cti-ATT-CK-v13.1/enterprise-attack/intrusion-set/intrusion-set--0bbdf25b-30ff-4894-a1cd-49260d0dd2d9.json

{
    "type": "bundle",
    "id": "bundle--9e437a17-a0a8-449c-96cd-0b372efaa050",
    "spec_version": "2.0",
    "objects": [
        {
            "aliases": [
                "APT3",
                "Gothic Panda",
                "Pirpi",
                "UPS Team",
                "Buckeye",
                "Threat Group-0110",
                "TG-0110"
            ],
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "x_mitre_contributors": [
                "Patrick Sungbahadoor"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "id": "intrusion-set--0bbdf25b-30ff-4894-a1cd-49260d0dd2d9",
            "type": "intrusion-set",
            "created": "2017-05-31T21:31:55.853Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/groups/G0022",
                    "external_id": "G0022"
                },
                {
                    "source_name": "APT3",
                    "description": "(Citation: FireEye Clandestine Wolf) (Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)"
                },
                {
                    "source_name": "Gothic Panda",
                    "description": "(Citation: PWC Pirpi Scanbox) (Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)"
                },
                {
                    "source_name": "Pirpi",
                    "description": "(Citation: PWC Pirpi Scanbox)"
                },
                {
                    "source_name": "UPS Team",
                    "description": "(Citation: FireEye Clandestine Wolf) (Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)"
                },
                {
                    "source_name": "Buckeye",
                    "description": "(Citation: Symantec Buckeye)"
                },
                {
                    "source_name": "Threat Group-0110",
                    "description": "(Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)"
                },
                {
                    "source_name": "TG-0110",
                    "description": "(Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)"
                },
                {
                    "source_name": "FireEye Clandestine Wolf",
                    "description": "Eng, E., Caselden, D.. (2015, June 23). Operation Clandestine Wolf \u2013 Adobe Flash Zero-Day in APT3 Phishing Campaign. Retrieved January 14, 2016.",
                    "url": "https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html"
                },
                {
                    "source_name": "Recorded Future APT3 May 2017",
                    "description": "Insikt Group (Recorded Future). (2017, May 17). Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3. Retrieved June 18, 2017.",
                    "url": "https://www.recordedfuture.com/chinese-mss-behind-apt3/"
                },
                {
                    "url": "https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html",
                    "description": "Moran, N., et al. (2014, November 21). Operation Double Tap. Retrieved January 14, 2016.",
                    "source_name": "FireEye Operation Double Tap"
                },
                {
                    "source_name": "Symantec Buckeye",
                    "description": "Symantec Security Response. (2016, September 6). Buckeye cyberespionage group shifts gaze from US to Hong Kong. Retrieved September 26, 2016.",
                    "url": "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong"
                },
                {
                    "url": "https://attack.mitre.org/docs/APT3_Adversary_Emulation_Plan.pdf",
                    "description": "Korban, C, et al. (2017, September). APT3 Adversary Emulation Plan. Retrieved January 16, 2018.",
                    "source_name": "APT3 Adversary Emulation Plan"
                },
                {
                    "source_name": "PWC Pirpi Scanbox",
                    "description": "Lancaster, T. (2015, July 25). A tale of Pirpi, Scanbox & CVE-2015-3113. Retrieved March 30, 2016.",
                    "url": "http://pwc.blogs.com/cyber_security_updates/2015/07/pirpi-scanbox.html"
                }
            ],
            "modified": "2021-10-01T19:09:20.817Z",
            "name": "APT3",
            "description": "[APT3](https://attack.mitre.org/groups/G0022) is a China-based threat group that researchers have attributed to China's Ministry of State Security.(Citation: FireEye Clandestine Wolf)(Citation: Recorded Future APT3 May 2017) This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap.(Citation: FireEye Clandestine Wolf)(Citation: FireEye Operation Double Tap) As of June 2015, the group appears to have shifted from targeting primarily US victims to primarily political organizations in Hong Kong.(Citation: Symantec Buckeye)\n\nIn 2017, MITRE developed an APT3 Adversary Emulation Plan.(Citation: APT3 Adversary Emulation Plan)",
            "x_mitre_version": "1.4",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}