Threat Group Cards: a Threat Actor Encyclopedia

Total Page:16

File Type:pdf, Size:1020Kb

Threat Group Cards: a Threat Actor Encyclopedia THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA Compiled by ThaiCERT a member of the Electronic Transactions Development Agency TLP:WHITE Version 1.01 (19 June 2019) Threat Group Cards: A Threat Actor Encyclopedia Contents Introduction ............................................................................................................................................................................ 8 Approach ........................................................................................................................................................................... 8 Legal Notice ...................................................................................................................................................................... 9 Acknowledgements .......................................................................................................................................................... 9 Advanced Persistent Threat (APT) Groups .................................................................................................................... 10 Anchor Panda, APT 14 .................................................................................................................................................. 11 Allanite ............................................................................................................................................................................. 12 APT 3, Gothic Panda, Buckeye .................................................................................................................................... 13 APT 5 ............................................................................................................................................................................... 15 APT 6 ............................................................................................................................................................................... 16 APT 12, Numbered Panda ............................................................................................................................................ 17 APT 16, SVCMONDR .................................................................................................................................................... 19 APT 17, Deputy Dog ...................................................................................................................................................... 20 APT 18, Dynamite Panda, Wekby ............................................................................................................................... 21 APT 19, C0d0so ............................................................................................................................................................. 22 APT 20, Violin Panda ..................................................................................................................................................... 23 APT 29, Cozy Bear, The Dukes ................................................................................................................................... 24 APT 30, Override Panda ............................................................................................................................................... 27 APT 32, OceanLotus, SeaLotus .................................................................................................................................. 29 APT 33, Elfin ................................................................................................................................................................... 33 Axiom, Group 72 ............................................................................................................................................................. 34 Bahamut........................................................................................................................................................................... 35 Barium .............................................................................................................................................................................. 37 Berserk Bear, Dragonfly 2.0 ......................................................................................................................................... 39 Blackgear ......................................................................................................................................................................... 40 BlackOasis....................................................................................................................................................................... 41 BlackTech ........................................................................................................................................................................ 42 Blind Eagle ...................................................................................................................................................................... 44 Blue Termite, Cloudy Omega ....................................................................................................................................... 45 Bookworm ........................................................................................................................................................................ 46 Bronze Butler, Tick ......................................................................................................................................................... 47 Buhtrap............................................................................................................................................................................. 48 Cadelle ............................................................................................................................................................................. 50 2 Threat Group Cards: A Threat Actor Encyclopedia Callisto Group ................................................................................................................................................................. 51 Carbanak, Anunak ......................................................................................................................................................... 52 Careto, The Mask ........................................................................................................................................................... 53 Chafer, APT 39 ............................................................................................................................................................... 54 Charming Kitten, Newscaster, NewsBeef .................................................................................................................. 56 Clever Kitten .................................................................................................................................................................... 58 Cobalt Group ................................................................................................................................................................... 59 Cold River ........................................................................................................................................................................ 62 Comment Crew, APT 1.................................................................................................................................................. 63 Confucius ......................................................................................................................................................................... 65 CopyKittens, Slayer Kitten ............................................................................................................................................ 66 Corkow, Metel ................................................................................................................................................................. 67 Covellite ........................................................................................................................................................................... 68 Cutting Kitten, TG-2889 ................................................................................................................................................. 69 Dark Caracal ................................................................................................................................................................... 71 DarkHotel ......................................................................................................................................................................... 72 DarkHydrus, LazyMeerkat ............................................................................................................................................ 74 Deep Panda, APT 26, Shell Crew, WebMasters, KungFu Kittens ......................................................................... 75 Desert Falcons ................................................................................................................................................................ 78 DNSpionage .................................................................................................................................................................... 80 Domestic Kitten ..............................................................................................................................................................
