Skip to content

Commit

Permalink
Merge pull request #865 from Delta-Sierra/main
Browse files Browse the repository at this point in the history
adding targeted sectors
  • Loading branch information
adulau authored Sep 15, 2023
2 parents f80bcdd + ac4d003 commit 458ae78
Show file tree
Hide file tree
Showing 3 changed files with 118 additions and 5 deletions.
2 changes: 1 addition & 1 deletion clusters/sector.json
Original file line number Diff line number Diff line change
Expand Up @@ -348,7 +348,7 @@
},
{
"uuid": "e07cd84c-1d66-4de3-8b93-15fa93f119cc",
"value": "engineering"
"value": "Engineering"
},
{
"uuid": "7508db07-ffd1-4137-9941-718f18370c4c",
Expand Down
20 changes: 19 additions & 1 deletion clusters/target-information.json
Original file line number Diff line number Diff line change
Expand Up @@ -958,10 +958,28 @@
"calling-code": [
"+267"
],
"capital": [
"Gaborone"
],
"currency": [
"Botswana pula",
"BWP"
],
"iso-code": [
"BW",
"BWA"
],
"official-languages": [
"English",
"Setswana"
],
"synonyms": [
"Republic of Botswana",
"Lefatshe la Botswana"
],
"territory-type": [
"Country"
],
"top-level-domain": ".bw"
},
"uuid": "b29dca55-6930-494e-ae8e-fe89e5317529",
Expand Down Expand Up @@ -8102,5 +8120,5 @@
"value": "Zimbabwe"
}
],
"version": 7
"version": 8
}
101 changes: 98 additions & 3 deletions clusters/threat-actor.json
Original file line number Diff line number Diff line change
Expand Up @@ -2982,6 +2982,11 @@
"https://www.kaspersky.com/blog/financial-trojans-2019/25690/",
"https://www.welivesecurity.com/2015/04/09/operation-buhtrap/",
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf"
],
"targeted-sector": [
"Bank",
"Payment",
"Finance"
]
},
"uuid": "b737c51f-b579-49d5-a907-743b2e6d03cb",
Expand All @@ -3002,6 +3007,11 @@
"synonyms": [
"FIN4",
"G0085"
],
"targeted-sector": [
"Health",
"Finance",
"Pharmacy"
]
},
"uuid": "ff449346-aa9f-45f6-b482-71e886a5cf57",
Expand All @@ -3020,7 +3030,10 @@
"description": "This group's activity was first observed in November 2013. It leverages a banking Trojan more commonly known as Shylock which aims to compromise online banking credentials and credentials related to Bitcoin wallets.",
"meta": {
"attribution-confidence": "50",
"country": "RU"
"country": "RU",
"targeted-sector": [
"Bank"
]
},
"uuid": "7dd7a8df-9012-4d14-977f-b3f9f71266b4",
"value": "SHARK SPIDER"
Expand All @@ -3032,6 +3045,10 @@
"country": "RU",
"refs": [
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
],
"targeted-sector": [
"Manufacturing",
"Industrial"
]
},
"uuid": "db774b7d-a0ee-4375-b24e-fd278f5ab2fd",
Expand Down Expand Up @@ -3264,6 +3281,10 @@
"APT-C-35",
"SectorE02",
"Orange Kala"
],
"targeted-sector": [
"Government, Administration",
"Security Service"
]
},
"related": [
Expand Down Expand Up @@ -3364,6 +3385,14 @@
"synonyms": [
"SyrianElectronicArmy",
"SEA"
],
"targeted-sector": [
"Country",
"Defense",
"Opposition",
"Political party",
"News - Media",
"Government, Administration"
]
},
"uuid": "4265d44e-8372-4ed0-b428-b331a5443d7d",
Expand Down Expand Up @@ -3403,6 +3432,11 @@
"TMP.Lapis",
"Green Havildar",
"COPPER FIELDSTONE"
],
"targeted-sector": [
"Activists",
"Civil society",
"Military"
]
},
"related": [
Expand Down Expand Up @@ -3447,6 +3481,12 @@
