diff options
Diffstat (limited to 'profiles.yaml')
-rw-r--r-- | profiles.yaml | 1588 |
1 files changed, 1588 insertions, 0 deletions
diff --git a/profiles.yaml b/profiles.yaml new file mode 100644 index 0000000..b9759c4 --- /dev/null +++ b/profiles.yaml @@ -0,0 +1,1588 @@ +# SPDX-License-Identifier: CC0-1.0 +# +# Copyright (C) 2024 Wojtek Kosior <koszko@koszko.org> +--- +# "targets" are countries, groups thereof or regions of Earth. Only to most +# often attacked ones are listed for each group. A country listed for one group +# may overlap with a region listed (for example: for APT12 we have "Taiwan" +# listed next to "East Asia +groups: + - name: admin@338 + origin: China + targets: + - where: HongKong + ref: china-based-threat + sectors: + - sector: defense + ref: rpt-poison-ivy + - sector: government + ref: rpt-poison-ivy + - sector: finance # "finance, economic and trade policy" in our source + ref: [rpt-poison-ivy, china-based-threat] + - sector: telecommunications/satellites # only "telecommunications" in our + # source + ref: rpt-poison-ivy + - sector: media + ref: china-based-threat + goals: + - goal: espionage + ref: china-based-threat + references: + - label: rpt-poison-ivy + URL: https://www.mandiant.com/sites/default/files/2021-09/rpt-poison-ivy.pdf + - label: china-based-threat + URL: https://cloud.google.com/blog/topics/threat-intelligence/china-based-threat/ + + - name: Agrius + origin: Iran + targets: + - where: Israel + ref: [evol-agrius, agrius-moneybird] + - where: Middle East + ref: evol-agrius + sectors: + - sector: education + ref: agrius-moneybird + - sector: insurance + ref: agrius-moneybird + goals: + - goal: espionage + ref: evol-agrius + - goal: disruption + ref: [evol-agrius, agrius-moneybird] + - goal: extortion + ref: [evol-agrius, agrius-moneybird] + references: + - label: evol-agrius + URL: https://assets.sentinelone.com/sentinellabs/evol-agrius + - label: agrius-moneybird + URL: https://research.checkpoint.com/2023/agrius-deploys-moneybird-in-targeted-attacks-against-israeli-organizations/ + + - name: ALLANITE + origin: Russia + targets: + - where: US + ref: dragos-allanite + - where: UK + ref: dragos-allanite + sectors: + - sector: energy # "electric utility" in our source + ref: dragos-allanite + goals: + - goal: espionage + ref: dragos-allanite + - goal: disruption + ref: dragos-allanite + references: + - label: dragos-allanite + URL: https://www.dragos.com/threat/allanite/ + + - name: Aoqin Dragon + origin: China + targets: + - where: East Asia # "southeast Asia" in the source + ref: aoqin-newly-discovered + - where: Australia + ref: aoqin-newly-discovered + sectors: + - sector: government + ref: aoqin-newly-discovered + - sector: education + ref: aoqin-newly-discovered + - sector: telecommunications/satellites # only "telecommunications" in our + # source + ref: aoqin-newly-discovered + goals: + - goal: espionage + ref: aoqin-newly-discovered + references: + - label: aoqin-newly-discovered + URL: https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/ + + - name: APT1 + origin: China + targets: + - where: US + ref: mandiant-apt1-report + sectors: + - sector: information technology + ref: mandiant-apt1-report + - sector: aerospace + ref: mandiant-apt1-report + - sector: public administration + ref: mandiant-apt1-report + - sector: public administration + ref: mandiant-apt1-report + - sector: telecommunications/satellites + ref: mandiant-apt1-report + - sector: scientific research and consulting + ref: mandiant-apt1-report + - sector: energy + ref: mandiant-apt1-report + - sector: transportation + ref: mandiant-apt1-report + - sector: construction/manufacturing # "construction and manufacturing" + # in our source + ref: mandiant-apt1-report + - sector: non-government organizations # "international organizations" in + # our source + ref: mandiant-apt1-report + - sector: engineering services + ref: mandiant-apt1-report + - sector: electronics + ref: mandiant-apt1-report + - sector: legal services + ref: mandiant-apt1-report + - sector: media # "media, advertising and entertainment" in our source + ref: mandiant-apt1-report + - sector: navigation + ref: mandiant-apt1-report + goals: + - goal: espionage + ref: mandiant-apt1-report + references: + - label: mandiant-apt1-report + ref: https://www.mandiant.com/sites/default/files/2021-09/mandiant-apt1-report.pdf + + - name: APT12 + origin: China + targets: + - where: East Asia + ref: microtrends-ixeshe + - where: Taiwan + ref: microtrends-ixeshe + sectors: + - sector: