03c6e0ea-96d3-4b23-9afb-05055663cf4b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "13cd9151-83b7-410d-9f98-25d0f0d1d80d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "73c4711b-407a-449d-b269-e3b1531fe7a9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e100ca4-e639-48d9-9a9d-8ad84aa7b448", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "80c815bb-b24a-4b9c-9d73-ff4c075a278d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "842976c7-f9c8-41b2-8371-41dc64fbe261", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a29af069-03c3-4534-b78b-7d1a77ea085b", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c19d19ae-dd58-4584-8469-966bbeaa80e3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c4810609-7da6-48ec-8057-1b70a7814db0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c8655260-9f4b-44e3-85e1-6538a5f6e4f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e355fc84-6f3c-4888-8e0a-d7fa9c378532", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e8545794-b98c-492b-a5b3-4b5a02682e37", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff41b9b6-4c1d-407b-a7e2-835109c8dbc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "269e8108-68c6-4f99-b911-14b2e765dec2", "value": "MuddyWater - G0069" }, { "description": "[Leafminer](https://attack.mitre.org/groups/G0077) is an Iranian threat group that has targeted government organizations and business entities in the Middle East since at least early 2017. (Citation: Symantec Leafminer July 2018)", "meta": { "external_id": "G0077", "refs": [ "https://attack.mitre.org/groups/G0077", "https://www.dragos.com/blog/20180802Raspite.html", "https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east" ], "synonyms": [ "Leafminer", "Raspite" ] }, "related": [ { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7007935a-a8a7-4c0b-bd98-4e85be8ed197", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "999c4e6e-b8dc-4b4f-8d6e-1b829f29997e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "32bca8ff-d900-4877-aa65-d70baa041b74", "value": "Leafminer - G0077" }, { "description": "[DarkHydrus](https://attack.mitre.org/groups/G0079) is a threat group that has targeted government agencies and educational institutions in the Middle East since at least 2016. The group heavily leverages open-source tools and custom payloads for carrying out attacks. (Citation: Unit 42 DarkHydrus July 2018) (Citation: Unit 42 Playbook Dec 2017)", "meta": { "external_id": "G0079", "refs": [ "https://attack.mitre.org/groups/G0079", "https://pan-unit42.github.io/playbook_viewer/", "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/" ], "synonyms": [ "DarkHydrus" ] }, "related": [ { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8ec6e3b4-b06d-4805-b6aa-af916acc2122", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "6b9ebeb5-20bf-48b0-afb7-988d769a2f01", "value": "DarkHydrus - G0079" }, { "description": "[BlackTech](https://attack.mitre.org/groups/G0098) is a suspected Chinese cyber espionage group that has primarily targeted organizations in East Asia--particularly Taiwan, Japan, and Hong Kong--and the US since at least 2013. [BlackTech](https://attack.mitre.org/groups/G0098) has used a combination of custom malware, dual-use tools, and living off the land tactics to compromise media, construction, engineering, electronics, and financial company networks.(Citation: TrendMicro BlackTech June 2017)(Citation: Symantec Palmerworm Sep 2020)(Citation: Reuters Taiwan BlackTech August 2020)", "meta": { "external_id": "G0098", "refs": [ "https://attack.mitre.org/groups/G0098", "https://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt", "https://www.ironnet.com/blog/china-cyber-attacks-the-current-threat-landscape", "https://www.reuters.com/article/us-taiwan-cyber-china/taiwan-says-china-behind-cyberattacks-on-government-agencies-emails-idUSKCN25F0JK" ], "synonyms": [ "BlackTech", "Palmerworm" ] }, "related": [ { "dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "592260fb-dd5c-4a30-8d99-106a0485be0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "76ac7989-c5cc-42e2-93e3-d6c476f01ace", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "77eae145-55db-4519-8ae5-77b0c7215d69", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b2d134a1-7bd5-4293-94d4-8fc978cb1cd7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b57f419e-8b12-49d3-886b-145383725dcd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f3f1fbed-7e29-49cb-8579-4a378f858deb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "6fe8a2a1-a1b0-4af8-953d-4babd329f8f8", "value": "BlackTech - G0098" }, { "description": "[TA2541](https://attack.mitre.org/groups/G1018) is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. [TA2541](https://attack.mitre.org/groups/G1018) campaigns are typically high volume and involve the use of commodity remote access tools obfuscated by crypters and themes related to aviation, transportation, and travel.(Citation: Proofpoint TA2541 February 2022)(Citation: Cisco Operation Layover September 2021)", "meta": { "external_id": "G1018", "refs": [ "https://attack.mitre.org/groups/G1018", "https://blog.talosintelligence.com/operation-layover-how-we-tracked-attack/", "https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight" ], "synonyms": [ "TA2541" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2a70812b-f1ef-44db-8578-a496a227aef2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4327aff5-f194-440c-b499-4d9730cc1eab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6a5947f3-1a36-4653-8734-526df3e1d28d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f8cd191-902c-4e83-bf20-b57c8c4640e9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bdb27a1d-1844-42f1-a0c0-826027ae0326", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d906e6f7-434c-44c0-b51a-ed50af8f7945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e7a5229f-05eb-440e-b982-9a6d2b2b87c8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "efece7e8-e40b-49c2-9f84-c55c5c93d05c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fde19a18-e502-467f-be14-58c71b4e7f4b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "467271fd-47c0-4e90-a3f9-d84f5cf790d0", "value": "TA2541 - G1018" }, { "description": "[FIN13](https://attack.mitre.org/groups/G1016) is a financially motivated cyber threat group that has targeted the financial, retail, and hospitality industries in Mexico and Latin America, as early as 2016. [FIN13](https://attack.mitre.org/groups/G1016) achieves its objectives by stealing intellectual property, financial data, mergers and acquisition information, or PII.(Citation: Mandiant FIN13 Aug 2022)(Citation: Sygnia Elephant Beetle Jan 2022)", "meta": { "external_id": "G1016", "refs": [ "https://attack.mitre.org/groups/G1016", "https://f.hubspotusercontent30.net/hubfs/8776530/Sygnia-%20Elephant%20Beetle_Jan2022.pdf?__hstc=147695848.3e8f1a482c8f8d4531507747318e660b.1680005306711.1680005306711.1680005306711.1&__hssc=147695848.1.1680005306711&__hsfp=3000179024&hsCtaTracking=189ec409-ae2d-4909-8bf1-62dcdd694372%7Cca91d317-8f10-4a38-9f80-367f551ad64d", "https://www.mandiant.com/resources/blog/fin13-cybercriminal-mexico" ], "synonyms": [ "FIN13", "Elephant Beetle" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3433a9e8-1c47-4320-b9bf-ed449061d1c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "34ab90a3-05f6-4259-8f21-621081fdaba5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5282dd9a-d26d-4e16-88b7-7c0f4553daf4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6151cbea-819b-455a-9fa6-99a1cc58797d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "851e071f-208d-4c79-adc6-5974c85c78f3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8cdeb020-e31e-4f88-a582-f53dcfbda819", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "fd66436e-4d33-450e-ac4c-f7810f1c85f4", "value": "FIN13 - G1016" }, { "description": "[UNC2452](https://attack.mitre.org/groups/G0118) is a suspected Russian state-sponsored threat group responsible for the 2020 SolarWinds software supply chain intrusion.(Citation: FireEye SUNBURST Backdoor December 2020) Victims of this campaign include government, consulting, technology, telecom, and other organizations in North America, Europe, Asia, and the Middle East.(Citation: FireEye SUNBURST Backdoor December 2020) The group also compromised at least one think tank by late 2019.(Citation: Volexity SolarWinds)", "meta": { "external_id": "G0118", "refs": [ "https://attack.mitre.org/groups/G0118", "https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/", "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html", "https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/", "https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/" ], "synonyms": [ "UNC2452", "NOBELIUM", "StellarParticle", "Dark Halo" ] }, "related": [ { "dest-uuid": "899ce53f-13a0-479b-a0e4-67d46e241542", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "revoked-by" } ], "uuid": "dc5e2999-ca1a-47d4-8d12-a6984b138a1b", "value": "UNC2452 - G0118" }, { "description": "[TA551](https://attack.mitre.org/groups/G0127) is a financially-motivated threat group that has been active since at