"synonyms": [
"FruityArmor",
"G0038"
],
"targeted-sector": [
"Activists",
"Dissidents",
"Journalist",
"Civil society"
]
},
"related": [
Expand Down Expand Up @@ -3516,6 +3556,10 @@
"G0040",
"Orange Athos",
"Thirsty Gemini"
],
"targeted-sector": [
"Finance",
"Diplomacy"
]
},
"related": [
Expand Down Expand Up @@ -3558,6 +3602,9 @@
"synonyms": [
"G0029",
"Golfing Taurus"
],
"targeted-sector": [
"Activists"
]
},
"related": [
Expand Down Expand Up @@ -3683,6 +3730,9 @@
"Sauron",
"Project Sauron",
"G0041"
],
"targeted-sector": [
"Intelligence"
]
},
"related": [
Expand Down Expand Up @@ -3727,6 +3777,9 @@
],
"synonyms": [
"G0036"
],
"targeted-sector": [
"Bank"
]
},
"related": [
Expand Down Expand Up @@ -3825,7 +3878,10 @@
"description": "Libyan Scorpions is a malware operation in use since September 2015 and operated by a politically motivated group whose main objective is intelligence gathering, spying on influentials and political figures and operate an espionage campaign within Libya.",
"meta": {
"attribution-confidence": "50",
"country": "LY"
"country": "LY",
"targeted-sector": [
"Intelligence"
]
},
"uuid": "815cbe98-e157-4078-9caa-c5a25dd64731",
"value": "Libyan Scorpions"
Expand Down Expand Up @@ -3911,6 +3967,15 @@
"ATK40",
"G0049",
"Evasive Serpens"
],
"targeted-sector": [
"Chemical",
"Energy",
"Engineering",
"Finance",
"Government, Administration",
"Telecoms",
"Other"
]
},
"related": [
Expand Down Expand Up @@ -4059,6 +4124,10 @@
],
"suspected-victims": [
"Ukraine"
],
"targeted-sector": [
"Think Tanks",
"Government, Administration"
]
},
"uuid": "3d5192f2-f235-46fd-aa68-dd00cc17d632",
Expand All @@ -4069,6 +4138,9 @@
"meta": {
"refs": [
"https://blogs.technet.microsoft.com/mmpc/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/"
],
"targeted-sector": [
"Energy"
]
},
"related": [
Expand Down Expand Up @@ -4194,6 +4266,11 @@
"meta": {
"refs": [
"https://citizenlab.ca/2015/12/packrat-report/"
],
"targeted-sector": [
"Activists",
"Journalist",
"Political party"
]
},
"uuid": "fe344665-d153-4d31-a32a-1509efde1ca7",
Expand Down Expand Up @@ -4242,6 +4319,10 @@
"synonyms": [
"Lion Soldiers Team",
"Phantom Turk"
],
"targeted-sector": [
"Government, Administration",
"News - Media"
]
},
"uuid": "23410d3f-c359-422d-9a4e-45f8fdf0c84a",
Expand Down Expand Up @@ -4383,6 +4464,13 @@
"https://unit42.paloaltonetworks.com/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/",
"https://threatpost.com/shamoon-collaborator-greenbug-adopts-new-communication-tool/125383/",
"https://www.clearskysec.com/greenbug/"
],
"targeted-sector": [
"Education",
"Energy",
"Investment",
"Aerospace",
"Government, Administration"
]
},
"related": [
Expand Down Expand Up @@ -4512,6 +4600,10 @@
"Operation Mermaid",
"Prince of Persia",
"Foudre"
],
"targeted-sector": [
"Activists",
"Civil society"
]
},
"uuid": "1671be1b-c844-48f5-84c8-54ac4fe4d71e",
Expand Down Expand Up @@ -4563,6 +4655,9 @@
"country": "UA",
"refs": [
"http://www.welivesecurity.com/2016/05/18/groundbait"
],
"targeted-sector": [
"Separatists"
]
},
"uuid": "8ed5e3f0-ed30-4eb8-bbee-4e221bd76d73",
Expand Down Expand Up @@ -11648,5 +11743,5 @@
"value": "MoustachedBouncer"
}
],
"version": 281
"version": 282
}

0 comments on commit 458ae78

Please sign in to comment.