-
Notifications
You must be signed in to change notification settings - Fork 6
/
intrusion-set--1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1.json
118 lines (118 loc) · 5.33 KB
/
intrusion-set--1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
{
"x_mitre_version": "2.0",
"id": "intrusion-set--1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1",
"external_references": [
{
"source_name": "mitre-attack",
"external_id": "G0035",
"url": "https://attack.mitre.org/groups/G0035"
},
{
"source_name": "Dragonfly",
"description": "(Citation: Symantec Dragonfly)(Citation: Secureworks IRON LIBERTY July 2019)"
},
{
"source_name": "TG-4192",
"description": "(Citation: Secureworks IRON LIBERTY July 2019)"
},
{
"source_name": "Crouching Yeti",
"description": "(Citation: Secureworks IRON LIBERTY July 2019)"
},
{
"source_name": "IRON LIBERTY",
"description": "(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Secureworks MCMD July 2019)(Citation: Secureworks Karagany July 2019)"
},
{
"source_name": "Energetic Bear",
"description": "(Citation: Symantec Dragonfly)(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Secureworks MCMD July 2019)(Citation: Secureworks Karagany July 2019)"
},
{
"source_name": "Symantec Dragonfly",
"description": "Symantec Security Response. (2014, July 7). Dragonfly: Cyberespionage Attacks Against Energy Suppliers. Retrieved April 8, 2016.",
"url": "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf"
},
{
"source_name": "Secureworks IRON LIBERTY July 2019",
"description": "Secureworks. (2019, July 24). Resurgent Iron Liberty Targeting Energy Sector. Retrieved August 12, 2020.",
"url": "https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector"
},
{
"source_name": "Symantec Dragonfly Sept 2017",
"description": "Symantec Security Response. (2017, September 6). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved September 9, 2017.",
"url": "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
},
{
"source_name": "Fortune Dragonfly 2.0 Sept 2017",
"description": "Hackett, R. (2017, September 6). Hackers Have Penetrated Energy Grid, Symantec Warns. Retrieved June 6, 2018.",
"url": "http://fortune.com/2017/09/06/hack-energy-grid-symantec/"
},
{
"source_name": "Dragos DYMALLOY ",
"description": "Dragos. (n.d.). DYMALLOY. Retrieved August 20, 2020.",
"url": "https://www.dragos.com/threat/dymalloy/"
},
{
"source_name": "Secureworks MCMD July 2019",
"description": "Secureworks. (2019, July 24). MCMD Malware Analysis. Retrieved August 13, 2020.",
"url": "https://www.secureworks.com/research/mcmd-malware-analysis"
},
{
"source_name": "Secureworks Karagany July 2019",
"description": "Secureworks. (2019, July 24). Updated Karagany Malware Targets Energy Sector. Retrieved August 12, 2020.",
"url": "https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector"
}
],
"type": "intrusion-set",
"aliases": [
"Dragonfly",
"TG-4192",
"Crouching Yeti",
"IRON LIBERTY",
"Energetic Bear"
],
"modified": "2020-10-14T22:42:00.531Z",
"created": "2017-05-31T21:32:05.217Z",
"description": "[Dragonfly] Dragonfly is a cyber espionage group that has been active since at least 2011. They initially targeted defense and aviation companies but shifted to focus on the energy sector in early 2013. They have also targeted companies related to industrial control systems. (Citation: Symantec Dragonfly)(Citation: Secureworks IRON LIBERTY July 2019)\n\nA similar group emerged in 2015 and was identified by Symantec as [Dragonfly 2.0](https://attack.mitre.org/groups/G0074). There is debate over the extent of the overlap between [Dragonfly](https://attack.mitre.org/groups/G0035) and [Dragonfly 2.0](https://attack.mitre.org/groups/G0074), but there is sufficient evidence to lead to these being tracked as two separate groups. (Citation: Symantec Dragonfly Sept 2017)(Citation: Fortune Dragonfly 2.0 Sept 2017)(Citation: Dragos DYMALLOY )",
"created_by_ref": "The MITRE Corporation",
"name": "Dragonfly",
"attribution": "Russia",
"sophistication": "strategic",
"actor_type": "nation-state",
"sectors": [
"energy",
"manufacturing",
"pharmaceuticals",
"education",
"construction"
],
"target_locations": [
"United States",
"United Kingdom",
"Germany",
"Ireland",
"France",
"Spain",
"Portugal",
"Italy",
"Austria",
"Netherlands",
"Belgium",
"Norway",
"Denmark",
"Switzerland",
"Sweden"
],
"primary_motivation": [
"ideology"
],
"secondary_motivations": [
"dominance"
],
"goals": [
"manipulate other nation's economies",
"manipulate geopolitical siutations",
"display military prowess"
],
"first_seen": "2011"
}