electronics + ref: microtrends-ixeshe + - sector: telecommunications/satellites # only "telecommunications" in our + # source + ref: microtrends-ixeshe + goals: + - goal: espionage + ref: mandiant-2014-report + references: + - label: mandiant-2014-report + URL: https://web.archive.org/web/20140913050920/https://dl.mandiant.com/EE/library/WP_M-Trends2014_140409.pdf + - label: microtrends-ixeshe # uses name "IXESHE" rather than "APT12" + URL: https://web.archive.org/web/20190808160128/https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf + + - name: APT16 + origin: China + targets: + - where: Taiwan + ref: the-eps-awakens + sectors: + # The source mentions more attacks but doesn't attribute them with + # certainty to APT16. + - sector: media # "media and entertainment" in our source + ref: the-eps-awakens + goals: + - goal: espionage + references: + - label: the-eps-awakens + URL: https://web.archive.org/web/20151226205946/https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html + + - name: APT17 + origin: China + targets: + - where: US + ref: apt17-report + sectors: + - sector: government + ref: apt17-report + - sector: defense + ref: apt17-report + - sector: information technology + ref: apt17-report + - sector: legal services # "law firms" in our source + ref: apt17-report + - sector: mining + ref: apt17-report + - sector: non-government organizations + ref: apt17-report + # No goals were explicitly named in our source. + references: + - label: apt17-report + URL: https://web.archive.org/web/20240119213200/https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf + + - name: APT18 + origin: China + targets: + - where: US + ref: bugcrowd-apt18 + sectors: + # Besides the ones below, our source also mentions "technology" and "high + # technology" which are to broad/ambigious for us to use here. + - sector: construction/manufacturing + ref: bugcrowd-apt18 + - sector: government + ref: bugcrowd-apt18 + - sector: medical # "healthcare" in our source + ref: bugcrowd-apt18 + - sector: defense + ref: bugcrowd-apt18 + - sector: telecommunications/satellites # only "telecommunications" in our + # source + ref: bugcrowd-apt18 + - sector: non-government organizations # "human rights groups" and + # "non-profit" in our source + ref: bugcrowd-apt18 + - sector: engineering services # "engineering" in our source + ref: bugcrowd-apt18 + - sector: energy + ref: bugcrowd-apt18 + - sector: education + ref: bugcrowd-apt18 + - sector: aerospace + ref: bugcrowd-apt18 + - sector: transportation + ref: bugcrowd-apt18 + - sector: biotechnology + ref: bugcrowd-apt18 + goals: + - goal: espionage + ref: bugcrowd-apt18 + references: + - label: bugcrowd-apt18 + URL: https://www.bugcrowd.com/glossary/apt18/ + + - name: APT19 + origin: China + targets: + - where: US # Forbes is an American magazine. + ref: darkreading-codoso-team + - where: Hong Kong # Forbes is also owned b a Hong Kong-based group. + ref: darkreading-codoso-team + sectors: + - sector: legal services # "legal" in our source + ref: fireeye-apt-groups + - sector: finance # "investment" in our source + ref: [fireeye-apt-groups, darkreading-codoso-team] + - sector: defense + ref: darkreading-codoso-team + - sector: dissident groups + ref: darkreading-codoso-team + - sector: medical # "pharmaceutical" in our source + ref: darkreading-codoso-team + - sector: energy + ref: darkreading-codoso-team + goals: + - goal: espionage + ref: darkreading-codoso-team + references: + - label: darkreading-codoso-team + URL: https://www.darkreading.com/cyberattacks-data-breaches/chinese-hacking-group-codoso-team-uses-forbes-com-as-watering-hole + + - name: APT28 + origin: Russia + targets: + - where: US + ref: mandiant-apt28 + - where: Europe + ref: [fireeye-apt-groups, mandiant-apt28] + - where: NATO + ref: fireeye-apt-groups + - where: former Soviet Union # "Caucasus" and "eastern European countries" + # in `fireeye-apt-groups' + ref: [fireeye-apt-groups, mandiant-apt28] + - where: Georgia + ref: fireeye-apt-groups + sectors: + - sector: defense # "militaries", "security organizations" and "defense + # firms" in our source + ref: fireeye-apt-groups + - sector: government + ref: mandiant-apt28 + - sector: dissident groups + ref: mandiant-apt28 + - sector: religious groups + ref: mandiant-apt28 + - sector: sport # the World Anti-Doping Agency + ref: mandiant-apt28 + goals: + - goal: espionage + ref: mandiant-apt28 + references: + - label: mandiant-apt28 + URL: https://www.mandiant.com/sites/default/files/2021-09/APT28-Center-of-Storm-2017.pdf + + - name: APT29 + origin: Russia + targets: + - where: US + ref: [eset-operation-ghost-dukes, cyber-case-study-solarwinds] + - where: Norway + ref: eset-operation-ghost-dukes + - where: Europe # 3 EU ministries and a Washington DC embassy + ref: eset-operation-ghost-dukes + sectors: + - sector: government + ref: eset-operation-ghost-dukes + - sector: drug dealers # a reuse of hacking tools… + ref: eset-operation-ghost-dukes + goals: + - goal: espionage + ref: [eset-operation-ghost-dukes, cyber-case-study-solarwinds] + references: + - label: eset-operation-ghost-dukes + URL: https://web-assets.esetstatic.com/wls/2019/10/ESET_Operation_Ghost_Dukes.pdf + - label: cyber-case-study-solarwinds + URL: https://ollisakersarney.com/wp-content/uploads/2021/10/Cyber_Case_Study_-_SolarWinds_Supply_Chain_Cyberattack.pdf + + - name: APT3 + origin: China + targets: + - where: US + ref: chinas-cyber-capabilities + - where: Germany # Siemens AG is a German company + ref: chinas-cyber-capabilities + sectors: + - sector: information technology + ref: chinas-cyber-capabilities + - sector: aerospace + ref: fireeye-apt-groups + - sector: defense + ref: fireeye-apt-groups + - sector: construction/manufacturing # "construction and engineering" in + # our source + ref: fireeye-apt-groups + - sector: telecommunications/satellites + ref: [fireeye-apt-groups, chinas-cyber-capabilities] + goals: + - goal: espionage + ref: chinas-cyber-capabilities + references: + - label: chinas-cyber-capabilities + URL: https://www.uscc.gov/sites/default/files/2022-11/Chapter_3_Section_2--Chinas_Cyber_Capabilities.pdf + + - name: APT30 + origin: China + targets: + - where: East Asia # Association of Southeast Asian Nations in our source + ref: fireeye-apt-groups + sectors: + - sector: government + ref: fireeye-apt30 + - sector: media + ref: fireeye-apt30 + goals: + - goal: espionage + ref: fireeye-apt30 + references: + - label: fireeye-apt30 + URL: https://scadahacker.com/library/Documents/Cyber_Events/Fireeye%20-%20APT30.pdf + + - name: APT33 + origin: Iran + sectors: + - sector: aerospace # "aviation" in `hivepro-apt33' + ref: [fireeye-apt-groups, hivepro-apt33] + - sector: energy + ref: [fireeye-apt-groups, hivepro-apt33] + - sector: construction/manufacturing # only "construction" in our source + ref: hivepro-apt33 + - sector: defense + ref: hivepro-apt33 + - sector: education + ref: hivepro-apt33 + - sector: finance + ref: hivepro-apt33 + - sector: medical # "healthcare" and "pharmaceutical" in our source + ref: hivepro-apt33 + - sector: government + ref: hivepro-apt33 + - sector: telecommunications/satellites + ref: hivepro-apt33 + goals: + - goal: espionage + ref: hivepro-apt33 + references: + - label: hivepro-apt33 + URL: https://www.hivepro.com/wp-content/uploads/2023/09/APT-33-Uses-Password-Spray-Campaigns-to-Infiltrate-Organizations_TA2023375.pdf + + - name: APT39 + origin: Iran + targets: + - where: US + ref: fireeye-apt39 + - where: Middle East + ref: fireeye-apt39 + sectors: + - sector: telecommunications/satellites # only "telecommunications" in our + # source + ref: fireeye-apt39 + - sector: travel + ref: fireeye-apt39 + - sector: government + ref: fireeye-apt39 + goals: + - goal: espionage + ref: fireeye-apt39 + references: + - label: fireeye-apt39 + URL: https://attack.mitre.org/docs/training-cti/FireEye%20APT39%20-%20original%20report.pdf + + - name: APT41 + origin: China + targets: + - where: East Asia + ref: rt-apt41-dual-operation + - where: US + ref: rt-apt41-dual-operation + - where: India + ref: rt-apt41-dual-operation + - where: Europe + ref: rt-apt41-dual-operation + - where: South Africa + ref: rt-apt41-dual-operation + sectors: + - sector: medical + ref: rt-apt41-dual-operation + - sector: telecommunications/satellites # only "telecommunications" in our + # source + ref: rt-apt41-dual-operation + - sector: education + ref: rt-apt41-dual-operation + - sector: travel + ref: rt-apt41-dual-operation + - sector: media + ref: rt-apt41-dual-operation + - sector: video games + ref: rt-apt41-dual-operation + - sector: information technology + ref: rt-apt41-dual-operation + - sector: retail + ref: rt-apt41-dual-operation + - sector: virtual currencies + ref: rt-apt41-dual-operation + goals: + - goal: rt-apt41-dual-operation + ref: expionage + - goal: rt-apt41-dual-operation + ref: financial theft + references: + - label: rt-apt41-dual-operation + URL: https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf + + # Going alphabetically, now we'd have