test_scratch
/
cti-ATT-CK-v13.1
/enterprise-attack
/intrusion-set
/intrusion-set--2e290bfe-93b5-48ce-97d6-edcd6d32b7cf.json
| { | |
| "type": "bundle", | |
| "id": "bundle--cc7a50d7-2256-44dc-8b5c-52a3e9f08de7", | |
| "spec_version": "2.0", | |
| "objects": [ | |
| { | |
| "modified": "2023-03-22T04:29:39.915Z", | |
| "name": "Gamaredon Group", | |
| "description": "[Gamaredon Group](https://attack.mitre.org/groups/G0047) is a suspected Russian cyber espionage threat group that has targeted military, NGO, judiciary, law enforcement, and non-profit organizations in Ukraine since at least 2013. The name [Gamaredon Group](https://attack.mitre.org/groups/G0047) comes from a misspelling of the word \"Armageddon\", which was detected in the adversary's early campaigns.(Citation: Palo Alto Gamaredon Feb 2017)(Citation: TrendMicro Gamaredon April 2020)(Citation: ESET Gamaredon June 2020)(Citation: Symantec Shuckworm January 2022)(Citation: Microsoft Actinium February 2022)\n\nIn November 2021, the Ukrainian government publicly attributed [Gamaredon Group](https://attack.mitre.org/groups/G0047) to Russia's Federal Security Service (FSB) Center 18.(Citation: Bleepingcomputer Gamardeon FSB November 2021)(Citation: Microsoft Actinium February 2022)", | |
| "aliases": [ | |
| "Gamaredon Group", | |
| "IRON TILDEN", | |
| "Primitive Bear", | |
| "ACTINIUM", | |
| "Armageddon", | |
| "Shuckworm", | |
| "DEV-0157" | |
| ], | |
| "x_mitre_deprecated": false, | |
| "x_mitre_version": "2.1", | |
| "x_mitre_contributors": [ | |
| "ESET", | |
| "Trend Micro Incorporated" | |
| ], | |
| "type": "intrusion-set", | |
| "id": "intrusion-set--2e290bfe-93b5-48ce-97d6-edcd6d32b7cf", | |
| "created": "2017-05-31T21:32:09.849Z", | |
| "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
| "revoked": false, | |
| "external_references": [ | |
| { | |
| "source_name": "mitre-attack", | |
| "url": "https://attack.mitre.org/groups/G0047", | |
| "external_id": "G0047" | |
| }, | |
| { | |
| "source_name": "ACTINIUM", | |
| "description": "(Citation: Microsoft Actinium February 2022)" | |
| }, | |
| { | |
| "source_name": "DEV-0157", | |
| "description": "(Citation: Microsoft Actinium February 2022)" | |
| }, | |
| { | |
| "source_name": "Gamaredon Group", | |
| "description": "(Citation: Palo Alto Gamaredon Feb 2017)" | |
| }, | |
| { | |
| "source_name": "IRON TILDEN", | |
| "description": "(Citation: Secureworks IRON TILDEN Profile)" | |
| }, | |
| { | |
| "source_name": "Armageddon", | |
| "description": "(Citation: Symantec Shuckworm January 2022)" | |
| }, | |
| { | |
| "source_name": "Shuckworm", | |
| "description": "(Citation: Symantec Shuckworm January 2022)" | |
| }, | |
| { | |
| "source_name": "Primitive Bear", | |
| "description": "(Citation: Unit 42 Gamaredon February 2022)" | |
| }, | |
| { | |
| "source_name": "ESET Gamaredon June 2020", | |
| "description": "Boutin, J. (2020, June 11). Gamaredon group grows its game. Retrieved June 16, 2020.", | |
| "url": "https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/" | |
| }, | |
| { | |
| "source_name": "TrendMicro Gamaredon April 2020", | |
| "description": "Kakara, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020.", | |
| "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/" | |
| }, | |
| { | |
| "source_name": "Palo Alto Gamaredon Feb 2017", | |
| "description": "Kasza, A. and Reichel, D. (2017, February 27). The Gamaredon Group Toolset Evolution. Retrieved March 1, 2017.", | |
| "url": "https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/" | |
| }, | |
| { | |
| "source_name": "Microsoft Actinium February 2022", | |
| "description": "Microsoft Threat Intelligence Center. (2022, February 4). ACTINIUM targets Ukrainian organizations. Retrieved February 18, 2022.", | |
| "url": "https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/" | |
| }, | |
| { | |
| "source_name": "Secureworks IRON TILDEN Profile", | |
| "description": "Secureworks CTU. (n.d.). IRON TILDEN. Retrieved February 24, 2022.", | |
| "url": "https://www.secureworks.com/research/threat-profiles/iron-tilden" | |
| }, | |
| { | |
| "source_name": "Symantec Shuckworm January 2022", | |
| "description": "Symantec. (2022, January 31). Shuckworm Continues Cyber-Espionage Attacks Against Ukraine. Retrieved February 17, 2022.", | |
| "url": "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine" | |
| }, | |
| { | |
| "source_name": "Bleepingcomputer Gamardeon FSB November 2021", | |
| "description": "Toulas, B. (2018, November 4). Ukraine links members of Gamaredon hacker group to Russian FSB. Retrieved April 15, 2022.", | |
| "url": "https://www.bleepingcomputer.com/news/security/ukraine-links-members-of-gamaredon-hacker-group-to-russian-fsb/" | |
| }, | |
| { | |
| "source_name": "Unit 42 Gamaredon February 2022", | |
| "description": "Unit 42. (2022, February 3). Russia\u2019s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine. Retrieved February 21, 2022.", | |
| "url": "https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/" | |
| } | |
| ], | |
| "object_marking_refs": [ | |
| "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
| ], | |
| "x_mitre_domains": [ | |
| "enterprise-attack" | |
| ], | |
| "x_mitre_attack_spec_version": "3.1.0", | |
| "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
| } | |
| ] | |
| } |