least 2018. (Citation: Secureworks GOLD CABIN) The group has primarily targeted English, German, Italian, and Japanese speakers through email-based malware distribution campaigns. (Citation: Unit 42 TA551 Jan 2021)", "meta": { "external_id": "G0127", "refs": [ "https://attack.mitre.org/groups/G0127", "https://unit42.paloaltonetworks.com/ta551-shathak-icedid/", "https://unit42.paloaltonetworks.com/valak-evolution/", "https://www.secureworks.com/research/threat-profiles/gold-cabin" ], "synonyms": [ "TA551", "GOLD CABIN", "Shathak" ] }, "related": [ { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1492d0f8-7e14-4af3-9239-bc3fe10d3407", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5147ef15-1cae-4707-8ea1-bee8d98b7f1d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ade37ada-14af-4b44-b36c-210eec255d53", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edc5e045-5401-42bb-ad92-52b5b2ee0de9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "94873029-f950-4268-9cfd-5032e15cb182", "value": "TA551 - G0127" }, { "description": "[CURIUM](https://attack.mitre.org/groups/G1012) is an Iranian threat group first reported in November 2021 that has invested in building a relationship with potential targets via social media over a period of months to establish trust and confidence before sending malware. Security researchers note [CURIUM](https://attack.mitre.org/groups/G1012) has demonstrated great patience and persistence by chatting with potential targets daily and sending benign files to help lower their security consciousness.(Citation: Microsoft Iranian Threat Actor Trends November 2021)", "meta": { "external_id": "G1012", "refs": [ "https://attack.mitre.org/groups/G1012", "https://www.microsoft.com/en-us/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021" ], "synonyms": [ "CURIUM" ] }, "related": [ { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "3ea7add5-5b8f-45d8-b1f1-905d2729d62a", "value": "CURIUM - G1012" }, { "description": "[Sidewinder](https://attack.mitre.org/groups/G0121) is a suspected Indian threat actor group that has been active since at least 2012. They have been observed targeting government, military, and business entities throughout Asia, primarily focusing on Pakistan, China, Nepal, and Afghanistan.(Citation: ATT Sidewinder January 2021)(Citation: Securelist APT Trends April 2018)(Citation: Cyble Sidewinder September 2020)", "meta": { "external_id": "G0121", "refs": [ "https://attack.mitre.org/groups/G0121", "https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf", "https://cybleinc.com/2020/09/26/sidewinder-apt-targets-with-futuristic-tactics-and-techniques/", "https://securelist.com/apt-trends-report-q1-2018/85280/" ], "synonyms": [ "Sidewinder", "T-APT-04", "Rattlesnake" ] }, "related": [ { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3dada716-34c3-506e-aa3a-1889bd975b4b", "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c8655260-9f4b-44e3-85e1-6538a5f6e4f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "3fc023b2-c5cc-481d-9c3e-70141ae1a87e", "value": "Sidewinder - G0121" }, { "description": "[Windshift](https://attack.mitre.org/groups/G0112) is a threat group that has been active since at least 2017, targeting specific individuals for surveillance in government departments and critical infrastructure across the Middle East.(Citation: SANS Windshift August 2018)(Citation: objective-see windtail1 dec 2018)(Citation: objective-see windtail2 jan 2019)", "meta": { "external_id": "G0112", "refs": [ "https://attack.mitre.org/groups/G0112", "https://objective-see.com/blog/blog_0x3B.html", "https://objective-see.com/blog/blog_0x3D.html", "https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1554718868.pdf" ], "synonyms": [ "Windshift", "Bahamut" ] }, "related": [ { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0d1f9f5b-11ea-42c3-b5f4-63cce0122541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6ffad4be-bfe0-424f-abde-4d9a84a800ad", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b1c95426-2550-4621-8028-ceebf28b3a47", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bb4387ab-7a51-468b-bf5f-a9a8612f0303", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c6421411-ae61-42bb-9098-73fddb315002", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e2ea7f6b-8d4f-49c3-819d-660530d12b77", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e422b6fa-4739-46b9-992e-82f1b350c780", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fcb11f06-ce0e-490b-bcc1-04a1623579f0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "afec6dc3-a18e-4b62-b1a4-5510e1a498d1", "value": "Windshift - G0112" }, { "description": "[Metador](https://attack.mitre.org/groups/G1013) is a suspected cyber espionage group that was first reported in September 2022. [Metador](https://attack.mitre.org/groups/G1013) has targeted a limited number of telecommunication companies, internet service providers, and universities in the Middle East and Africa. Security researchers named the group [Metador](https://attack.mitre.org/groups/G1013) based on the \"I am meta\" string in one of the group's malware samples and the expectation of Spanish-language responses from C2 servers.