Recommended publications
  • Xbt.Doc.248.2.Pdf
    MAY 25, 2018 United States District Court Southern District of Florida Miami Division CASE NO. 1:17-CV-60426-UU ALEKSEJ GUBAREV, XBT HOLDING S.A., AND WEBZILLA, INC., PLAINTIFFS, VS BUZZFEED, INC. AND BEN SMITH, DEFENDANTS Expert report of Anthony J. Ferrante FTI Consulting, Inc. 4827-3935-4214v.1 0100812-000009 Table of Contents Table of Contents .............................................................................................................................................. 1 Qualifications ..................................................................................................................................................... 2 Scope of Assignment ......................................................................................................................................... 3 Glossary of Important Terms ............................................................................................................................. 4 Executive Summary ........................................................................................................................................... 7 Methodology ..................................................................................................................................................... 8 Technical Investigation ................................................................................................................................ 8 Investigative Findings .......................................................................................................................................
    [Show full text]
  • Sophocles, Ajax, Lines 1-171
    SophoclesFourTrag-00Bk Page 2 Thursday, July 26, 2007 3:56 PM Ajax: Cast of Characters ATHENA goddess of wisdom, craft, and strategy ODYSSEUS a Greek commander from Ithaca AJAX the son of Telamon and a Greek commander from Salamis CHORUS of Salaminian warriors TECMESSA a Phrygian captive, wife of Ajax MESSENGER from the Greek camp, loyal to Teucer TEUCER the half-brother of Ajax, son of Telamon and Hesione, a Trojan MENELAUS the youngest son of Atreus and a Greek commander from Sparta AGAMEMNON the eldest son of Atreus from Mycenae and the supreme commander of the Greeks at Troy Nonspeaking Roles EURYSACES the young son of Ajax and Tecmessa ATTENDANTS Casting In the original production at the Theatre of Dionysus, the division of roles between the three speaking actors may have been as follows: 1. Ajax, Agamemnon 2. Athena, Messenger, Teucer 3. Tecmessa, Menelaus, Odysseus After line 1168, a nonspeaking actor played the role of Tecmessa. This translation is based on a version developed by Peter Meineck for the Aquila Theatre Company in 1993 for a U.S. tour. The original cast included Donald T. Allen, Tony Longhurst, James Moriarty, Yasmin Sidhwa, and Andrew Tansey. Division of roles: The parts can also be divided as follows: (1) Ajax, Teucer; (2) Odysseus, Tecmessa; (3) Athena, Messenger, Menelaus, Agamemnon. 2 SophoclesFourTrag-00Bk Page 3 Thursday, July 26, 2007 3:56 PM Ajax SCENE: Night. The Greek camp at Troy. It is the ninth year of the Trojan War, after the death of Achilles. Odysseus is following tracks that lead him outside the tent of Ajax.
    [Show full text]
  • FPDL Annual Report – 2005
    PARTNERS FOUNDATION FOR LOCAL DEVELOPMENT - FPDL PART 2: ANNUAL REPORT 2005 2005 ACTIVITIES SUMMARY 2005 INTERNATIONAL PROGRAMS REGIONAL PROGRAM “WORKING TOGETHER” • Local Elected Leadership TOT, Sinaia, Romania • Building Capacity For Transparent Cities Manual Development and Expert Meeting for Training Manual field test, Iceland • Ethnic Diversity and Conflict Management- EDCM TOT • 8th Annual Trainers Meeting OTHER INTERNATIONAL PROGRAMS • Citizen Participation, USAID, IREX Project in Moldova o Visioning Conference o Communication and Facilitation Skills, o Advanced Facilitation and Communication o Conflict Management in Participatory Planning o Coalition Building and Advocacy Skills o Trainers’ Workshop • UN Habitat, SIRP Program in Serbia o Conflict Management Basic Skills, Karlovci, Serbia & Montenegro o Participatory Practices in Planning and Decision Making Processes, Grocka, Serbia & Montenegro o 3 new Brochures in the “30 minutes learning” series • Series of TOTs for GTZ Program - Promotion of Democratic Youth Culture in Serbia o Ethnic Diversity and Conflict Management, Novi Sad, Serbia & Montenegro o Participatory Planning, Novi Sad, Serbia & Montenegro • TOT with Pilot Workshop on Public Service Management, Ohrid, Macedonia • Advocacy and Minority Rights TOT, Sarajevo, Bosnia & Herzegovina • Assessing the Capacity of 5 NGOs from Republic of Moldova • Regional Workshop on TOOLKIT for Citizen Participation 2005 NATIONAL PROGRAMS • Supporting Romania’s Accession to EU • Capacity Building Program for Youth Serving NGOs in Romania
    [Show full text]
  • TOP SOVIET ERA EXPERIENCES in MOLDOVA Day 1: Arrival Day And
    TOP SOVIET ERA EXPERIENCES IN MOLDOVA DAY 1 Day 1: Arrival day and Chisinau city tour On arrival at Chisinau International Airport, you will be transferred to your accommodation in Chisinau. After settling in, you will enjoy the city tour of Chisinau. During the tour, you will discover the main historical and cultural sights such as the Nativity of Christ Cathedral, the Bell Tower, the Arch of Triumph, the Monument of Stephen the Great, etc. You will also see some soviet buildings and apartment blocks, such as Circus building, Romanita Collective Housing Tower, Library din Hol, Soviet Memorial to Communist Youth, Chisinau Hotel (an excellent example of Stalinist Empire style architecture), etc. After lunch, you will have an excursion at the Eternity Memorial Complex and the Military Museum. The Eternity Memorial Complex is a memorial located in Chisinau dedicated to soviet soldiers who died in the battles of the Second World War. The Military Museum has displays of Moldova's past military campaigns and, in a park outside, a small open-air military exhibition displaying Soviet- made tanks, fighter planes and other military toys inherited by Moldova's armed forces. Next, you will have an excursion at Chisinau Railway Station built on 15 August 1871. The 2nd World War destroyed the station building, as it was blown up by the Red army in 1941. It was partially restored in 1944, but air attacks destroyed it once again. In 1948, the station was rebuilt. In 1990 at the Station’s Square there was unveiled a temporary stone commemorating the Victims of Stalinist Repression and mass deportations in Soviet Moldova in 1940-1951 - the Train of Pain.
    [Show full text]
  • Tstable of Content
    ZZ LONDON INTERNATIONAL MODEL UNITED NATIONS 2017 North Atlantic Treaty Organization London International Model United Nations 18th Session | 2017 tsTable of Content 1 ZZ LONDON INTERNATIONAL MODEL UNITED NATIONS 2017 Table of Contents Table of Contents WELCOME TO THE NORTH ATLANTIC TREATY ORGANIZATION .............................................................. 3 INTRODUCTION TO THE COMMITTEE .................................................................................................................. 4 TOPIC A: FORMING A NATO STRATEGY IN CYBERSPACE ............................................................................. 5 INTRODUCTION ............................................................................................................................................................... 5 HISTORY OF THE PROBLEM ............................................................................................................................................. 6 Timeline of notable attacks ....................................................................................................................................... 7 1998 – 2001 “MOONLIGHT MAZE” ....................................................................................................................... 7 2005 – 2011 TITAN RAIN & BYZANTINE HADES .................................................................................................. 8 2007 Estonia DDoS Campaigns ...............................................................................................................................
    [Show full text]
  • Parker Review
    Ethnic Diversity Enriching Business Leadership An update report from The Parker Review Sir John Parker The Parker Review Committee 5 February 2020 Principal Sponsor Members of the Steering Committee Chair: Sir John Parker GBE, FREng Co-Chair: David Tyler Contents Members: Dr Doyin Atewologun Sanjay Bhandari Helen Mahy CBE Foreword by Sir John Parker 2 Sir Kenneth Olisa OBE Foreword by the Secretary of State 6 Trevor Phillips OBE Message from EY 8 Tom Shropshire Vision and Mission Statement 10 Yvonne Thompson CBE Professor Susan Vinnicombe CBE Current Profile of FTSE 350 Boards 14 Matthew Percival FRC/Cranfield Research on Ethnic Diversity Reporting 36 Arun Batra OBE Parker Review Recommendations 58 Bilal Raja Kirstie Wright Company Success Stories 62 Closing Word from Sir Jon Thompson 65 Observers Biographies 66 Sanu de Lima, Itiola Durojaiye, Katie Leinweber Appendix — The Directors’ Resource Toolkit 72 Department for Business, Energy & Industrial Strategy Thanks to our contributors during the year and to this report Oliver Cover Alex Diggins Neil Golborne Orla Pettigrew Sonam Patel Zaheer Ahmad MBE Rachel Sadka Simon Feeke Key advisors and contributors to this report: Simon Manterfield Dr Manjari Prashar Dr Fatima Tresh Latika Shah ® At the heart of our success lies the performance 2. Recognising the changes and growing talent of our many great companies, many of them listed pool of ethnically diverse candidates in our in the FTSE 100 and FTSE 250. There is no doubt home and overseas markets which will influence that one reason we have been able to punch recruitment patterns for years to come above our weight as a medium-sized country is the talent and inventiveness of our business leaders Whilst we have made great strides in bringing and our skilled people.
