test_scratch
/
cti-ATT-CK-v13.1
/enterprise-attack
/intrusion-set
/intrusion-set--0bbdf25b-30ff-4894-a1cd-49260d0dd2d9.json
{ | |
"type": "bundle", | |
"id": "bundle--9e437a17-a0a8-449c-96cd-0b372efaa050", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"aliases": [ | |
"APT3", | |
"Gothic Panda", | |
"Pirpi", | |
"UPS Team", | |
"Buckeye", | |
"Threat Group-0110", | |
"TG-0110" | |
], | |
"x_mitre_domains": [ | |
"enterprise-attack" | |
], | |
"x_mitre_contributors": [ | |
"Patrick Sungbahadoor" | |
], | |
"object_marking_refs": [ | |
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
], | |
"id": "intrusion-set--0bbdf25b-30ff-4894-a1cd-49260d0dd2d9", | |
"type": "intrusion-set", | |
"created": "2017-05-31T21:31:55.853Z", | |
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
"external_references": [ | |
{ | |
"source_name": "mitre-attack", | |
"url": "https://attack.mitre.org/groups/G0022", | |
"external_id": "G0022" | |
}, | |
{ | |
"source_name": "APT3", | |
"description": "(Citation: FireEye Clandestine Wolf) (Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)" | |
}, | |
{ | |
"source_name": "Gothic Panda", | |
"description": "(Citation: PWC Pirpi Scanbox) (Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)" | |
}, | |
{ | |
"source_name": "Pirpi", | |
"description": "(Citation: PWC Pirpi Scanbox)" | |
}, | |
{ | |
"source_name": "UPS Team", | |
"description": "(Citation: FireEye Clandestine Wolf) (Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)" | |
}, | |
{ | |
"source_name": "Buckeye", | |
"description": "(Citation: Symantec Buckeye)" | |
}, | |
{ | |
"source_name": "Threat Group-0110", | |
"description": "(Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)" | |
}, | |
{ | |
"source_name": "TG-0110", | |
"description": "(Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)" | |
}, | |
{ | |
"source_name": "FireEye Clandestine Wolf", | |
"description": "Eng, E., Caselden, D.. (2015, June 23). Operation Clandestine Wolf \u2013 Adobe Flash Zero-Day in APT3 Phishing Campaign. Retrieved January 14, 2016.", | |
"url": "https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html" | |
}, | |
{ | |
"source_name": "Recorded Future APT3 May 2017", | |
"description": "Insikt Group (Recorded Future). (2017, May 17). Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3. Retrieved June 18, 2017.", | |
"url": "https://www.recordedfuture.com/chinese-mss-behind-apt3/" | |
}, | |
{ | |
"url": "https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html", | |
"description": "Moran, N., et al. (2014, November 21). Operation Double Tap. Retrieved January 14, 2016.", | |
"source_name": "FireEye Operation Double Tap" | |
}, | |
{ | |
"source_name": "Symantec Buckeye", | |
"description": "Symantec Security Response. (2016, September 6). Buckeye cyberespionage group shifts gaze from US to Hong Kong. Retrieved September 26, 2016.", | |
"url": "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong" | |
}, | |
{ | |
"url": "https://attack.mitre.org/docs/APT3_Adversary_Emulation_Plan.pdf", | |
"description": "Korban, C, et al. (2017, September). APT3 Adversary Emulation Plan. Retrieved January 16, 2018.", | |
"source_name": "APT3 Adversary Emulation Plan" | |
}, | |
{ | |
"source_name": "PWC Pirpi Scanbox", | |
"description": "Lancaster, T. (2015, July 25). A tale of Pirpi, Scanbox & CVE-2015-3113. Retrieved March 30, 2016.", | |
"url": "http://pwc.blogs.com/cyber_security_updates/2015/07/pirpi-scanbox.html" | |
} | |
], | |
"modified": "2021-10-01T19:09:20.817Z", | |
"name": "APT3", | |
"description": "[APT3](https://attack.mitre.org/groups/G0022) is a China-based threat group that researchers have attributed to China's Ministry of State Security.(Citation: FireEye Clandestine Wolf)(Citation: Recorded Future APT3 May 2017) This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap.(Citation: FireEye Clandestine Wolf)(Citation: FireEye Operation Double Tap) As of June 2015, the group appears to have shifted from targeting primarily US victims to primarily political organizations in Hong Kong.(Citation: Symantec Buckeye)\n\nIn 2017, MITRE developed an APT3 Adversary Emulation Plan.(Citation: APT3 Adversary Emulation Plan)", | |
"x_mitre_version": "1.4", | |
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
} | |
] | |
} |