File size: 6,696 Bytes
5fe70fd |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
{
"type": "bundle",
"id": "bundle--cc7a50d7-2256-44dc-8b5c-52a3e9f08de7",
"spec_version": "2.0",
"objects": [
{
"modified": "2023-03-22T04:29:39.915Z",
"name": "Gamaredon Group",
"description": "[Gamaredon Group](https://attack.mitre.org/groups/G0047) is a suspected Russian cyber espionage threat group that has targeted military, NGO, judiciary, law enforcement, and non-profit organizations in Ukraine since at least 2013. The name [Gamaredon Group](https://attack.mitre.org/groups/G0047) comes from a misspelling of the word \"Armageddon\", which was detected in the adversary's early campaigns.(Citation: Palo Alto Gamaredon Feb 2017)(Citation: TrendMicro Gamaredon April 2020)(Citation: ESET Gamaredon June 2020)(Citation: Symantec Shuckworm January 2022)(Citation: Microsoft Actinium February 2022)\n\nIn November 2021, the Ukrainian government publicly attributed [Gamaredon Group](https://attack.mitre.org/groups/G0047) to Russia's Federal Security Service (FSB) Center 18.(Citation: Bleepingcomputer Gamardeon FSB November 2021)(Citation: Microsoft Actinium February 2022)",
"aliases": [
"Gamaredon Group",
"IRON TILDEN",
"Primitive Bear",
"ACTINIUM",
"Armageddon",
"Shuckworm",
"DEV-0157"
],
"x_mitre_deprecated": false,
"x_mitre_version": "2.1",
"x_mitre_contributors": [
"ESET",
"Trend Micro Incorporated"
],
"type": "intrusion-set",
"id": "intrusion-set--2e290bfe-93b5-48ce-97d6-edcd6d32b7cf",
"created": "2017-05-31T21:32:09.849Z",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"revoked": false,
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://attack.mitre.org/groups/G0047",
"external_id": "G0047"
},
{
"source_name": "ACTINIUM",
"description": "(Citation: Microsoft Actinium February 2022)"
},
{
"source_name": "DEV-0157",
"description": "(Citation: Microsoft Actinium February 2022)"
},
{
"source_name": "Gamaredon Group",
"description": "(Citation: Palo Alto Gamaredon Feb 2017)"
},
{
"source_name": "IRON TILDEN",
"description": "(Citation: Secureworks IRON TILDEN Profile)"
},
{
"source_name": "Armageddon",
"description": "(Citation: Symantec Shuckworm January 2022)"
},
{
"source_name": "Shuckworm",
"description": "(Citation: Symantec Shuckworm January 2022)"
},
{
"source_name": "Primitive Bear",
"description": "(Citation: Unit 42 Gamaredon February 2022)"
},
{
"source_name": "ESET Gamaredon June 2020",
"description": "Boutin, J. (2020, June 11). Gamaredon group grows its game. Retrieved June 16, 2020.",
"url": "https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/"
},
{
"source_name": "TrendMicro Gamaredon April 2020",
"description": "Kakara, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020.",
"url": "https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/"
},
{
"source_name": "Palo Alto Gamaredon Feb 2017",
"description": "Kasza, A. and Reichel, D. (2017, February 27). The Gamaredon Group Toolset Evolution. Retrieved March 1, 2017.",
"url": "https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/"
},
{
"source_name": "Microsoft Actinium February 2022",
"description": "Microsoft Threat Intelligence Center. (2022, February 4). ACTINIUM targets Ukrainian organizations. Retrieved February 18, 2022.",
"url": "https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/"
},
{
"source_name": "Secureworks IRON TILDEN Profile",
"description": "Secureworks CTU. (n.d.). IRON TILDEN. Retrieved February 24, 2022.",
"url": "https://www.secureworks.com/research/threat-profiles/iron-tilden"
},
{
"source_name": "Symantec Shuckworm January 2022",
"description": "Symantec. (2022, January 31). Shuckworm Continues Cyber-Espionage Attacks Against Ukraine. Retrieved February 17, 2022.",
"url": "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine"
},
{
"source_name": "Bleepingcomputer Gamardeon FSB November 2021",
"description": "Toulas, B. (2018, November 4). Ukraine links members of Gamaredon hacker group to Russian FSB. Retrieved April 15, 2022.",
"url": "https://www.bleepingcomputer.com/news/security/ukraine-links-members-of-gamaredon-hacker-group-to-russian-fsb/"
},
{
"source_name": "Unit 42 Gamaredon February 2022",
"description": "Unit 42. (2022, February 3). Russia\u2019s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine. Retrieved February 21, 2022.",
"url": "https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/"
}
],
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"x_mitre_domains": [
"enterprise-attack"
],
"x_mitre_attack_spec_version": "3.1.0",
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
}
]
} |