test_scratch
/
cti-ATT-CK-v13.1
/enterprise-attack
/intrusion-set
/intrusion-set--44e43fad-ffcb-4210-abcf-eaaed9735f80.json
| { | |
| "type": "bundle", | |
| "id": "bundle--7a222a7e-f5f3-469e-b51e-928666bf3472", | |
| "spec_version": "2.0", | |
| "objects": [ | |
| { | |
| "modified": "2022-09-02T18:03:29.024Z", | |
| "name": "APT39", | |
| "description": "[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since at least 2014. [APT39](https://attack.mitre.org/groups/G0087) has primarily targeted the travel, hospitality, academic, and telecommunications industries in Iran and across Asia, Africa, Europe, and North America to track individuals and entities considered to be a threat by the MOIS.(Citation: FireEye APT39 Jan 2019)(Citation: Symantec Chafer Dec 2015)(Citation: FBI FLASH APT39 September 2020)(Citation: Dept. of Treasury Iran Sanctions September 2020)(Citation: DOJ Iran Indictments September 2020)", | |
| "aliases": [ | |
| "APT39", | |
| "ITG07", | |
| "Chafer", | |
| "Remix Kitten" | |
| ], | |
| "x_mitre_deprecated": false, | |
| "x_mitre_version": "3.1", | |
| "type": "intrusion-set", | |
| "id": "intrusion-set--44e43fad-ffcb-4210-abcf-eaaed9735f80", | |
| "created": "2019-02-19T16:01:38.585Z", | |
| "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
| "revoked": false, | |
| "external_references": [ | |
| { | |
| "source_name": "mitre-attack", | |
| "url": "https://attack.mitre.org/groups/G0087", | |
| "external_id": "G0087" | |
| }, | |
| { | |
| "source_name": "Remix Kitten", | |
| "description": "(Citation: Crowdstrike GTR2020 Mar 2020)" | |
| }, | |
| { | |
| "source_name": "ITG07", | |
| "description": "(Citation: FBI FLASH APT39 September 2020)(Citation: Dept. of Treasury Iran Sanctions September 2020)(Citation: DOJ Iran Indictments September 2020)" | |
| }, | |
| { | |
| "source_name": "APT39", | |
| "description": "(Citation: FireEye APT39 Jan 2019)(Citation: FBI FLASH APT39 September 2020)(Citation: Dept. of Treasury Iran Sanctions September 2020)(Citation: DOJ Iran Indictments September 2020)" | |
| }, | |
| { | |
| "source_name": "Chafer", | |
| "description": "Activities associated with APT39 largely align with a group publicly referred to as Chafer.(Citation: FireEye APT39 Jan 2019)(Citation: Symantec Chafer Dec 2015)(Citation: Dark Reading APT39 JAN 2019)(Citation: FBI FLASH APT39 September 2020)(Citation: Dept. of Treasury Iran Sanctions September 2020)(Citation: DOJ Iran Indictments September 2020)" | |
| }, | |
| { | |
| "source_name": "Crowdstrike GTR2020 Mar 2020", | |
| "description": "Crowdstrike. (2020, March 2). 2020 Global Threat Report. Retrieved December 11, 2020.", | |
| "url": "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf" | |
| }, | |
| { | |
| "source_name": "Dept. of Treasury Iran Sanctions September 2020", | |
| "description": "Dept. of Treasury. (2020, September 17). Treasury Sanctions Cyber Actors Backed by Iranian Intelligence. Retrieved December 10, 2020.", | |
| "url": "https://home.treasury.gov/news/press-releases/sm1127" | |
| }, | |
| { | |
| "source_name": "DOJ Iran Indictments September 2020", | |
| "description": "DOJ. (2020, September 17). Department of Justice and Partner Departments and Agencies Conduct Coordinated Actions to Disrupt and Deter Iranian Malicious Cyber Activities Targeting the United States and the Broader International Community. Retrieved December 10, 2020.", | |
| "url": "https://www.justice.gov/opa/pr/department-justice-and-partner-departments-and-agencies-conduct-coordinated-actions-disrupt" | |
| }, | |
| { | |
| "source_name": "FBI FLASH APT39 September 2020", | |
| "description": "FBI. (2020, September 17). Indicators of Compromise Associated with Rana Intelligence Computing, also known as Advanced Persistent Threat 39, Chafer, Cadelspy, Remexi, and ITG07. Retrieved December 10, 2020.", | |
| "url": "https://www.iranwatch.org/sites/default/files/public-intelligence-alert.pdf" | |
| }, | |
| { | |
| "source_name": "FireEye APT39 Jan 2019", | |
| "description": "Hawley et al. (2019, January 29). APT39: An Iranian Cyber Espionage Group Focused on Personal Information. Retrieved February 19, 2019.", | |
| "url": "https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html" | |
| }, | |
| { | |
| "source_name": "Dark Reading APT39 JAN 2019", | |
| "description": "Higgins, K. (2019, January 30). Iran Ups its Traditional Cyber Espionage Tradecraft. Retrieved May 22, 2020.", | |
| "url": "https://www.darkreading.com/attacks-breaches/iran-ups-its-traditional-cyber-espionage-tradecraft/d/d-id/1333764" | |
| }, | |
| { | |
| "source_name": "Symantec Chafer Dec 2015", | |
| "description": "Symantec Security Response. (2015, December 7). Iran-based attackers use back door threats to spy on Middle Eastern targets. Retrieved April 17, 2019.", | |
| "url": "https://www.symantec.com/connect/blogs/iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets" | |
| } | |
| ], | |
| "object_marking_refs": [ | |
| "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
| ], | |
| "x_mitre_domains": [ | |
| "enterprise-attack" | |
| ], | |
| "x_mitre_attack_spec_version": "2.1.0", | |
| "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
| } | |
| ] | |
| } |