Hugging Face's logo

khoicrtp
/
test_scratch

Model card Files Community
test_scratch / cti-ATT-CK-v13.1 /ics-attack /intrusion-set /intrusion-set--1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1.json
khoicrtp's picture
khoicrtp
Upload 2298 files
5fe70fd
raw
history blame
9.84 kB
{
"type": "bundle",
"id": "bundle--59720d00-615e-4878-b5ab-736e626221c9",
"spec_version": "2.0",
"objects": [
{
"modified": "2023-03-08T22:03:28.170Z",
"name": "Dragonfly",
"description": "[Dragonfly](https://attack.mitre.org/groups/G0035) is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16.(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022) Active since at least 2010, [Dragonfly](https://attack.mitre.org/groups/G0035) has targeted defense and aviation companies, government entities, companies related to industrial control systems, and critical infrastructure sectors worldwide through supply chain, spearphishing, and drive-by compromise attacks.(Citation: Symantec Dragonfly)(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Symantec Dragonfly Sept 2017)(Citation: Fortune Dragonfly 2.0 Sept 2017)(Citation: Gigamon Berserk Bear October 2021)(Citation: CISA AA20-296A Berserk Bear December 2020)(Citation: Symantec Dragonfly 2.0 October 2017)",
"aliases": [
"Dragonfly",
"TEMP.Isotope",
"DYMALLOY",
"Berserk Bear",
"TG-4192",
"Crouching Yeti",
"IRON LIBERTY",
"Energetic Bear"
],
"x_mitre_deprecated": false,
"x_mitre_version": "3.1",
"x_mitre_contributors": [
"Dragos Threat Intelligence"
],
"type": "intrusion-set",
"id": "intrusion-set--1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1",
"created": "2017-05-31T21:32:05.217Z",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"revoked": false,
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://attack.mitre.org/groups/G0035",
"external_id": "G0035"
},
{
"source_name": "DYMALLOY",
"description": "(Citation: Dragos DYMALLOY )(Citation: UK GOV FSB Factsheet April 2022)"
},
{
"source_name": "Berserk Bear",
"description": "(Citation: Gigamon Berserk Bear October 2021)(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022)"
},
{
"source_name": "TEMP.Isotope",
"description": "(Citation: Mandiant Ukraine Cyber Threats January 2022)(Citation: Gigamon Berserk Bear October 2021)"
},
{
"source_name": "Crouching Yeti",
"description": "(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Gigamon Berserk Bear October 2021)(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022)"
},
{
"source_name": "IRON LIBERTY",
"description": "(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Secureworks MCMD July 2019)(Citation: Secureworks Karagany July 2019)(Citation: UK GOV FSB Factsheet April 2022)"
},
{
"source_name": "TG-4192",
"description": "(Citation: Secureworks IRON LIBERTY July 2019)(Citation: UK GOV FSB Factsheet April 2022)"
},
{
"source_name": "Dragonfly",
"description": "(Citation: Symantec Dragonfly)(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Gigamon Berserk Bear October 2021)(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022)"
},
{
"source_name": "Energetic Bear",
"description": "(Citation: Symantec Dragonfly)(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Secureworks MCMD July 2019)(Citation: Secureworks Karagany July 2019)(Citation: Gigamon Berserk Bear October 2021)(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022)"
},
{
"source_name": "CISA AA20-296A Berserk Bear December 2020",
"description": "CISA. (2020, December 1). Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets. Retrieved December 9, 2021.",
"url": "https://www.cisa.gov/uscert/ncas/alerts/aa20-296a#revisions"
},
{
"source_name": "DOJ Russia Targeting Critical Infrastructure March 2022",
"description": "Department of Justice. (2022, March 24). Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide. Retrieved April 5, 2022.",
"url": "https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical"
},
{
"source_name": "Dragos DYMALLOY ",
"description": "Dragos. (n.d.). DYMALLOY. Retrieved August 20, 2020.",
"url": "https://www.dragos.com/threat/dymalloy/"
},
{
"source_name": "Fortune Dragonfly 2.0 Sept 2017",
"description": "Hackett, R. (2017, September 6). Hackers Have Penetrated Energy Grid, Symantec Warns. Retrieved June 6, 2018.",
"url": "http://fortune.com/2017/09/06/hack-energy-grid-symantec/"
},
{
"source_name": "Mandiant Ukraine Cyber Threats January 2022",
"description": "Hultquist, J. (2022, January 20). Anticipating Cyber Threats as the Ukraine Crisis Escalates. Retrieved January 24, 2022.",
"url": "https://www.mandiant.com/resources/ukraine-crisis-cyber-threats"
},
{
"source_name": "Secureworks MCMD July 2019",
"description": "Secureworks. (2019, July 24). MCMD Malware Analysis. Retrieved August 13, 2020.",
"url": "https://www.secureworks.com/research/mcmd-malware-analysis"
},
{
"source_name": "Secureworks IRON LIBERTY July 2019",
"description": "Secureworks. (2019, July 24). Resurgent Iron Liberty Targeting Energy Sector. Retrieved August 12, 2020.",
"url": "https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector"
},
{
"source_name": "Secureworks Karagany July 2019",
"description": "Secureworks. (2019, July 24). Updated Karagany Malware Targets Energy Sector. Retrieved August 12, 2020.",
"url": "https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector"
},
{
"source_name": "Gigamon Berserk Bear October 2021",
"description": "Slowik, J. (2021, October). THE BAFFLING BERSERK BEAR: A DECADE\u2019S ACTIVITY TARGETING CRITICAL INFRASTRUCTURE. Retrieved December 6, 2021.",
"url": "https://vblocalhost.com/uploads/VB2021-Slowik.pdf"
},
{
"source_name": "Symantec Dragonfly Sept 2017",
"description": "Symantec Security Response. (2014, July 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved September 9, 2017.",
"url": "https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers"
},
{
"source_name": "Symantec Dragonfly",
"description": "Symantec Security Response. (2014, June 30). Dragonfly: Cyberespionage Attacks Against Energy Suppliers. Retrieved April 8, 2016.",
"url": "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7382dce7-0260-4782-84cc-890971ed3f17&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments"
},
{
"source_name": "Symantec Dragonfly 2.0 October 2017",
"description": "Symantec. (2017, October 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved April 19, 2022.",
"url": "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks"
},
{
"source_name": "UK GOV FSB Factsheet April 2022",
"description": "UK Gov. (2022, April 5). Russia's FSB malign activity: factsheet. Retrieved April 5, 2022.",
"url": "https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet"
}
],
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"x_mitre_domains": [
"enterprise-attack",
"ics-attack"
],
"x_mitre_attack_spec_version": "3.1.0",
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
}
]
}