(Citation: SentinelLabs Metador Sept 2022)", "meta": { "external_id": "G1013", "refs": [ "https://assets.sentinelone.com/sentinellabs22/metador#page=1", "https://attack.mitre.org/groups/G1013" ], "synonyms": [ "Metador" ] }, "related": [ { "dest-uuid": "3be1fb7a-0f7e-415e-8e3a-74a80d596e68", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df350889-4de9-44e5-8cb3-888b8343e97c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "bfc5ddb3-4dfb-4278-8928-020e1b3feddd", "value": "Metador - G1013" }, { "description": "[Chimera](https://attack.mitre.org/groups/G0114) is a suspected China-based threat group that has been active since at least 2018 targeting the semiconductor industry in Taiwan as well as data from the airline industry.(Citation: Cycraft Chimera April 2020)(Citation: NCC Group Chimera January 2021)", "meta": { "external_id": "G0114", "refs": [ "https://attack.mitre.org/groups/G0114", "https://cycraft.com/download/CyCraft-Whitepaper-Chimera_V4.1.pdf", "https://research.nccgroup.com/2021/01/12/abusing-cloud-services-to-fly-under-the-radar/" ], "synonyms": [ "Chimera" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03342581-f790-4f03-ba41-e82e67392e23", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "066b057c-944e-4cfc-b654-e3dfba04b926", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bc76d0a4-db11-4551-9ac4-01a469cfb161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c256da91-6dd5-40b2-beeb-ee3b22ab3d27", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "8c1f0187-0826-4320-bddc-5f326cfcfe2c", "value": "Chimera - G0114" }, { "description": "[Gelsemium](https://attack.mitre.org/groups/G0141) is a cyberespionage group that has been active since at least 2014, targeting governmental institutions, electronics manufacturers, universities, and religious organizations in East Asia and the Middle East.(Citation: ESET Gelsemium June 2021)", "meta": { "external_id": "G0141", "refs": [ "https://attack.mitre.org/groups/G0141", "https://www.welivesecurity.com/wp-content/uploads/2021/06/eset_gelsemium.pdf" ], "synonyms": [ "Gelsemium" ] }, "uuid": "99910207-1741-4da1-9b5d-537410186b51", "value": "Gelsemium - G0141" }, { "description": "[LuminousMoth](https://attack.mitre.org/groups/G1014) is a Chinese-speaking cyber espionage group that has been active since at least October 2020. [LuminousMoth](https://attack.mitre.org/groups/G1014) has targeted high-profile organizations, including government entities, in Myanmar, the Philippines, Thailand, and other parts of Southeast Asia. Some security researchers have concluded there is a connection between [LuminousMoth](https://attack.mitre.org/groups/G1014) and [Mustang Panda](https://attack.mitre.org/groups/G0129) based on similar targeting and TTPs, as well as network infrastructure overlaps.(Citation: Kaspersky LuminousMoth July 2021)(Citation: Bitdefender LuminousMoth July 2021)", "meta": { "external_id": "G1014", "refs": [ "https://attack.mitre.org/groups/G1014", "https://securelist.com/apt-luminousmoth/103332/", "https://www.bitdefender.com/blog/labs/luminousmoth-plugx-file-exfiltration-and-persistence-revisited" ], "synonyms": [ "LuminousMoth" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "84ae8255-b4f4-4237-b5c5-e717405a9701", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a7881f21-e978-4fe4-af56-92c9416a2616", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "b7f627e2-0817-4cd5-8d50-e75f8aa85cc6", "value": "LuminousMoth - G1014" }, { "description": "[MoustachedBouncer](https://attack.mitre.org/groups/G1019) is a cyberespionage group that has been active since at least 2014 targeting foreign embassies in Belarus.