ioc[.]one - OSINT Cyber Threat Intelligence Database

JP-23-01 - Sustained activity by specific threat actors

Show in Graph

Common Information

Type	Value
UUID	1f0965cf-2778-44b4-8945-aedabe358465
Fingerprint	ba394ed52287a4ec079a117694f8bcdf1f2ce933dc1479c276967480e59c03de
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 15, 2023, 4:24 p.m.
Added to db	May 27, 2024, 3:48 p.m.
Last updated	Aug. 31, 2024, 8:33 a.m.
Headline	JP-23-01 - Sustained activity by specific threat actors
Title	JP-23-01 - Sustained activity by specific threat actors
Detected Hints/Tags/Attributes	189/3/73

Source URLs

	Redirection	Url
Details	Source	https://www.enisa.europa.eu/publications/sustained-activity-by-specific-threat-actors-joint-publication/@@download/fullReport

URL Provider

Details	Provider	Source level domain
Details	europa.eu	www.enisa.europa.eu

Attributes

Details	Type	#Events	Value
Details	Domain	261	blog.talosintelligence.com
Details	Domain	98	www.secureworks.com
Details	Domain	3	shared-public-reports.s3-eu-west-1.amazonaws.com
Details	Domain	12	www.verfassungsschutz.de
Details	Domain	15	www.intrinsec.com
Details	Domain	65	www.cert.ssi.gouv.fr
Details	Domain	2	pst.no
Details	Domain	2	supo.fi
Details	Domain	224	unit42.paloaltonetworks.com
Details	Domain	21	cyware.com
Details	Domain	123	www.reuters.com
Details	Domain	141	research.checkpoint.com
Details	Domain	57	www.ptsecurity.com
Details	Domain	34	www.enisa.europa.eu
Details	Domain	4127	github.com
Details	Domain	360	attack.mitre.org
Details	Domain	243	cert.europa.eu
Details	Domain	2	csirtsnetwork.eu
Details	Domain	3	www.cert.europa.eu
Details	File	2	apt27+turns+to+ransomware.pdf
Details	File	2	2022-01-26-cyberbrief.html
Details	File	3	brief.pdf
Details	File	141	www.cer
Details	File	2	certfr-2021-ioc-003.pdf
Details	File	2	certfr-2021-cti-013b.pdf
Details	File	2	007_kerberos_golden_ticket_protection_v1_4.pdf
Details	File	2	cert-eu-swp2019-001.pdf
Details	File	2	cert-eu_swp_17-002_lateral_movements.pdf
Details	File	2	cert-eu-swp2012-004.pdf
Details	File	2	earth-preta-spear-phishing-governments-worldwide.html
Details	File	2	tlp-white-cert-eu_security_guidance-22-001_v1_0.pdf
Details	Github username	3	enisaeu
Details	Mandiant Temporary Group Assumption	7	TEMP.HIPPO
Details	Mandiant Temporary Group Assumption	35	TEMP.HEX
Details	Threat Actor Identifier - APT	297	APT27
Details	Threat Actor Identifier - APT	31	APT30
Details	Threat Actor Identifier - APT	166	APT31
Details	Threat Actor Identifier - APT	85	APT15
Details	Url	2	https://www.consilium.europa.eu/en/press/press-releases/2021/07/19/declaration-by-the-high-representative-on-
Details	Url	2	https://diplomatie.belgium.be/en/news/declaration-minister-foreign-affairs-malicious-cyber-activities
Details	Url	3	https://blog.talosintelligence.com/mustang-panda-targets-europe
Details	Url	2	https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-
Details	Url	3	https://www.secureworks.com/blog/bronze-president-targets-russian-speakers-with-updated-plugx
Details	Url	2	https://www.microsoft.com/en-us/security/blog/2021/12/06/nickel-targeting-government-organizations-across-latin-
Details	Url	2	https://cyware.com/research-and-analysis/apt27-an-in-depth-analysis-of-a-decade-old-active-chinese-threat-group-
Details	Url	2	https://shared-public-reports.s3-eu-west-1.amazonaws.com/apt27+turns+to+ransomware.pdf
Details	Url	2	https://www.verfassungsschutz.de/shareddocs/kurzmeldungen/de/2022/2022-01-26-cyberbrief.html
Details	Url	2	https://www.verfassungsschutz.de/shareddocs/publikationen/de/cyberabwehr/2022-01-bfv-cyber-
Details	Url	2	https://www.intrinsec.com/apt27-analysis/?cn
Details	Url	2	https://www.cert.ssi.gouv.fr/pdf/certfr-2021-ioc-003.pdf
Details	Url	2	https://pst.no/alle-artikler/pressemeldinger/etterforskningen-av-datanettverksoperasjonen-mot-
Details	Url	2	https://supo.fi/en/-/supo-identified-the-cyber-espionage-operation-against-the-parliament-as-apt31
Details	Url	2	https://www.cert.ssi.gouv.fr/uploads/certfr-2021-cti-013b.pdf
Details	Url	2	https://unit42.paloaltonetworks.com/pingpull-gallium
Details	Url	2	https://cyware.com/news/apt27-group-backdoors-mimi-chat-app-for-supply-chain-attack-eecc8010
Details	Url	2	https://www.reuters.com/article/iduskbn28q1db
Details	Url	2	https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers
Details	Url	2	https://research.checkpoint.com/2021/the-story-of-jian
Details	Url	2	https://unit42.paloaltonetworks.com/tiltedtemple-manageengine-servicedesk-plus
Details	Url	2	https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt31-cloud-attacks
Details	Url	2	https://www.enisa.europa.eu/publications/boosting-your-organisations-cyber-resilience
Details	Url	2	https://github.com/enisaeu/cnw#security
Details	Url	13	https://attack.mitre.org/groups
Details	Url	2	https://cert.europa.eu/static/whitepapers/updated%20-%20cert-eu_security_whitepaper_2014-
Details	Url	2	https://cert.europa.eu/static/whitepapers/cert-eu-swp2019-001.pdf
Details	Url	2	https://cert.europa.eu/static/whitepapers/cert-eu_swp_17-002_lateral_movements.pdf
Details	Url	2	https://cert.europa.eu/static/whitepapers/cert-eu-swp2012-004.pdf
Details	Url	2	https://csirtsnetwork.eu
Details	Url	2	https://www.trendmicro.com/en_us/research/22/k/earth-preta-spear-phishing-governments-worldwide.html
Details	Url	2	https://blogs.blackberry.com/en/2022/12/mustang-panda-uses-the-russian-ukrainian-war-to-attack-europe-and-asia-
Details	Url	2	https://www.enisa.europa.eu/securesme/cyber-tips/strengthen-technical-measures/secure-backups
Details	Url	2	https://www.cert.europa.eu/static/whitepapers/tlp-white-cert-eu_security_guidance-22-001_v1_0.pdf
Details	Url	2	https://www.enisa.europa.eu/publications/proactive-detection-measures-and-information-sources