    [Show full text]
  • Gillian Bevan Is an Actor Who Has Played a Wide Variety of Roles in West End and Regional Theatre
    Gillian Bevan is an actor who has played a wide variety of roles in West End and regional theatre. Among these roles, she was Dorothy in the Royal Shakespeare Company revival of The Wizard of Oz, Mrs Wilkinson, the dance teacher, in the West End production of Billy Elliot, and Mrs Lovett in the West Yorkshire Playhouse production of Stephen Sondheim’s Sweeney Todd, the Demon Barber of Fleet Street. Gillian has regularly played roles in other Sondheim productions, including Follies, Merrily We Roll Along and Road Show, and she sang at the 80th birthday tribute concert of Company for Stephen Sondheim (Donmar Warehouse). Gillian spent three years with Alan Ayckbourn’s theatre-in-the-round in Scarborough, and her Shakespearian roles include Polonius (Polonia) in the Manchester Royal Exchange Theatre production of Hamlet (Autumn, 2014) with Maxine Peake in the title role. Gillian’s many television credits have included Teachers (Channel 4) in which she played Clare Hunter, the Headmistress, and Holby City (BBC1) in which she gave an acclaimed performance as Gina Hope, a sufferer from Motor Neurone Disease, who ends her own life in an assisted suicide clinic. During the early part of 2014, Gillian completed filming London Road, directed by Rufus Norris, the new Artistic Director of the National Theatre. In the summer of 2014 Gillian played the role of Hera, the Queen of the Gods, in The Last Days of Troy by the poet and playwright Simon Armitage. The play, a re-working of The Iliad, had its world premiere at the Manchester Royal Exchange Theatre and then transferred to Shakespeare’s Globe Theatre, London.
    [Show full text]
  • The Iranian Cyber Threat
    The Iranian Cyber Threat May 2021 0 Contents Introduction .............................................................................................................................................. 2 Cyber Retaliation ..................................................................................................................................... 2 Iran’s National Security Strategy .............................................................................................................. 4 Laying the Groundwork ........................................................................................................................... 5 Structure ................................................................................................................................................... 5 Defense ................................................................................................................................................... 6 Offense .................................................................................................................................................... 6 History of Iranian Cyber Attacks and Incidents ........................................................................................... 7 The Attacks .............................................................................................................................................. 8 Iranian Cyber Army .................................................................................................................................
    [Show full text]
  • The Most Common Blunder People Make When the Topic of a Computer Virus Arises Is to Refer to a Worm Or Trojan Horse As a Virus
    Trojan And Email Forging 1) Introduction To Trojan&viruses: A Trojan horse, or Trojan, in computing is a generally non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm. The term is derived from the story of the wooden horse used to trick defenders of Troy into taking concealed warriors into their city in ancient Anatolia, because computer Trojans often employ a form of social engineering, presenting themselves as routine, useful, or interesting in order to persuade victims to install them on their computers.[1][2][3][4][5] A Trojan often acts as a backdoor, contacting a controller which can then have unauthorized access to the affected computer.[6] While Trojans and backdoors are not easily detectable by themselves, computers may appear to run slower due to heavy processor or network usage. Malicious programs are classified as Trojans if they do not attempt to inject themselves into other files (computer virus) or otherwise propagate themselves (worm).[7] A computer may host a Trojan via a malicious program a user is duped into executing (often an e-mail attachment disguised to be unsuspicious, e.g., a routine form to be filled in) or by drive-by download. The Difference Between a Computer Virus, Worm and Trojan Horse The most common blunder people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. One common mistake that people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus.
