-
Notifications
You must be signed in to change notification settings - Fork 6
/
intrusion-set--0bbdf25b-30ff-4894-a1cd-49260d0dd2d9.json
111 lines (111 loc) · 4.91 KB
/
intrusion-set--0bbdf25b-30ff-4894-a1cd-49260d0dd2d9.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
{
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://attack.mitre.org/groups/G0022",
"external_id": "G0022"
},
{
"source_name": "APT3",
"description": "(Citation: FireEye Clandestine Wolf) (Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)"
},
{
"source_name": "Gothic Panda",
"description": "(Citation: PWC Pirpi Scanbox) (Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)"
},
{
"source_name": "Pirpi",
"description": "(Citation: PWC Pirpi Scanbox)"
},
{
"source_name": "UPS Team",
"description": "(Citation: FireEye Clandestine Wolf) (Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)"
},
{
"source_name": "Buckeye",
"description": "(Citation: Symantec Buckeye)"
},
{
"source_name": "Threat Group-0110",
"description": "(Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)"
},
{
"source_name": "TG-0110",
"description": "(Citation: Recorded Future APT3 May 2017) (Citation: Symantec Buckeye)"
},
{
"source_name": "FireEye Clandestine Wolf",
"description": "Eng, E., Caselden, D.. (2015, June 23). Operation Clandestine Wolf \u2013 Adobe Flash Zero-Day in APT3 Phishing Campaign. Retrieved January 14, 2016.",
"url": "https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html"
},
{
"source_name": "Recorded Future APT3 May 2017",
"description": "Insikt Group (Recorded Future). (2017, May 17). Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3. Retrieved June 18, 2017.",
"url": "https://www.recordedfuture.com/chinese-mss-behind-apt3/"
},
{
"url": "https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html",
"description": "Moran, N., et al. (2014, November 21). Operation Double Tap. Retrieved January 14, 2016.",
"source_name": "FireEye Operation Double Tap"
},
{
"url": "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong",
"description": "Symantec Security Response. (2016, September 6). Buckeye cyberespionage group shifts gaze from US to Hong Kong. Retrieved September 26, 2016.",
"source_name": "Symantec Buckeye"
},
{
"url": "https://attack.mitre.org/docs/APT3_Adversary_Emulation_Plan.pdf",
"description": "Korban, C, et al. (2017, September). APT3 Adversary Emulation Plan. Retrieved January 16, 2018.",
"source_name": "APT3 Adversary Emulation Plan"
},
{
"source_name": "PWC Pirpi Scanbox",
"description": "Lancaster, T. (2015, July 25). A tale of Pirpi, Scanbox & CVE-2015-3113. Retrieved March 30, 2016.",
"url": "http://pwc.blogs.com/cyber_security_updates/2015/07/pirpi-scanbox.html"
}
],
"description": "[APT3] is a China-based threat group that researchers have attributed to China's Ministry of State Security. (Citation: FireEye Clandestine Wolf) (Citation: Recorded Future APT3 May 2017) This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap. (Citation: FireEye Clandestine Wolf) (Citation: FireEye Operation Double Tap) As of June 2015, the group appears to have shifted from targeting primarily US victims to primarily political organizations in Hong Kong. (Citation: Symantec Buckeye)\n\nMITRE has also developed an APT3 Adversary Emulation Plan.(Citation: APT3 Adversary Emulation Plan)",
"name": "APT3",
"created_by_ref": "The MITRE Corporation",
"id": "intrusion-set--0bbdf25b-30ff-4894-a1cd-49260d0dd2d9",
"type": "intrusion-set",
"aliases": [
"APT3",
"Gothic Panda",
"Pirpi",
"UPS Team",
"Buckeye",
"Threat Group-0110",
"TG-0110"
],
"modified": "2020-03-30T01:47:03.155Z",
"created": "2017-05-31T21:31:55.853Z",
"x_mitre_version": "1.3",
"attribution": "China",
"sophistication": "strategic",
"actor_type": "nation-state",
"sectors": [
"aerospace",
"construction",
"defense",
"manufacturing",
"technology",
"telecommunications",
"transportation"
],
"target_locations": [
"Hong Kong",
"United States"
],
"primary_motivation": [
"dominance"
],
"secondary_motivations": [
"ideology",
"organizational gain"
],
"goals": [
"obtain state secrets"
],
"first_seen": "2010"
}