test_scratch
/
cti-ATT-CK-v13.1
/enterprise-attack
/intrusion-set
/intrusion-set--2e290bfe-93b5-48ce-97d6-edcd6d32b7cf.json
{ | |
"type": "bundle", | |
"id": "bundle--cc7a50d7-2256-44dc-8b5c-52a3e9f08de7", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"modified": "2023-03-22T04:29:39.915Z", | |
"name": "Gamaredon Group", | |
"description": "[Gamaredon Group](https://attack.mitre.org/groups/G0047) is a suspected Russian cyber espionage threat group that has targeted military, NGO, judiciary, law enforcement, and non-profit organizations in Ukraine since at least 2013. The name [Gamaredon Group](https://attack.mitre.org/groups/G0047) comes from a misspelling of the word \"Armageddon\", which was detected in the adversary's early campaigns.(Citation: Palo Alto Gamaredon Feb 2017)(Citation: TrendMicro Gamaredon April 2020)(Citation: ESET Gamaredon June 2020)(Citation: Symantec Shuckworm January 2022)(Citation: Microsoft Actinium February 2022)\n\nIn November 2021, the Ukrainian government publicly attributed [Gamaredon Group](https://attack.mitre.org/groups/G0047) to Russia's Federal Security Service (FSB) Center 18.(Citation: Bleepingcomputer Gamardeon FSB November 2021)(Citation: Microsoft Actinium February 2022)", | |
"aliases": [ | |
"Gamaredon Group", | |
"IRON TILDEN", | |
"Primitive Bear", | |
"ACTINIUM", | |
"Armageddon", | |
"Shuckworm", | |
"DEV-0157" | |
], | |
"x_mitre_deprecated": false, | |
"x_mitre_version": "2.1", | |
"x_mitre_contributors": [ | |
"ESET", | |
"Trend Micro Incorporated" | |
], | |
"type": "intrusion-set", | |
"id": "intrusion-set--2e290bfe-93b5-48ce-97d6-edcd6d32b7cf", | |
"created": "2017-05-31T21:32:09.849Z", | |
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
"revoked": false, | |
"external_references": [ | |
{ | |
"source_name": "mitre-attack", | |
"url": "https://attack.mitre.org/groups/G0047", | |
"external_id": "G0047" | |
}, | |
{ | |
"source_name": "ACTINIUM", | |
"description": "(Citation: Microsoft Actinium February 2022)" | |
}, | |
{ | |
"source_name": "DEV-0157", | |
"description": "(Citation: Microsoft Actinium February 2022)" | |
}, | |
{ | |
"source_name": "Gamaredon Group", | |
"description": "(Citation: Palo Alto Gamaredon Feb 2017)" | |
}, | |
{ | |
"source_name": "IRON TILDEN", | |
"description": "(Citation: Secureworks IRON TILDEN Profile)" | |
}, | |
{ | |
"source_name": "Armageddon", | |
"description": "(Citation: Symantec Shuckworm January 2022)" | |
}, | |
{ | |
"source_name": "Shuckworm", | |
"description": "(Citation: Symantec Shuckworm January 2022)" | |
}, | |
{ | |
"source_name": "Primitive Bear", | |
"description": "(Citation: Unit 42 Gamaredon February 2022)" | |
}, | |
{ | |
"source_name": "ESET Gamaredon June 2020", | |
"description": "Boutin, J. (2020, June 11). Gamaredon group grows its game. Retrieved June 16, 2020.", | |
"url": "https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/" | |
}, | |
{ | |
"source_name": "TrendMicro Gamaredon April 2020", | |
"description": "Kakara, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020.", | |
"url": "https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/" | |
}, | |
{ | |
"source_name": "Palo Alto Gamaredon Feb 2017", | |
"description": "Kasza, A. and Reichel, D. (2017, February 27). The Gamaredon Group Toolset Evolution. Retrieved March 1, 2017.", | |
"url": "https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/" | |
}, | |
{ | |
"source_name": "Microsoft Actinium February 2022", | |
"description": "Microsoft Threat Intelligence Center. (2022, February 4). ACTINIUM targets Ukrainian organizations. Retrieved February 18, 2022.", | |
"url": "https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/" | |
}, | |
{ | |
"source_name": "Secureworks IRON TILDEN Profile", | |
"description": "Secureworks CTU. (n.d.). IRON TILDEN. Retrieved February 24, 2022.", | |
"url": "https://www.secureworks.com/research/threat-profiles/iron-tilden" | |
}, | |
{ | |
"source_name": "Symantec Shuckworm January 2022", | |
"description": "Symantec. (2022, January 31). Shuckworm Continues Cyber-Espionage Attacks Against Ukraine. Retrieved February 17, 2022.", | |
"url": "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine" | |
}, | |
{ | |
"source_name": "Bleepingcomputer Gamardeon FSB November 2021", | |
"description": "Toulas, B. (2018, November 4). Ukraine links members of Gamaredon hacker group to Russian FSB. Retrieved April 15, 2022.", | |
"url": "https://www.bleepingcomputer.com/news/security/ukraine-links-members-of-gamaredon-hacker-group-to-russian-fsb/" | |
}, | |
{ | |
"source_name": "Unit 42 Gamaredon February 2022", | |
"description": "Unit 42. (2022, February 3). Russia\u2019s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine. Retrieved February 21, 2022.", | |
"url": "https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/" | |
} | |
], | |
"object_marking_refs": [ | |
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
], | |
"x_mitre_domains": [ | |
"enterprise-attack" | |
], | |
"x_mitre_attack_spec_version": "3.1.0", | |
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
} | |
] | |
} |