    [Show full text]
  • View Final Report (PDF)
    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
    [Show full text]
  • GTC-ONE-Minute-Brief-117.Pdf
    Equity | Currencies & Commodities | Corporate & Global Economic News | Economic Calendar 16 September 2020 Economic and political news Key indices The National Economic Development and Labour Council (Nedlac) As at 15 1 Day 1 D % WTD % MTD % Prev. month YTD % chaired by President Cyril Ramaphosa has agreed to an economic recovery plan for South Africa (SA) and a social compact to mobilise Sept 2020 Chg Chg Chg Chg % Chg Chg JSE All Share 56130.78 -196.27 -0.35 0.08 1.18 -0.44 -1.67 funding to address Eskom's financial crisis. (ZAR) The Matjhabeng Municipality in Free State has agreed to hand over 139 JSE Top 40 (ZAR) 51795.70 -181.12 -0.35 0.16 1.11 -0.28 1.93 farms worth about ZAR2.5bn belonging to the administrative region as FTSE 100 (GBP) 6105.54 79.29 1.32 1.22 2.38 1.12 -19.05 security on the ZAR3.4bn debt it owes to Eskom. DAX 30 (EUR) 13217.67 24.01 0.18 0.11 2.10 5.13 -0.24 According to the Automobile Association (AA), petrol price in SA will CAC 40 (EUR) 5067.93 16.05 0.32 0.67 2.44 3.42 -15.22 drop by between 26 cents and 36 cents per litre and diesel by 88 cents S&P 500 (USD) 3401.20 17.66 0.52 1.80 -2.83 7.01 5.27 per litre in October. Nasdaq 11190.32 133.67 1.21 3.10 -4.97 9.59 24.72 Democratic Alliance (DA) leader John Steenhuisen has requested Composite (USD) President Cyril Ramaphosa to end the curfew imposed in a bid to curb DJIA (USD) 27995.60 2.27 0.01 1.19 -1.53 7.57 -1.90 MSCI Emerging the spread of COVID-19, open all sectors of the South African economy, 1112.62 8.35 0.76 1.91 1.01 2.09 -0.18 and allow for international travel and reintroduce a normal school week.
    [Show full text]
  • How Superman Developed Into a Jesus Figure
    HOW SUPERMAN DEVELOPED INTO A JESUS FIGURE CRISIS ON INFINITE TEXTS: HOW SUPERMAN DEVELOPED INTO A JESUS FIGURE By ROBERT REVINGTON, B.A., M.A. A Thesis Submitted to the School of Graduate Studies in Partial Fulfillment of the Requirements for the Degree of Master of Arts McMaster University © Copyright by Robert Revington, September 2018 MA Thesis—Robert Revington; McMaster University, Religious Studies McMaster University MASTER OF ARTS (2018) Hamilton, Ontario, Religious Studies TITLE: Crisis on Infinite Texts: How Superman Developed into a Jesus Figure AUTHOR: Robert Revington, B.A., M.A (McMaster University) SUPERVISOR: Professor Travis Kroeker NUMBER OF PAGES: vi, 143 ii MA Thesis—Robert Revington; McMaster University, Religious Studies LAY ABSTRACT This thesis examines the historical trajectory of how the comic book character of Superman came to be identified as a Christ figure in popular consciousness. It argues that this connection was not integral to the character as he was originally created, but was imposed by later writers over time and mainly for cinematic adaptations. This thesis also tracks the history of how Christians and churches viewed Superman, as the film studios began to exploit marketing opportunities by comparing Superman and Jesus. This thesis uses the methodological framework of intertextuality to ground its treatment of the sources, but does not follow all of the assumptions of intertextual theorists. iii MA Thesis—Robert Revington; McMaster University, Religious Studies ABSTRACT This thesis examines the historical trajectory of how the comic book character of Superman came to be identified as a Christ figure in popular consciousness. Superman was created in 1938, but the character developed significantly from his earliest incarnations.
    [Show full text]