Threat Group Cards: A Threat Actor Encyclopedia

[Pages:275]THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA

Compiled by ThaiCERT a member of the Electronic Transactions Development Agency

TLP:WHITE Version 1.01 (19 June 2019)

Threat Group Cards: A Threat Actor Encyclopedia

Contents

Introduction............................................................................................................................................................................ 8 Approach ........................................................................................................................................................................... 8 Legal Notice ...................................................................................................................................................................... 9 Acknowledgements .......................................................................................................................................................... 9

Advanced Persistent Threat (APT) Groups.................................................................................................................... 10 Anchor Panda, APT 14.................................................................................................................................................. 11 Allanite ............................................................................................................................................................................. 12 APT 3, Gothic Panda, Buckeye.................................................................................................................................... 13 APT 5 ............................................................................................................................................................................... 15 APT 6 ............................................................................................................................................................................... 16 APT 12, Numbered Panda............................................................................................................................................ 17 APT 16, SVCMONDR.................................................................................................................................................... 19 APT 17, Deputy Dog ...................................................................................................................................................... 20 APT 18, Dynamite Panda, Wekby ............................................................................................................................... 21 APT 19, C0d0so ............................................................................................................................................................. 22 APT 20, Violin Panda..................................................................................................................................................... 23 APT 29, Cozy Bear, The Dukes ................................................................................................................................... 24 APT 30, Override Panda ............................................................................................................................................... 27 APT 32, OceanLotus, SeaLotus .................................................................................................................................. 29 APT 33, Elfin ................................................................................................................................................................... 33 Axiom, Group 72............................................................................................................................................................. 34 Bahamut........................................................................................................................................................................... 35 Barium .............................................................................................................................................................................. 37 Berserk Bear, Dragonfly 2.0 ......................................................................................................................................... 39 Blackgear......................................................................................................................................................................... 40 BlackOasis....................................................................................................................................................................... 41 BlackTech ........................................................................................................................................................................ 42 Blind Eagle ...................................................................................................................................................................... 44 Blue Termite, Cloudy Omega ....................................................................................................................................... 45 Bookworm........................................................................................................................................................................ 46 Bronze Butler, Tick ......................................................................................................................................................... 47 Buhtrap............................................................................................................................................................................. 48 Cadelle ............................................................................................................................................................................. 50 2

Threat Group Cards: A Threat Actor Encyclopedia

Callisto Group ................................................................................................................................................................. 51 Carbanak, Anunak ......................................................................................................................................................... 52 Careto, The Mask........................................................................................................................................................... 53 Chafer, APT 39 ............................................................................................................................................................... 54 Charming Kitten, Newscaster, NewsBeef .................................................................................................................. 56 Clever Kitten.................................................................................................................................................................... 58 Cobalt Group................................................................................................................................................................... 59 Cold River ........................................................................................................................................................................ 62 Comment Crew, APT 1.................................................................................................................................................. 63 Confucius......................................................................................................................................................................... 65 CopyKittens, Slayer Kitten ............................................................................................................................................ 66 Corkow, Metel ................................................................................................................................................................. 67 Covellite ........................................................................................................................................................................... 68 Cutting Kitten, TG-2889................................................................................................................................................. 69 Dark Caracal ................................................................................................................................................................... 71 DarkHotel......................................................................................................................................................................... 72 DarkHydrus, LazyMeerkat ............................................................................................................................................ 74 Deep Panda, APT 26, Shell Crew, WebMasters, KungFu Kittens ......................................................................... 75 Desert Falcons................................................................................................................................................................ 78 DNSpionage .................................................................................................................................................................... 80 Domestic Kitten............................................................................................................................................................... 81 Donot Team..................................................................................................................................................................... 82 DragonOK........................................................................................................................................................................ 83 DustSquad....................................................................................................................................................................... 84 Dust Storm....................................................................................................................................................................... 85 Elderwood, Sneaky Panda............................................................................................................................................ 86 El Machete....................................................................................................................................................................... 88 Energetic Bear, Dragonfly ............................................................................................................................................. 89 Equation Group............................................................................................................................................................... 92 Emissary Panda, APT 27, LuckyMouse, Bronze Union ........................................................................................... 94 FIN4, Wolf Spider ........................................................................................................................................................... 96 FIN5 .................................................................................................................................................................................. 97 FIN6, Skeleton Spider ................................................................................................................................................... 98 FIN7 .................................................................................................................................................................................. 99

