{
    "type": "bundle",
    "id": "bundle--6bf4b3d6-7ad3-44b2-ae88-7dc8feca627e",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-04-05T16:50:07.875Z",
            "name": "C0021",
            "description": "[C0021](https://attack.mitre.org/campaigns/C0021) was a spearphishing campaign conducted in November 2018 that targeted public sector institutions, non-governmental organizations (NGOs), educational institutions, and private-sector corporations in the oil and gas, chemical, and hospitality industries. The majority of targets were located in the US, particularly in and around Washington D.C., with other targets located in Europe, Hong Kong, India, and Canada. [C0021](https://attack.mitre.org/campaigns/C0021)'s technical artifacts, tactics, techniques, and procedures (TTPs), and targeting overlap with previous suspected [APT29](https://attack.mitre.org/groups/G0016) activity.(Citation: Microsoft Unidentified Dec 2018)(Citation: FireEye APT29 Nov 2018)",
            "aliases": [
                "C0021"
            ],
            "first_seen": "2018-11-01T05:00:00.000Z",
            "last_seen": "2018-11-01T05:00:00.000Z",
            "x_mitre_first_seen_citation": "(Citation: FireEye APT29 Nov 2018)(Citation: Microsoft Unidentified Dec 2018)",
            "x_mitre_last_seen_citation": "(Citation: FireEye APT29 Nov 2018)(Citation: Microsoft Unidentified Dec 2018)",
            "x_mitre_deprecated": false,
            "x_mitre_version": "1.0",
            "type": "campaign",
            "id": "campaign--712e38c3-a656-426a-9b3b-a6bfb63294c6",
            "created": "2023-03-15T19:23:36.696Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/campaigns/C0021",
                    "external_id": "C0021"
                },
                {
                    "source_name": "FireEye APT29 Nov 2018",
                    "description": "Dunwoody, M., et al. (2018, November 19). Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign. Retrieved November 27, 2018.",
                    "url": "https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html"
                },
                {
                    "source_name": "Microsoft Unidentified Dec 2018",
                    "description": "Microsoft Defender Research Team. (2018, December 3). Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers. Retrieved April 15, 2019.",
                    "url": "https://www.microsoft.com/security/blog/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_attack_spec_version": "3.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_domains": [
                "enterprise-attack"
            ]
        }
    ]
}