(Citation: MoustachedBouncer ESET August 2023)", "meta": { "external_id": "G1019", "refs": [ "https://attack.mitre.org/groups/G1019", "https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/" ], "synonyms": [ "MoustachedBouncer" ] }, "related": [ { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "114fed8b-7eed-4136-8b9c-411c5c7fff4b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1fefb062-feda-484a-8f10-0cebf65e20e3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "43c9bc06-715b-42db-972f-52d25c09a20c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "91c57ed3-7c32-4c68-b388-7db00cb8dac6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e1445afd-c359-45ed-8f27-626dc4d5e157", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "7251b44b-6072-476c-b8d9-a6e32c355b28", "value": "MoustachedBouncer - G1019" }, { "description": "[CostaRicto](https://attack.mitre.org/groups/G0132) is a suspected hacker-for-hire cyber espionage campaign that has targeted multiple industries worldwide since at least 2019. [CostaRicto](https://attack.mitre.org/groups/G0132)'s targets, a large portion of which are financial institutions, are scattered across Europe, the Americas, Asia, Australia, and Africa, with a large concentration in South Asia.(Citation: BlackBerry CostaRicto November 2020)", "meta": { "external_id": "G0132", "refs": [ "https://attack.mitre.org/groups/G0132", "https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced" ], "synonyms": [ "CostaRicto" ] }, "related": [], "uuid": "bb82e0b0-6e9c-439f-970a-4c917a74c5f2", "value": "CostaRicto - G0132" }, { "description": "[Confucius](https://attack.mitre.org/groups/G0142) is a cyber espionage group that has primarily targeted military personnel, high-profile personalities, business persons, and government organizations in South Asia since at least 2013. Security researchers have noted similarities between [Confucius](https://attack.mitre.org/groups/G0142) and [Patchwork](https://attack.mitre.org/groups/G0040), particularly in their respective custom malware code and targets.(Citation: TrendMicro Confucius APT Feb 2018)(Citation: TrendMicro Confucius APT Aug 2021)(Citation: Uptycs Confucius APT Jan 2021)", "meta": { "external_id": "G0142", "refs": [ "https://attack.mitre.org/groups/G0142", "https://www.trendmicro.com/en_us/research/18/b/deciphering-confucius-cyberespionage-operations.html", "https://www.trendmicro.com/en_us/research/21/h/confucius-uses-pegasus-spyware-related-lures-to-target-pakistani.html", "https://www.uptycs.com/blog/confucius-apt-deploys-warzone-rat" ], "synonyms": [ "Confucius", "Confucius APT" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "15d78a95-af6a-4b06-8dae-76bedb0ec5a1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fde19a18-e502-467f-be14-58c71b4e7f4b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "feae299d-e34f-4fc9-8545-486d0905bd41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "6eded342-33e5-4451-b6b2-e1c62863129f", "value": "Confucius - G0142" }, { "description": "The [Windigo](https://attack.mitre.org/groups/G0124) group has been operating since at least 2011, compromising thousands of Linux and Unix servers using the [Ebury](https://attack.mitre.org/software/S0377) SSH backdoor to create a spam botnet. Despite law enforcement intervention against the creators, [Windigo](https://attack.mitre.org/groups/G0124) operators continued updating [Ebury](https://attack.mitre.org/software/S0377) through 2019.(Citation: ESET Windigo Mar 2014)(Citation: CERN Windigo June 2019)", "meta": { "external_id": "G0124", "refs": [ "https://attack.mitre.org/groups/G0124", "https://security.web.cern.ch/advisories/windigo/windigo.shtml", "https://www.welivesecurity.com/2014/03/18/operation-windigo-the-vivisection-of-a-large-linux-server-side-credential-stealing-malware-campaign/" ], "synonyms": [ "Windigo" ] }, "related": [ { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d6b3fcd0-1c86-4350-96f0-965ed02fcc51", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "4e868dad-682d-4897-b8df-2dc98f46c68a", "value": "Windigo - G0124" }, { "description": "[HAFNIUM](https://attack.mitre.org/groups/G0125) is a likely state-sponsored cyber espionage group operating out of China that has been active since at least January 2021. [HAFNIUM](https://attack.mitre.org/groups/G0125) primarily targets entities in the US across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.(Citation: Microsoft HAFNIUM March 2020)(Citation: Volexity Exchange Marauder March 2021)", "meta": { "external_id": "G0125", "refs": [ "https://attack.mitre.org/groups/G0125", "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/", "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/" ], "synonyms": [ "HAFNIUM", "Operation Exchange Marauder" ] }, "related": [ { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0dda99f0-4701-48ca-9774-8504922e92d3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "26c87906-d750-42c5-946c-d4162c73fc7b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "56f46b17-8cfa-46c0-b501-dd52fef394e2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "774ad5bb-2366-4c13-a8a9-65e50b292e7c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "988976ff-beeb-4fb5-b07d-ca7437ea66e8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9d48cab2-7929-4812-ad22-f536665f0109", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "2688b13e-8e71-405a-9c40-0dee94bddf87", "value": "HAFNIUM - G0125" }, { "description": "[Higaisa](https://attack.mitre.org/groups/G0126) is a threat group suspected to have South Korean origins. [Higaisa](https://attack.mitre.org/groups/G0126) has targeted government, public, and trade organizations in North Korea; however, they have also carried out attacks in China, Japan, Russia, Poland, and other nations. [Higaisa](https://attack.mitre.org/groups/G0126) was first disclosed in early 2019 but is assessed to have operated as early as 2009.(Citation: Malwarebytes Higaisa 2020)(Citation: Zscaler Higaisa 2020)(Citation: PTSecurity Higaisa 2020)", "meta": { "external_id": "G0126", "refs": [ "https://attack.mitre.org/groups/G0126", "https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/", "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/", "https://www.zscaler.com/blogs/security-research/return-higaisa-apt" ], "synonyms": [ "Higaisa" ] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0a68f1f1-da74-4d28-8d9a-696c082706cc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "64fa0de0-6240-41f4-8638-f4ca7ed528fd", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "54dfec3e-6464-4f74-9d69-b7c817b7e5a3", "value": "Higaisa - G0126" }, { "description": "[ZIRCONIUM](https://attack.mitre.org/groups/G0128) is a threat group operating out of China, active since at least 2017, that has targeted individuals associated with the 2020 US presidential election and prominent leaders in the international affairs community.(Citation: Microsoft Targeting Elections September 2020)(Citation: Check Point APT31 February 2021)", "meta": { "external_id": "G0128", "refs": [ "https://attack.mitre.org/groups/G0128", "https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/", "https://research.checkpoint.com/2021/the-story-of-jian/" ], "synonyms": [ "ZIRCONIUM", "APT31" ] }, "related": [ { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "4283ae19-69c7-4347-a35e-b56f08eb660b", "value": "ZIRCONIUM - G0128" }, { "description": "[BackdoorDiplomacy](https://attack.mitre.org/groups/G0135) is a cyber espionage threat group that has been active since at least 2017. [BackdoorDiplomacy](https://attack.mitre.org/groups/G0135) has targeted Ministries of Foreign Affairs and telecommunication companies in Africa, Europe, the Middle East, and Asia.(Citation: ESET BackdoorDiplomacy Jun 2021)", "meta": { "external_id": "G0135", "refs": [ "https://attack.mitre.org/groups/G0135", "https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/" ], "synonyms": [ "BackdoorDiplomacy" ] }, "related": [ { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "350f12cf-fd3b-4dad-b323-14b943090df4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a3a31fe-5a8f-48e1-bff0-a753e5b1be70", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "afc079f3-c0ea-4096-b75d-3f05338b7f60", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b63970b7-ddfb-4aee-97b1-80d335e033a8", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "9735c036-8ebe-47e9-9c77-b0ae656dab93", "value": "BackdoorDiplomacy - G0135" }, { "description": "[IndigoZebra](https://attack.mitre.org/groups/G0136) is a suspected Chinese cyber espionage group that has been targeting Central Asian governments since at least 2014.(Citation: HackerNews IndigoZebra July 2021)(Citation: Checkpoint IndigoZebra July 2021)(Citation: Securelist APT Trends Q2 2017)", "meta": { "external_id": "G0136", "refs": [ "https://attack.mitre.org/groups/G0136", "https://research.checkpoint.com/2021/indigozebra-apt-continues-to-attack-central-asia-with-evolving-tools/", "https://securelist.com/apt-trends-report-q2-2017/79332/", "https://thehackernews.com/2021/07/indigozebra-apt-hacking-campaign.html" ], "synonyms": [ "IndigoZebra" ] }, "related": [ { "dest-uuid": "21583311-6321-4891-8a37-3eb4e57b0fb1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "919a056e-5104-43b9-ad55-2ac929108b71", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b42378e0-f147-496f-992a-26a49705395b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "e5603ea8-4c36-40e7-b7af-a077d24fedc1", "value": "IndigoZebra - G0136" }, { "description": "[Andariel](https://attack.mitre.org/groups/G0138) is a North Korean state-sponsored threat group that has been active since at least 2009. [Andariel](https://attack.mitre.org/groups/G0138) has primarily focused its operations--which have included destructive attacks--against South Korean government agencies, military organizations, and a variety of domestic companies; they have also conducted cyber financial operations against ATMs, banks, and cryptocurrency exchanges. [Andariel](https://attack.mitre.org/groups/G0138)'s notable activity includes Operation Black Mine, Operation GoldenAxe, and Campaign Rifle.(Citation: FSI Andariel Campaign Rifle July 2017)(Citation: IssueMakersLab Andariel GoldenAxe May 2017)(Citation: AhnLab Andariel Subgroup of Lazarus June 2018)(Citation: TrendMicro New Andariel Tactics July 2018)(Citation: CrowdStrike Silent Chollima Adversary September 2021)\n\n[Andariel](https://attack.mitre.org/groups/G0138) is considered a sub-set of [Lazarus Group](https://attack.mitre.org/groups/G0032), and has been attributed to North Korea's Reconnaissance General Bureau.(Citation: Treasury North Korean Cyber Groups September 2019)\n\nNorth Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.", "meta": { "external_id": "G0138", "refs": [ "http://download.ahnlab.com/global/brochure/%5BAnalysis%5DAndariel_Group.pdf", "http://www.issuemakerslab.com/research3/", "https://adversary.crowdstrike.com/en-US/adversary/silent-chollima/", "https://attack.mitre.org/groups/G0138", "https://home.treasury.gov/news/press-releases/sm774", "https://www.fsec.or.kr/user/bbs/fsec/163/344/bbsDataView/1680.do", "https://www.trendmicro.com/en_us/research/18/g/new-andariel-reconnaissance-tactics-hint-at-next-targets.html" ], "synonyms": [ "Andariel", "Silent Chollima" ] }, "related": [ { "dest-uuid": "0dda99f0-4701-48ca-9774-8504922e92d3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "44c75271-0e4d-496f-ae0a-a6d883a42a65", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "88c621a7-aef9-4ae0-94e3-1fc87123eb24", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "baf60e1a-afe5-4d31-830f-1b1ba2351884", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "39d6890e-7f23-4474-b8ef-e7b0343c5fc8", "value": "Andariel - G0138" }, { "description": "[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.(Citation: Palo Alto Black-T October 2020)(Citation: Lacework TeamTNT May 2021)(Citation: Intezer TeamTNT September 2020)(Citation: Cado Security TeamTNT Worm August 2020)(Citation: Unit 42 Hildegard Malware)(Citation: Trend Micro TeamTNT)(Citation: ATT TeamTNT Chimaera September 2020)(Citation: Aqua TeamTNT August 2020)(Citation: Intezer TeamTNT Explosion September 2021)", "meta": { "external_id": "G0139", "refs": [ "https://attack.mitre.org/groups/G0139", "https://blog.aquasec.com/container-security-tnt-container-attack", "https://cybersecurity.att.com/blogs/labs-research/teamtnt-with-new-campaign-aka-chimaera", "https://documents.trendmicro.com/assets/white_papers/wp-tracking-the-activities-of-teamTNT.pdf", "https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/", "https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/", "https://www.cadosecurity.com/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials/", "https://www.intezer.com/blog/cloud-security/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/", "https://www.intezer.com/wp-content/uploads/2021/09/TeamTNT-Cryptomining-Explosion.pdf", "https://www.lacework.com/blog/taking-teamtnt-docker-images-offline/" ], "synonyms": [ "TeamTNT" ] }, "related": [ { "dest-uuid": "0470e792-32f8-46b0-a351-652bc35e9336", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "19bf235b-8620-4997-b5b4-94e0659ed7c3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40a1b8ec-7295-416c-a6b1-68181d86f120", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "55bb4471-ff1f-43b4-88c1-c9384ec47abf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "5a33468d-844d-4b1f-98c9-0e786c556b27", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "79dd477a-8226-4b3d-ad15-28623675f221", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "b76b2d94-60e4-4107-a903-4a3a7622fb3b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "db8f5003-3b20-48f0-9b76-123e44208120", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "tags": [ "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "uses" } ], "uuid": "35d1b3be-49d4-42f1-aaa6-ef159c880bca", "value": "TeamTNT - G0139" } ], "version": 32 }