3

Threat Group Cards: A Threat Actor Encyclopedia

FIN8 ................................................................................................................................................................................ 102 FIN10.............................................................................................................................................................................. 103 Flying Kitten, Ajax Security Team.............................................................................................................................. 104 Gallmaker ...................................................................................................................................................................... 105 Gamaredon Group ....................................................................................................................................................... 106 GCMAN.......................................................................................................................................................................... 107 GhostNet, Snooping Dragon ...................................................................................................................................... 108 Goblin Panda, Cycldek ................................................................................................................................................ 109 Goldmouse .................................................................................................................................................................... 110 Gorgon Group ............................................................................................................................................................... 111 GozNym ......................................................................................................................................................................... 113 Group5 ........................................................................................................................................................................... 114 Hidden Lynx, Aurora Panda........................................................................................................................................ 115 Honeybee ...................................................................................................................................................................... 117 Hurricane Panda, Zirconium, APT 31 ....................................................................................................................... 118 Icefog, Dagger Panda.................................................................................................................................................. 119 Inception Framework ................................................................................................................................................... 121 Infy, Prince of Persia.................................................................................................................................................... 123 Iridium............................................................................................................................................................................. 125 Ke3chang, Vixen Panda, APT 15, GREF, Playful Dragon..................................................................................... 126 Kimsuky, Velvet Chollima............................................................................................................................................ 128 Lazarus Group, Hidden Cobra, Labyrinth Chollima ................................................................................................ 129

Subgroup: Andariel, Silent Chollima...................................................................................................................... 134 Subgroup: Bluenoroff, APT 38, Stardust Chollima.............................................................................................. 135 Lead................................................................................................................................................................................ 137 Leafminer, Raspite ....................................................................................................................................................... 138 Leviathan, APT 40, TEMP.Periscope........................................................................................................................ 139 Longhorn, The Lamberts............................................................................................................................................. 141 Lotus Blossom, Spring Dragon .................................................................................................................................. 142 Lucky Cat....................................................................................................................................................................... 144 Lurk................................................................................................................................................................................. 145 Mabna Institutem, Silent Librarian ............................................................................................................................. 146 Madi ................................................................................................................................................................................ 147 Magic Hound, APT 35, Cobalt Gypsy, Rocket Kitten ............................................................................................. 148

4

Threat Group Cards: A Threat Actor Encyclopedia

Moafee ........................................................................................................................................................................... 151 Mofang ........................................................................................................................................................................... 152 Molerats, Extreme Jackal, Gaza Cybergang ........................................................................................................... 153 MoneyTaker .................................................................................................................................................................. 157 MuddyWater, Seedworm, TEMP.Zagros, Static Kitten .......................................................................................... 158 Mustang Panda............................................................................................................................................................. 161 Naikon, Lotus Panda ................................................................................................................................................... 162 Neodymium ................................................................................................................................................................... 164 NetTraveler, APT 21 .................................................................................................................................................... 165 Night Dragon ................................................................................................................................................................. 166 Nightshade Panda, APT 9, Group 27........................................................................................................................ 167 Nitro, Covert Grove ...................................................................................................................................................... 168 OilRig, APT 34, Helix Kitten........................................................................................................................................ 169

Subgroup: Greenbug ............................................................................................................................................... 173 Operation BugDrop ...................................................................................................................................................... 174 Operation Ghoul ........................................................................................................................................................... 175 Operation Groundbait .................................................................................................................................................. 176 Operation Parliament ................................................................................................................................................... 177 Operation Potao Express ............................................................................................................................................ 178 Orangeworm ................................................................................................................................................................. 179 PassCV .......................................................................................................................................................................... 180 Patchwork, Dropping Elephant................................................................................................................................... 181 Pirate Panda, APT 23, KeyBoy .................................................................................................................................. 183 PittyTiger, Pitty Panda ................................................................................................................................................. 184 Platinum ......................................................................................................................................................................... 186 Poseidon Group............................................................................................................................................................ 187 Promethium ................................................................................................................................................................... 188 Putter Panda, APT 2 .................................................................................................................................................... 189 Rancor............................................................................................................................................................................ 190 Reaper, APT 37, Ricochet Chollima.......................................................................................................................... 191 Roaming Tiger .............................................................................................................................................................. 194 RTM................................................................................................................................................................................ 195 Sandworm Team, Iron Viking, Voodoo Bear............................................................................................................ 196 Samurai Panda, APT 4................................................................................................................................................ 197

