Hugging Face's logo

khoicrtp
/
test_scratch

Model card Files Community
test_scratch / cti-ATT-CK-v13.1 /ics-attack /intrusion-set /intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json
khoicrtp's picture
khoicrtp
Upload 2298 files
5fe70fd
raw
history blame
9.68 kB
{
"type": "bundle",
"id": "bundle--8b7af9cc-74d3-4224-9d6b-8270ac0079a8",
"spec_version": "2.0",
"objects": [
{
"modified": "2023-03-08T22:12:31.238Z",
"name": "Sandworm Team",
"description": "[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020)\n\nIn October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)",
"aliases": [
"Sandworm Team",
"ELECTRUM",
"Telebots",
"IRON VIKING",
"BlackEnergy (Group)",
"Quedagh",
"Voodoo Bear",
"IRIDIUM"
],
"x_mitre_deprecated": false,
"x_mitre_version": "3.0",
"x_mitre_contributors": [
"Dragos Threat Intelligence"
],
"type": "intrusion-set",
"id": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192",
"created": "2017-05-31T21:32:04.588Z",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"revoked": false,
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://attack.mitre.org/groups/G0034",
"external_id": "G0034"
},
{
"source_name": "Voodoo Bear",
"description": "(Citation: CrowdStrike VOODOO BEAR)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
},
{
"source_name": "ELECTRUM",
"description": "(Citation: Dragos ELECTRUM)(Citation: UK NCSC Olympic Attacks October 2020)"
},
{
"source_name": "Sandworm Team",
"description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014) (Citation: InfoSecurity Sandworm Oct 2014)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
},
{
"source_name": "Quedagh",
"description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014)(Citation: UK NCSC Olympic Attacks October 2020)"
},
{
"source_name": "IRIDIUM",
"description": "(Citation: Microsoft Prestige ransomware October 2022)"
},
{
"source_name": "BlackEnergy (Group)",
"description": "(Citation: NCSC Sandworm Feb 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
},
{
"source_name": "Telebots",
"description": "(Citation: NCSC Sandworm Feb 2020)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
},
{
"source_name": "IRON VIKING",
"description": "(Citation: Secureworks IRON VIKING )(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
},
{
"source_name": "US District Court Indictment GRU Oct 2018",
"description": "Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.",
"url": "https://www.justice.gov/opa/page/file/1098481/download"
},
{
"source_name": "Dragos ELECTRUM",
"description": "Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020.",
"url": "https://www.dragos.com/resource/electrum/"
},
{
"source_name": "F-Secure BlackEnergy 2014",
"description": "F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.",
"url": "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf"
},
{
"source_name": "iSIGHT Sandworm 2014",
"description": "Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017.",
"url": "https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html"
},
{
"source_name": "CrowdStrike VOODOO BEAR",
"description": "Meyers, A. (2018, January 19). Meet CrowdStrike\u2019s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018.",
"url": "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/"
},
{
"source_name": "Microsoft Prestige ransomware October 2022",
"description": "MSTIC. (2022, October 14). New \u201cPrestige\u201d ransomware impacts organizations in Ukraine and Poland. Retrieved January 19, 2023.",
"url": "https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/"
},
{
"source_name": "InfoSecurity Sandworm Oct 2014",
"description": "Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian \u2018Sandworm\u2019 Hackers. Retrieved October 6, 2017.",
"url": "https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/"
},
{
"source_name": "NCSC Sandworm Feb 2020",
"description": "NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020.",
"url": "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory"
},
{
"source_name": "USDOJ Sandworm Feb 2020",
"description": "Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved June 18, 2020.",
"url": "https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia//index.html"
},
{
"source_name": "US District Court Indictment GRU Unit 74455 October 2020",
"description": "Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.",
"url": "https://www.justice.gov/opa/press-release/file/1328521/download"
},
{
"source_name": "Secureworks IRON VIKING ",
"description": "Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020.",
"url": "https://www.secureworks.com/research/threat-profiles/iron-viking"
},
{
"source_name": "UK NCSC Olympic Attacks October 2020",
"description": "UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020.",
"url": "https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games"
}
],
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"x_mitre_domains": [
"ics-attack",
"enterprise-attack",
"mobile-attack"
],
"x_mitre_attack_spec_version": "3.1.0",
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
}
]
}