APT5. It's been omitted because neither + # the NSA'a Threat Hunting Guidance[1] nor the description from + # ^[fireeye-apt-groups] actually state its origin. Some sources call it a + # Chinese group but those can be considered less reliable than these 2. + + - name: Aquatic Panda + origin: China + sectors: + - sector: education + ref: overwatch-exposes-aquatic-panda + - sector: telecommunications/satellites # only "telecommunications" in our + # source + ref: overwatch-exposes-aquatic-panda + - sector: government + ref: overwatch-exposes-aquatic-panda + goals: + - goal: espionage + ref: overwatch-exposes-aquatic-panda + references: + - label: overwatch-exposes-aquatic-panda + URL: https://www.crowdstrike.com/en-us/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/ + + - name: Axiom + origin: China + targets: + - where: Europe + ref: novetta-executive-summary + - where: East Asia + ref: novetta-executive-summary + - where: US + ref: novetta-executive-summary + sectors: + - sector: media # "journalists" in our source + ref: novetta-executive-summary + - sector: information technology # "software companies" in our source + ref: novetta-executive-summary + - sector: education + ref: novetta-executive-summary + - sector: government + ref: novetta-executive-summary + - sector: telecommunications + ref: novetta-executive-summary + - sector: non-government organizations + ref: novetta-executive-summary + goals: + - goal: espionage + ref: novetta-executive-summary + references: + - label: novetta-executive-summary + URL: https://web.archive.org/web/20230211014413/http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf + + - name: BackdoorDiplomacy + origin: China + targets: + - where: Middle East + ref: bitdefender-backdoordiplomacy + - where: Europe + ref: hivepro-backdoordiplomacy + - where: South Africa + ref: hivepro-backdoordiplomacy + - where: Namibia + ref: hivepro-backdoordiplomacy + - where: South Asia + ref: hivepro-backdoordiplomacy + sectors: + - sector: government + ref: hivepro-backdoordiplomacy + - sector: telecommunications/satellites # only "telecommunications" in our + # source + ref: hivepro-backdoordiplomacy + goals: + - goal: espionage + ref: bitdefender-backdoordiplomacy + references: + - label: bitdefender-backdoordiplomacy + URL: https://www.bitdefender.com/files/News/CaseStudies/study/426/Bitdefender-PR-Whitepaper-BackdoorDiplomacy-creat6507-en-EN.pdf + - label: hivepro-backdoordiplomacy + URL: https://www.hivepro.com/wp-content/uploads/2022/12/BackdoorDiplomacy-targets-the-telecom-industry-in-the-Middle-East_TA2022285.pdf + + - name: BlackTech + origin: China + targets: + - where: East Asia + ref: nnt-blacktech + - where: US + ref: nnt-blacktech + + goals: + - goal: espionage + ref: nnt-blacktech + references: + - label: csa-blacktech + URL: https://media.defense.gov/2023/Sep/27/2003309107/-1/-1/0/CSA_BLACKTECH_HIDE_IN_ROUTERS_TLP-CLEAR.PDF + - label: nnt-blacktech + URL: https://jp.security.ntt/resources/EN-BlackTech_2021.pdf + + - name: BRONZE BUTLER + origin: China + targets: + - where: Japan + ref: butler-targets-japanese + sectors: + - sector: government + ref: hivepro-butler + - sector: defense + ref: hivepro-butler + goals: + - goal: espionage + ref: butler-targets-japanese + references: + - label: butler-targets-japanese + URL: https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses + - label: hivepro-butler + URL: https://www.hivepro.com/wp-content/uploads/2023/03/TA2023135.pdf + + - name: Chimera + origin: China + targets: + - where: Taiwan + ref: cycraft-chimera + sectors: + - sector: electronics + ref: cycraft-chimera + goals: + - goal: espionage + ref: cycraft-chimera + references: + - label: cycraft-chimera + URL: https://uploads-ssl.webflow.com/6667e1c7aa0aa53cf61a022c/66bc65e430aa86747891a088_%5BTLP-White%5D20200415%20Chimera_V4.2.pdf + + - name: Cinnamon Tempest + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Cleaver + origin: Iran + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: CopyKittens + origin: Iran + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: CURIUM + origin: Iran + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: CyberAv3ngers + origin: Iran + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Daggerfly + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Deep Panda + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Dragonfly + origin: Russia + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: DragonOK + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Earth