5

Threat Group Cards: A Threat Actor Encyclopedia

ScarCruft........................................................................................................................................................................ 198 Scarlet Mimic................................................................................................................................................................. 200 Sea Turtle ...................................................................................................................................................................... 201 Shadow Network .......................................................................................................................................................... 202 Silence ........................................................................................................................................................................... 203 Sima ............................................................................................................................................................................... 204 Slingshot ........................................................................................................................................................................ 205 Snake Wine ................................................................................................................................................................... 206 Snowglobe, Animal Farm ............................................................................................................................................ 207 Sofacy, APT 28, Fancy Bear, Sednit......................................................................................................................... 208 Sowbug .......................................................................................................................................................................... 216 Stalker Panda ............................................................................................................................................................... 217 Stealth Falcon, FruityArmor ........................................................................................................................................ 218 Stolen Pencil ................................................................................................................................................................. 219 Stone Panda, APT 10, menuPass ............................................................................................................................. 220 Strider, ProjectSauron ................................................................................................................................................. 223 Suckfly............................................................................................................................................................................ 224 TA459............................................................................................................................................................................. 225 TA505............................................................................................................................................................................. 226 Taidoor ........................................................................................................................................................................... 228 TeamSpy Crew ............................................................................................................................................................. 229 TeleBots......................................................................................................................................................................... 230 Temper Panda, admin@338 ...................................................................................................................................... 232 TEMP.Veles .................................................................................................................................................................. 233 Terbium .......................................................................................................................................................................... 234 Thrip ............................................................................................................................................................................... 235 Transparent Tribe, APT 36 ......................................................................................................................................... 236 Tropic Trooper .............................................................................................................................................................. 238 Turla, Waterbug, Venomous Bear ............................................................................................................................. 239 Urpage ........................................................................................................................................................................... 243 Volatile Cedar ............................................................................................................................................................... 244 Whitefly .......................................................................................................................................................................... 245 Wicked Spider, APT 22 ............................................................................................................................................... 246 Wild Neutron, Butterfly, Sphinx Moth ........................................................................................................................ 247

6

Threat Group Cards: A Threat Actor Encyclopedia

Winnti Group, Blackfly, Wicked Panda ..................................................................................................................... 249 WindShift ....................................................................................................................................................................... 251 [Unnamed group].......................................................................................................................................................... 252 Some Other Prolific Criminal Groups ............................................................................................................................ 253 Achilles........................................................................................................................................................................... 253 Dungeon Spider............................................................................................................................................................ 254 Fxmsp............................................................................................................................................................................. 255 Gnosticplayers .............................................................................................................................................................. 256 Gold Lowell, Boss Spider ............................................................................................................................................ 258 Grim Spider ................................................................................................................................................................... 259 Hacking Team............................................................................................................................................................... 260 Indrik Spider .................................................................................................................................................................. 261 Lunar Spider.................................................................................................................................................................. 262 Mummy Spider, TA542................................................................................................................................................ 263 Operation Comando..................................................................................................................................................... 264 OurMine ......................................................................................................................................................................... 265 Pacha Group ................................................................................................................................................................. 266 Pinchy Spider ................................................................................................................................................................ 267 Rocke ............................................................................................................................................................................. 268 Shadow Brokers ........................................................................................................................................................... 269 [Vault 7/8]....................................................................................................................................................................... 271 Wizard Spider ............................................................................................................................................................... 272 Zombie Spider............................................................................................................................................................... 273 APPENDIX: Sources Used ............................................................................................................................................. 274

7

Threat Group Cards: A Threat Actor Encyclopedia

Introduction

When analyzing security incidents we always face the question which adversary we are possibly dealing with and what we know about their prior engagements and TTP, to get a better understanding of how to approach and what else to look for. This document aims to create full profiles of all threat groups worldwide that have been identified with all research generously shared by anti-virus and security research organizations over the years. It can be used as "threat group cards", as the document title suggests, to have everything together in an elaborate profile for each threat group. All dates shown in the cards are the dates when the stated activities started, not necessarily when the reports about them came out. All information in this document comes from public sources (OSINT). The difficult part of attributing campaigns to actors has been done by those security research organizations as well. What makes this difficult is the fact that there may be some overlap between threat groups, where they share tools or people move between groups, or when groups suddenly change tactics or type of target. Not all groups have been publicly documented as well as others; most groups have remained rather obscure and, of course, not all individual campaigns resulted in public knowledge ? targeted companies usually don't welcome such exposure. As a National CERT, ThaiCERT has a strictly neutral role and everything collected in this document does in no way signify specific endorsements, placing blame on countries or taking sides. With that said, compiling this document has been a tremendously interesting journey into the dark world of cybercrime and the groups associated with it. Note: Users of the MISP can also use the MISP Threat Actor cluster (galaxy) located at

Approach

In order to obtain an initial set of actors, we perused the public archives from MISP, MITRE and the volunteer overview on Google Docs (resource 1-3 in the APPENDIX: Sources Used). Generally, those, as well as media reports about threats, tend to lump everything together as aliases or synonyms ? be it actual group names as tracked by research organizations, alleged (state) sponsor names, individual campaigns run by the group or specific pieces of malware used by the group. In this report, aliases are only listed as such if we could realistically determine it to be a fact, generally because we found which organization gave it that name. Everything else known about each actor has been split off into the relevant fields (sponsors, operations, tools). The next step was to search our Risk Intelligence archive and after that, using our favorite Internet search engine for any public news about each and every actor to find all their campaigns and other activities that have been discovered. Analysis of those (thousands of) reports created the total overview of all tools used and where this actor has been observed in terms of countries and sectors. Lastly, we went over the entire rich archive known as Malpedia to augment the set with malware names that had not appeared in the reports we saw. In each step we took great care to make sure only Open Source Intelligence appeared in this document.

8

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.