This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
APT39: An Iranian Cyber | |
Espionage Group Focused on | |
Personal Information | |
January 29, 2019 | |
Sarah Hawley, Ben Read, Cristiana Brafman-Kittner, Nalani Fraser, Andrew | |
Thompson, Yuri Rozhansky, Sanaz Yashar | |
Original report available at https://www.fireeye.com/blog/threatresearch/2019/01/apt39-iranian-cyber-espionage-group-focused-onpersonal-information.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"type": "bundle", | |
"id": "bundle--0e62e126-f982-5be7-88d0-0d5366d37092", | |
"objects": [ | |
{ | |
"type": "x-mitre-tactic", | |
"spec_version": "2.1", | |
"id": "x-mitre-tactic--b977ad29-eb0c-5f09-bb2f-6d3f23e2a175", | |
"created_by_ref": "identity--8700e156-6ce9-5090-8589-f9d0aef7bdb7", | |
"created": "2024-03-13T00:00:00.000Z", |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"openapi": "3.0.3", | |
"info": { | |
"title": "ATT&CK Workbench REST API", | |
"version": "1.0.0" | |
}, | |
"servers": [{ | |
"url": "{protocol}://{hostname}:{port}/", | |
"variables": { | |
"protocol": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
id | count of objects containing this ref | id | attck id is linked to this many attck object | expected SROs arango_cti_processor_products | |
---|---|---|---|---|---|
T1001.002 | 1 | T1001.002 | 1 | 1 | |
T1003 | 1 | T1003 | 2 | 2 | |
T1005 | 4 | T1005 | 2 | 8 | |
T1007 | 1 | T1007 | 2 | 2 | |
T1012 | 1 | T1012 | 2 | 2 | |
T1014 | 1 | T1014 | 2 | 2 | |
T1016 | 1 | T1016 | 2 | 2 | |
T1018 | 1 | T1018 | 2 | 2 | |
T1021 | 1 | T1021 | 1 | 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
capec id | count of objects containing this ref | attck id is linked to this many attck object | count | expected SROs arango_cti_processor_products | |
---|---|---|---|---|---|
T1001.002 | 1 | T1001.002 | 1 | 1 | |
T1003 | 1 | T1003 | 2 | 2 | |
T1005 | 4 | T1005 | 2 | 8 | |
T1007 | 1 | T1007 | 2 | 2 | |
T1012 | 1 | T1012 | 2 | 2 | |
T1014 | 1 | T1014 | 2 | 2 | |
T1016 | 1 | T1016 | 2 | 2 | |
T1018 | 1 | T1018 | 2 | 2 | |
T1021 | 1 | T1021 | 1 | 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"id": "10296991-439b-4202-90a3-e38812613ad5", | |
"name": "Signals Corps", | |
"description": "Just some demo content", | |
"created": "2022-05-24T14:00:00.188Z", | |
"modified": "2022-05-24T14:00:00.188000+00:00", | |
"collections": [ | |
{ | |
"id": "x-mitre-collection--402e24b4-436e-4936-b19b-2038648f90", | |
"created": "2022-05-24T14:00:00.188Z", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"type": "bundle", | |
"id": "bundle--2c73efd0-2b59-4234-b3dc-2961f4b2e8e6", | |
"objects": [ | |
{ | |
"x_mitre_domains": [], | |
"object_marking_refs": [], | |
"type": "x-mitre-collection", | |
"id": "x-mitre-collection--e302a053-8f05-4992-8b11-3432b8894600", | |
"created": "2022-07-02T14:59:30.565Z", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
from stix2patterns.validator import run_validator | |
sys.setrecursionlimit(1500) | |
pattern = "([(software:cpe='cpe:2.3:o:hp:futuresmart_5:*:*:*:*:*:*:*:*') AND (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_5700_49k98a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_5700_6qn28a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_49l00a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_4y280a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_58m42a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_6qn33a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_49l00a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_4y280a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_58m42a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_6qn33a:-:*:*: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from stix2patterns.validator import run_validator | |
pattern = "[software:cpe='cpe:2.3:o:hp:futuresmart_5:*:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_5700_49k98a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_5700_6qn28a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_49l00a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_4y280a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_58m42a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_6qn33a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_49l00a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_4y280a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_58m42a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_6qn33a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:c |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FIREEYE ISIGHT INTELLIGENCE | |
APT28: | |
AT THE CENTER | |
OF THE STORIE | |
RUSSIA STRATEGICALLY EVOLVES | |
ITS CYBER OPERATIONS : | |
SPECIAL REPORT / JANUARY 2017 |
NewerOlder