Updated misp-galaxy taxonomy
parent
aed6de88e5
commit
6743d4a28c
|
@ -405,10 +405,6 @@
|
||||||
"expanded": "Preshin",
|
"expanded": "Preshin",
|
||||||
"value": "Preshin"
|
"value": "Preshin"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"expanded": "Rekaf",
|
|
||||||
"value": "Rekaf"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"expanded": "Oficla",
|
"expanded": "Oficla",
|
||||||
"value": "Oficla"
|
"value": "Oficla"
|
||||||
|
@ -746,11 +742,6 @@
|
||||||
"expanded": "Eloquent Panda",
|
"expanded": "Eloquent Panda",
|
||||||
"value": "Eloquent Panda"
|
"value": "Eloquent Panda"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"description": "A China-based actor that targets foreign embassies to collect data on government, defence, and technology sectors.",
|
|
||||||
"expanded": "Emissary Panda",
|
|
||||||
"value": "Emissary Panda"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"expanded": "Dizzy Panda",
|
"expanded": "Dizzy Panda",
|
||||||
"value": "Dizzy Panda"
|
"value": "Dizzy Panda"
|
||||||
|
@ -811,6 +802,7 @@
|
||||||
"value": "Hurricane Panda"
|
"value": "Hurricane Panda"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
"description": "A China-based actor that targets foreign embassies to collect data on government, defence, and technology sectors.",
|
||||||
"expanded": "Emissary Panda",
|
"expanded": "Emissary Panda",
|
||||||
"value": "Emissary Panda"
|
"value": "Emissary Panda"
|
||||||
},
|
},
|
||||||
|
@ -905,6 +897,7 @@
|
||||||
"value": "Flying Kitten"
|
"value": "Flying Kitten"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
"description": "While tracking a suspected Iran-based threat group known as Threat Group-2889[1] (TG-2889), Dell SecureWorks Counter Threat Unit\u2122 (CTU) researchers uncovered a network of fake LinkedIn profiles. These convincing profiles form a self-referenced network of seemingly established LinkedIn users. CTU researchers assess with high confidence the purpose of this network is to target potential victims through social engineering. Most of the legitimate LinkedIn accounts associated with the fake accounts belong to individuals in the Middle East, and CTU researchers assess with medium confidence that these individuals are likely targets of TG-2889.",
|
||||||
"expanded": "Cutting Kitten",
|
"expanded": "Cutting Kitten",
|
||||||
"value": "Cutting Kitten"
|
"value": "Cutting Kitten"
|
||||||
},
|
},
|
||||||
|
@ -930,11 +923,6 @@
|
||||||
"expanded": "Sands Casino",
|
"expanded": "Sands Casino",
|
||||||
"value": "Sands Casino"
|
"value": "Sands Casino"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"description": "While tracking a suspected Iran-based threat group known as Threat Group-2889[1] (TG-2889), Dell SecureWorks Counter Threat Unit\u2122 (CTU) researchers uncovered a network of fake LinkedIn profiles. These convincing profiles form a self-referenced network of seemingly established LinkedIn users. CTU researchers assess with high confidence the purpose of this network is to target potential victims through social engineering. Most of the legitimate LinkedIn accounts associated with the fake accounts belong to individuals in the Middle East, and CTU researchers assess with medium confidence that these individuals are likely targets of TG-2889.",
|
|
||||||
"expanded": "Threat Group-2889",
|
|
||||||
"value": "Threat Group-2889"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"expanded": "Rebel Jackal",
|
"expanded": "Rebel Jackal",
|
||||||
"value": "Rebel Jackal"
|
"value": "Rebel Jackal"
|
||||||
|
@ -1133,10 +1121,15 @@
|
||||||
"description": "Beginning in late 2012, a carefully orchestrated attack campaign we call Volatile Cedar has been targeting individuals, companies and institutions worldwide. This campaign, led by a persistent attacker group, has successfully penetrated a large number of targets using various attack techniques, and specifically, a custom-made malware implant codenamed Explosive .",
|
"description": "Beginning in late 2012, a carefully orchestrated attack campaign we call Volatile Cedar has been targeting individuals, companies and institutions worldwide. This campaign, led by a persistent attacker group, has successfully penetrated a large number of targets using various attack techniques, and specifically, a custom-made malware implant codenamed Explosive .",
|
||||||
"expanded": "Volatile Cedar",
|
"expanded": "Volatile Cedar",
|
||||||
"value": "Volatile Cedar"
|
"value": "Volatile Cedar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Threat Group conducting cyber espionage while re-using tools from other teams; like those of Hacking Team, and vmprotect to obfuscate.",
|
||||||
|
"expanded": "Callisto",
|
||||||
|
"value": "Callisto"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"predicate": "threat-actor"
|
"predicate": "threat-actor"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 3
|
"version": 4
|
||||||
}
|
}
|
Loading…
Reference in New Issue