test_scratch
/
cti-ATT-CK-v13.1
/enterprise-attack
/intrusion-set
/intrusion-set--1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1.json
{ | |
"type": "bundle", | |
"id": "bundle--56ccd702-229b-48b8-b977-46e6e50acfdc", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"modified": "2023-03-08T22:03:28.170Z", | |
"name": "Dragonfly", | |
"description": "[Dragonfly](https://attack.mitre.org/groups/G0035) is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16.(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022) Active since at least 2010, [Dragonfly](https://attack.mitre.org/groups/G0035) has targeted defense and aviation companies, government entities, companies related to industrial control systems, and critical infrastructure sectors worldwide through supply chain, spearphishing, and drive-by compromise attacks.(Citation: Symantec Dragonfly)(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Symantec Dragonfly Sept 2017)(Citation: Fortune Dragonfly 2.0 Sept 2017)(Citation: Gigamon Berserk Bear October 2021)(Citation: CISA AA20-296A Berserk Bear December 2020)(Citation: Symantec Dragonfly 2.0 October 2017)", | |
"aliases": [ | |
"Dragonfly", | |
"TEMP.Isotope", | |
"DYMALLOY", | |
"Berserk Bear", | |
"TG-4192", | |
"Crouching Yeti", | |
"IRON LIBERTY", | |
"Energetic Bear" | |
], | |
"x_mitre_deprecated": false, | |
"x_mitre_version": "3.1", | |
"x_mitre_contributors": [ | |
"Dragos Threat Intelligence" | |
], | |
"type": "intrusion-set", | |
"id": "intrusion-set--1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1", | |
"created": "2017-05-31T21:32:05.217Z", | |
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
"revoked": false, | |
"external_references": [ | |
{ | |
"source_name": "mitre-attack", | |
"url": "https://attack.mitre.org/groups/G0035", | |
"external_id": "G0035" | |
}, | |
{ | |
"source_name": "DYMALLOY", | |
"description": "(Citation: Dragos DYMALLOY )(Citation: UK GOV FSB Factsheet April 2022)" | |
}, | |
{ | |
"source_name": "Berserk Bear", | |
"description": "(Citation: Gigamon Berserk Bear October 2021)(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022)" | |
}, | |
{ | |
"source_name": "TEMP.Isotope", | |
"description": "(Citation: Mandiant Ukraine Cyber Threats January 2022)(Citation: Gigamon Berserk Bear October 2021)" | |
}, | |
{ | |
"source_name": "Crouching Yeti", | |
"description": "(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Gigamon Berserk Bear October 2021)(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022)" | |
}, | |
{ | |
"source_name": "IRON LIBERTY", | |
"description": "(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Secureworks MCMD July 2019)(Citation: Secureworks Karagany July 2019)(Citation: UK GOV FSB Factsheet April 2022)" | |
}, | |
{ | |
"source_name": "TG-4192", | |
"description": "(Citation: Secureworks IRON LIBERTY July 2019)(Citation: UK GOV FSB Factsheet April 2022)" | |
}, | |
{ | |
"source_name": "Dragonfly", | |
"description": "(Citation: Symantec Dragonfly)(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Gigamon Berserk Bear October 2021)(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022)" | |
}, | |
{ | |
"source_name": "Energetic Bear", | |
"description": "(Citation: Symantec Dragonfly)(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Secureworks MCMD July 2019)(Citation: Secureworks Karagany July 2019)(Citation: Gigamon Berserk Bear October 2021)(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022)" | |
}, | |
{ | |
"source_name": "CISA AA20-296A Berserk Bear December 2020", | |
"description": "CISA. (2020, December 1). Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets. Retrieved December 9, 2021.", | |
"url": "https://www.cisa.gov/uscert/ncas/alerts/aa20-296a#revisions" | |
}, | |
{ | |
"source_name": "DOJ Russia Targeting Critical Infrastructure March 2022", | |
"description": "Department of Justice. (2022, March 24). Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide. Retrieved April 5, 2022.", | |
"url": "https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical" | |
}, | |
{ | |
"source_name": "Dragos DYMALLOY ", | |
"description": "Dragos. (n.d.). DYMALLOY. Retrieved August 20, 2020.", | |
"url": "https://www.dragos.com/threat/dymalloy/" | |
}, | |
{ | |
"source_name": "Fortune Dragonfly 2.0 Sept 2017", | |
"description": "Hackett, R. (2017, September 6). Hackers Have Penetrated Energy Grid, Symantec Warns. Retrieved June 6, 2018.", | |
"url": "http://fortune.com/2017/09/06/hack-energy-grid-symantec/" | |
}, | |
{ | |
"source_name": "Mandiant Ukraine Cyber Threats January 2022", | |
"description": "Hultquist, J. (2022, January 20). Anticipating Cyber Threats as the Ukraine Crisis Escalates. Retrieved January 24, 2022.", | |
"url": "https://www.mandiant.com/resources/ukraine-crisis-cyber-threats" | |
}, | |
{ | |
"source_name": "Secureworks MCMD July 2019", | |
"description": "Secureworks. (2019, July 24). MCMD Malware Analysis. Retrieved August 13, 2020.", | |
"url": "https://www.secureworks.com/research/mcmd-malware-analysis" | |
}, | |
{ | |
"source_name": "Secureworks IRON LIBERTY July 2019", | |
"description": "Secureworks. (2019, July 24). Resurgent Iron Liberty Targeting Energy Sector. Retrieved August 12, 2020.", | |
"url": "https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector" | |
}, | |
{ | |
"source_name": "Secureworks Karagany July 2019", | |
"description": "Secureworks. (2019, July 24). Updated Karagany Malware Targets Energy Sector. Retrieved August 12, 2020.", | |
"url": "https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector" | |
}, | |
{ | |
"source_name": "Gigamon Berserk Bear October 2021", | |
"description": "Slowik, J. (2021, October). THE BAFFLING BERSERK BEAR: A DECADE\u2019S ACTIVITY TARGETING CRITICAL INFRASTRUCTURE. Retrieved December 6, 2021.", | |
"url": "https://vblocalhost.com/uploads/VB2021-Slowik.pdf" | |
}, | |
{ | |
"source_name": "Symantec Dragonfly Sept 2017", | |
"description": "Symantec Security Response. (2014, July 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved September 9, 2017.", | |
"url": "https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers" | |
}, | |
{ | |
"source_name": "Symantec Dragonfly", | |
"description": "Symantec Security Response. (2014, June 30). Dragonfly: Cyberespionage Attacks Against Energy Suppliers. Retrieved April 8, 2016.", | |
"url": "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7382dce7-0260-4782-84cc-890971ed3f17&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments" | |
}, | |
{ | |
"source_name": "Symantec Dragonfly 2.0 October 2017", | |
"description": "Symantec. (2017, October 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved April 19, 2022.", | |
"url": "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks" | |
}, | |
{ | |
"source_name": "UK GOV FSB Factsheet April 2022", | |
"description": "UK Gov. (2022, April 5). Russia's FSB malign activity: factsheet. Retrieved April 5, 2022.", | |
"url": "https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet" | |
} | |
], | |
"object_marking_refs": [ | |
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
], | |
"x_mitre_domains": [ | |
"enterprise-attack", | |
"ics-attack" | |
], | |
"x_mitre_attack_spec_version": "3.1.0", | |
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
} | |
] | |
} |