Lusca + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Elderwood + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Ember Bear + origin: Russia + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Ferocious Kittens + origin: Iran + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + + - name: Fox Kitten + origin: Iran + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Gallium + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Gamaredon Group + origin: Russia + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: HAFNIUM + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: IndigoZebra + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Indrik Spider + origin: Russia + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Ke3chang + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Lazarus Group + origin: North Korea + targets: + - where: South Korea + ref: trendmicro-lazarus + - where: US + ref: trendmicro-lazarus + - where: Vietnam + ref: trendmicro-lazarus + sectors: + - sector: government + ref: trendmicro-lazarus + - sector: finance + ref: trendmicro-lazarus + - sector: media + ref: trendmicro-lazarus + - sector: defense + ref: trendmicro-lazarus + goals: + - goal: espionage + ref: trendmicro-lazarus + - goal: disruption + ref: trendmicro-lazarus + - goal: extortion + ref: trendmicro-lazarus + - goal: financial theft + ref: trendmicro-lazarus + references: + - label: trendmicro-lazarus + URL: https://www.trendmicro.com/vinfo/nl/security/news/cybercrime-and-digital-threats/a-look-into-the-lazarus-groups-operations + + - name: Leafminer + origin: Iran + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Leviathan + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Lotus Blossom + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Magic Hound + origin: Iran + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: menuPass + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Moafee + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Mofang + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Moonstone Sleet + origin: North Korea + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Moses Staff + origin: Iran + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: MuddyWater + origin: Iran + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Mustang Panda + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Naikon + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Nomadic Octopus + origin: Russia + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: OilRig + origin: Iran + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: PittyTiger + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Putter Panda + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Saint Bear + origin: Russia + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Sandworm Team + origin: Russia + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Silent Librarian + origin: Iran + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Star Blizzard + origin: Russia + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Suckfly + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Threat Group-3390 + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Tonto Team + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Tropic Trooper + origin: China # mitre.org calls it unaffiliated but at least one of the + # sources calls it "China-backed" and its set of targets is + # consistent with that of other Chinese APTs. + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Turla + origin: Russia + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: UNC788 + origin: Iran + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Volt Typhoon + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Windshift + origin: Iran + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + - name: Winnti Group + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + + # Going alphabetically, now we'd have Winter Vivern. It's been omitted + # because there is no clue as to whether it is actually a Russian group or a + # Belorussian one. + + - name: ZIRCONIUM + origin: China + # targets: + # - where: + # ref: + # - where: + # ref: + # sectors: + # - sector: + # ref: + # - sector: + # ref: + # goals: + # - goal: + # ref: + # references: + # - label: + # URL: + +# Below we keep references that are used in profiles of multiple groups. +references: + label: fireeye-apt-groups + URL: https://web.archive.org/web/20180806122230/https://www.fireeye.com/current-threats/apt-groups.html#apt19 |