{ "type": "bundle", "id": "bundle--0c271b3f-c1ed-462b-b68a-ca77aff04350", "spec_version": "2.0", "objects": [ { "modified": "2022-10-12T19:17:31.924Z", "name": "Operation Wocao", "description": "[Operation Wocao](https://attack.mitre.org/groups/G0116) described activities carried out by a China-based cyber espionage adversary. [Operation Wocao](https://attack.mitre.org/groups/G0116) targeted entities within the government, managed service providers, energy, health care, and technology sectors across several countries, including China, France, Germany, the United Kingdom, and the United States. [Operation Wocao](https://attack.mitre.org/groups/G0116) used similar TTPs and tools to APT20, suggesting a possible overlap.(Citation: FoxIT Wocao December 2019)", "aliases": [ "Operation Wocao" ], "x_mitre_deprecated": true, "x_mitre_version": "1.0", "x_mitre_contributors": [ "Erik Schamper, @Schamperr, Fox-IT", "Maarten van Dantzig, @MaartenVDantzig, Fox-IT" ], "type": "intrusion-set", "id": "intrusion-set--28f04ed3-8e91-4805-b1f6-869020517871", "created": "2020-11-17T20:33:44.273Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "revoked": false, "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/groups/G0116", "external_id": "G0116" }, { "source_name": "Operation Wocao", "description": "(Citation: FoxIT Wocao December 2019)" }, { "source_name": "FoxIT Wocao December 2019", "description": "Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China\u2019s hidden hacking groups. Retrieved October 8, 2020.", "url": "https://www.fox-it.com/media/kadlze5c/201912_report_operation_wocao.pdf" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "x_mitre_domains": [ "enterprise-attack" ], "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }