khoicrtp
/

test_scratch

Model card Files Files and versions Community

test_scratch / cti-ATT-CK-v13.1 /enterprise-attack /intrusion-set /intrusion-set--222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f.json

khoicrtp

Upload 2298 files

5fe70fd over 1 year ago

raw

history blame

8.74 kB

	{
	"type": "bundle",
	"id": "bundle--602c8a34-63b8-41c2-ad3e-be26b5dd1917",
	"spec_version": "2.0",
	"objects": [
	{
	"modified": "2023-03-23T15:06:31.019Z",
	"name": "menuPass",
	"description": "[menuPass](https://attack.mitre.org/groups/G0045) is a threat group that has been active since at least 2006. Individual members of [menuPass](https://attack.mitre.org/groups/G0045) are known to have acted in association with the Chinese Ministry of State Security's (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company.(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)\n\n[menuPass](https://attack.mitre.org/groups/G0045) has targeted healthcare, defense, aerospace, finance, maritime, biotechnology, energy, and government sectors globally, with an emphasis on Japanese organizations. In 2016 and 2017, the group is known to have targeted managed IT service providers (MSPs), manufacturing and mining companies, and a university.(Citation: Palo Alto menuPass Feb 2017)(Citation: Crowdstrike CrowdCast Oct 2013)(Citation: FireEye Poison Ivy)(Citation: PWC Cloud Hopper April 2017)(Citation: FireEye APT10 April 2017)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)",
	"aliases": [
	"menuPass",
	"Cicada",
	"POTASSIUM",
	"Stone Panda",
	"APT10",
	"Red Apollo",
	"CVNX",
	"HOGFISH"
	],
	"x_mitre_deprecated": false,
	"x_mitre_version": "2.1",
	"x_mitre_contributors": [
	"Edward Millington",
	"Michael Cox"
	],
	"type": "intrusion-set",
	"id": "intrusion-set--222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f",
	"created": "2017-05-31T21:32:09.054Z",
	"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
	"revoked": false,
	"external_references": [
	{
	"source_name": "mitre-attack",
	"url": "https://attack.mitre.org/groups/G0045",
	"external_id": "G0045"
	},
	{
	"source_name": "HOGFISH",
	"description": "(Citation: Accenture Hogfish April 2018)"
	},
	{
	"source_name": "POTASSIUM",
	"description": "(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)"
	},
	{
	"source_name": "Stone Panda",
	"description": "(Citation: Palo Alto menuPass Feb 2017)(Citation: Accenture Hogfish April 2018)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)(Citation: Symantec Cicada November 2020)"
	},
	{
	"source_name": "APT10",
	"description": "(Citation: Palo Alto menuPass Feb 2017)(Citation: Accenture Hogfish April 2018)(Citation: FireEye APT10 Sept 2018)(Citation: DOJ APT10 Dec 2018)(Citation: Symantec Cicada November 2020)"
	},
	{
	"source_name": "menuPass",
	"description": "(Citation: Palo Alto menuPass Feb 2017)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)"
	},
	{
	"source_name": "Red Apollo",
	"description": "(Citation: PWC Cloud Hopper April 2017)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)"
	},
	{
	"source_name": "CVNX",
	"description": "(Citation: PWC Cloud Hopper April 2017)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)"
	},
	{
	"source_name": "Cicada",
	"description": "(Citation: Symantec Cicada November 2020)"
	},
	{
	"source_name": "Accenture Hogfish April 2018",
	"description": "Accenture Security. (2018, April 23). Hogfish Redleaves Campaign. Retrieved July 2, 2018.",
	"url": "http://web.archive.org/web/20220810112638/https:/www.accenture.com/t20180423T055005Z_w_/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf"
	},
	{
	"source_name": "Crowdstrike CrowdCast Oct 2013",
	"description": "Crowdstrike. (2013, October 16). CrowdCasts Monthly: You Have an Adversary Problem. Retrieved March 1, 2017.",
	"url": "https://www.slideshare.net/CrowdStrike/crowd-casts-monthly-you-have-an-adversary-problem"
	},
	{
	"source_name": "FireEye APT10 April 2017",
	"description": "FireEye iSIGHT Intelligence. (2017, April 6). APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat. Retrieved June 29, 2017.",
	"url": "https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html"
	},
	{
	"source_name": "FireEye Poison Ivy",
	"description": "FireEye. (2014). POISON IVY: Assessing Damage and Extracting Intelligence. Retrieved November 12, 2014.",
	"url": "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf"
	},
	{
	"source_name": "FireEye APT10 Sept 2018",
	"description": "Matsuda, A., Muhammad I. (2018, September 13). APT10 Targeting Japanese Corporations Using Updated TTPs. Retrieved September 17, 2018.",
	"url": "https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html"
	},
	{
	"source_name": "Palo Alto menuPass Feb 2017",
	"description": "Miller-Osborn, J. and Grunzweig, J.. (2017, February 16). menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations. Retrieved March 1, 2017.",
	"url": "http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/"
	},
	{
	"source_name": "PWC Cloud Hopper April 2017",
	"description": "PwC and BAE Systems. (2017, April). Operation Cloud Hopper. Retrieved April 5, 2017.",
	"url": "https://web.archive.org/web/20220224041316/https:/www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf"
	},
	{
	"source_name": "Symantec Cicada November 2020",
	"description": "Symantec. (2020, November 17). Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign. Retrieved December 17, 2020.",
	"url": "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage"
	},
	{
	"source_name": "DOJ APT10 Dec 2018",
	"description": "United States District Court Southern District of New York (USDC SDNY) . (2018, December 17). United States of America v. Zhu Hua and Zhang Shilong. Retrieved April 17, 2019.",
	"url": "https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion"
	},
	{
	"source_name": "District Court of NY APT10 Indictment December 2018",
	"description": "US District Court Southern District of New York. (2018, December 17). United States v. Zhu Hua Indictment. Retrieved December 17, 2020.",
	"url": "https://www.justice.gov/opa/page/file/1122671/download"
	}
	],
	"object_marking_refs": [
	"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
	],
	"x_mitre_domains": [
	"enterprise-attack"
	],
	"x_mitre_attack_spec_version": "3.1.0",
	"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
	}
	]
	}