test_scratch
/
cti-ATT-CK-v13.1
/ics-attack
/intrusion-set
/intrusion-set--dd2d9ca6-505b-4860-a604-233685b802c7.json
{ | |
"type": "bundle", | |
"id": "bundle--f8b9df8b-ef3a-4341-96e9-45929ffcb62c", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"modified": "2023-03-22T05:44:27.289Z", | |
"name": "Wizard Spider", | |
"description": "[Wizard Spider](https://attack.mitre.org/groups/G0102) is a Russia-based financially motivated threat group originally known for the creation and deployment of [TrickBot](https://attack.mitre.org/software/S0266) since at least 2016. [Wizard Spider](https://attack.mitre.org/groups/G0102) possesses a diverse arsenal of tools and has conducted ransomware campaigns against a variety of organizations, ranging from major corporations to hospitals.(Citation: CrowdStrike Ryuk January 2019)(Citation: DHS/CISA Ransomware Targeting Healthcare October 2020)(Citation: CrowdStrike Wizard Spider October 2020)", | |
"aliases": [ | |
"Wizard Spider", | |
"UNC1878", | |
"TEMP.MixMaster", | |
"Grim Spider" | |
], | |
"x_mitre_deprecated": false, | |
"x_mitre_version": "2.1", | |
"x_mitre_contributors": [ | |
"Edward Millington", | |
"Oleksiy Gayda" | |
], | |
"type": "intrusion-set", | |
"id": "intrusion-set--dd2d9ca6-505b-4860-a604-233685b802c7", | |
"created": "2020-05-12T18:15:29.396Z", | |
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
"revoked": false, | |
"external_references": [ | |
{ | |
"source_name": "mitre-attack", | |
"url": "https://attack.mitre.org/groups/G0102", | |
"external_id": "G0102" | |
}, | |
{ | |
"source_name": "Grim Spider", | |
"description": "(Citation: CrowdStrike Ryuk January 2019)(Citation: CrowdStrike Grim Spider May 2019)" | |
}, | |
{ | |
"source_name": "UNC1878", | |
"description": "(Citation: FireEye KEGTAP SINGLEMALT October 2020)" | |
}, | |
{ | |
"source_name": "TEMP.MixMaster", | |
"description": "(Citation: FireEye Ryuk and Trickbot January 2019)" | |
}, | |
{ | |
"source_name": "DHS/CISA Ransomware Targeting Healthcare October 2020", | |
"description": "DHS/CISA. (2020, October 28). Ransomware Activity Targeting the Healthcare and Public Health Sector. Retrieved October 28, 2020.", | |
"url": "https://us-cert.cisa.gov/ncas/alerts/aa20-302a" | |
}, | |
{ | |
"source_name": "FireEye Ryuk and Trickbot January 2019", | |
"description": "Goody, K., et al (2019, January 11). A Nasty Trick: From Credential Theft Malware to Business Disruption. Retrieved May 12, 2020.", | |
"url": "https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html" | |
}, | |
{ | |
"source_name": "CrowdStrike Ryuk January 2019", | |
"description": "Hanel, A. (2019, January 10). Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware. Retrieved May 12, 2020.", | |
"url": "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/" | |
}, | |
{ | |
"source_name": "CrowdStrike Grim Spider May 2019", | |
"description": "John, E. and Carvey, H. (2019, May 30). Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER. Retrieved May 12, 2020.", | |
"url": "https://www.crowdstrike.com/blog/timelining-grim-spiders-big-game-hunting-tactics/" | |
}, | |
{ | |
"source_name": "FireEye KEGTAP SINGLEMALT October 2020", | |
"description": "Kimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock. (2020, October 28). Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser. Retrieved October 28, 2020.", | |
"url": "https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html" | |
}, | |
{ | |
"source_name": "CrowdStrike Wizard Spider October 2020", | |
"description": "Podlosky, A., Hanel, A. et al. (2020, October 16). WIZARD SPIDER Update: Resilient, Reactive and Resolute. Retrieved June 15, 2021.", | |
"url": "https://www.crowdstrike.com/blog/wizard-spider-adversary-update/" | |
} | |
], | |
"object_marking_refs": [ | |
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
], | |
"x_mitre_domains": [ | |
"enterprise-attack", | |
"ics-attack" | |
], | |
"x_mitre_attack_spec_version": "3.1.0", | |
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
} | |
] | |
} |