Skip to content

Commit

Permalink
Merge pull request #858 from danielplohmann/ref-update
Browse files Browse the repository at this point in the history
updating multiple references
  • Loading branch information
adulau authored Aug 16, 2023
2 parents 7462830 + e207218 commit a32b5eb
Showing 1 changed file with 16 additions and 16 deletions.
32 changes: 16 additions & 16 deletions clusters/threat-actor.json
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@
"attribution-confidence": "50",
"country": "CN",
"refs": [
"http://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Detecting-and-Responding-to-Pandas-and-Bears-Christopher-Scott-CrowdStrike-and-Wendi-Whitmore-IBM.pdf"
"https://dokumen.tips/documents/detecting-and-responding-pandas-and-bears.html"
]
},
"uuid": "7195b51f-500e-4034-a851-bf34a2728dc8",
Expand All @@ -187,7 +187,7 @@
"attribution-confidence": "50",
"country": "CN",
"refs": [
"http://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Detecting-and-Responding-to-Pandas-and-Bears-Christopher-Scott-CrowdStrike-and-Wendi-Whitmore-IBM.pdf"
"https://dokumen.tips/documents/detecting-and-responding-pandas-and-bears.html"
]
},
"uuid": "432b0304-768f-4fb9-9762-e745ef524ec7",
Expand Down Expand Up @@ -606,7 +606,7 @@
"https://www.bleepingcomputer.com/news/security/us-arrests-chinese-man-involved-with-sakula-malware-used-in-opm-and-anthem-hacks/",
"https://gizmodo.com/u-s-indicts-chinese-hacker-spies-in-conspiracy-to-stea-1830111695",
"https://www.cyberscoop.com/anthem-breach-indictment-chinese-national/",
"https://www-west.symantec.com/content/dam/symantec/docs/security-center/white-papers/black-vine-cyberespionage-group-15-en.pdf",
"https://docs.broadcom.com/doc/the-black-vine-cyberespionage-group",
"https://attack.mitre.org/groups/G0009/",
"https://www.secureworks.com/research/threat-profiles/bronze-firestone",
"https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks",
Expand Down Expand Up @@ -873,7 +873,7 @@
"https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf",
"https://web.archive.org/web/20140129192702/https://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
"https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/",
"https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/",
"https://www.bitdefender.com/files/News/CaseStudies/study/185/Bitdefender-Business-2017-WhitePaper-PZCHAO-crea2452-en-EN-GenericUse.pdf",
"https://www.cfr.org/interactive/cyber-operations/iron-tiger",
"https://www.bleepingcomputer.com/news/security/chinese-cyber-espionage-group-hacked-government-data-center/",
"https://www.secureworks.com/research/bronze-union",
Expand Down Expand Up @@ -1328,7 +1328,7 @@
"country": "CN",
"refs": [
"https://www.cfr.org/interactive/cyber-operations/sneaky-panda",
"https://www-west.symantec.com/content/dam/symantec/docs/security-center/white-papers/elderwood-project-12-en.pdf",
"https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=3b0d679a-3707-4075-a2a9-37d1af16d411&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments",
"https://attack.mitre.org/groups/G0066/"
],
"synonyms": [
Expand Down Expand Up @@ -1871,7 +1871,7 @@
"attribution-confidence": "50",
"country": "IR",
"refs": [
"http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
"https://web.archive.org/web/20161020180305/http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
"https://carnegieendowment.org/2018/01/04/iran-s-cyber-ecosystem-who-are-threat-actors-pub-75140"
],
"synonyms": [
Expand Down Expand Up @@ -2455,7 +2455,7 @@
"https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/",
"https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/",
"https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/",
"https://www-west.symantec.com/content/dam/symantec/docs/security-center/white-papers/waterbug-attack-group-16-en.pdf",
"https://docs.broadcom.com/doc/waterbug-attack-group",
"https://www.theguardian.com/technology/2014/aug/07/turla-hackers-spying-governments-researcher-kaspersky-symantec",
"https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/",
"https://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf",
Expand Down Expand Up @@ -2548,7 +2548,7 @@
"country": "RU",
"refs": [
"https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet",
"http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
"https://web.archive.org/web/20161020180305/http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
"https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf",
"http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans",
"https://threatpost.com/energy-watering-hole-attack-used-lightsout-exploit-kit/104772/",
Expand Down Expand Up @@ -2634,7 +2634,7 @@
"https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid",
"https://web.archive.org/web/20141016132823/https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks",
"https://ics.sans.org/blog/2015/12/30/current-reporting-on-the-cyber-attack-in-ukraine-resulting-in-power-outage",
"https://blog.trendmicro.com/trendlabs-security-intelligence/timeline-of-sandworm-attacks",
"https://web.archive.org/web/20141224060545/http://blog.trendmicro.com/trendlabs-security-intelligence/timeline-of-sandworm-attacks/",
"https://attack.mitre.org/groups/G0034",
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
"https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf",
Expand Down Expand Up @@ -3108,7 +3108,7 @@
"attribution-confidence": "50",
"country": "IN",
"refs": [
"https://kung_foo.keybase.pub/papers_and_presentations/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf",
"https://github.com/jack8daniels2/threat-INTel/blob/master/2013/Unveiling-an-Indian-Cyberattack-Infrastructure-appendixes.pdf",
"https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/",
"https://www.netscout.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia",
"https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china-en/",
Expand Down Expand Up @@ -4472,7 +4472,7 @@
"meta": {
"country": "RU",
"refs": [
"https://www.f-secure.com/documents/996508/1030745/callisto-group",
"https://web.archive.org/web/20170417102235/https://www.f-secure.com/documents/996508/1030745/callisto-group",
"https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe",
"https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe",
"https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
Expand Down Expand Up @@ -5024,7 +5024,7 @@
{
"meta": {
"refs": [
"https://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf"
"https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
]
},
"uuid": "7ad01582-d6a7-4a40-a0ee-7727e268cd15",
Expand Down Expand Up @@ -7236,7 +7236,7 @@
"refs": [
"https://ti.360.net/blog/articles/apt-c-27-(goldmouse):-suspected-target-attack-against-the-middle-east-with-winrar-exploit-en/",
"https://ti.360.net/blog/articles/analysis-of-apt-c-27/",
"https://www.pbwcz.cz/Reporty/20180723_CSE_APT27_Syria_v1.pdf"
"https://web.archive.org/web/20180827024318/http://csecybsec.com/download/zlab/20180723_CSE_APT27_Syria_v1.pdf"
],
"since": "2014",
"suspected-victims": [
Expand Down Expand Up @@ -9462,7 +9462,7 @@
"refs": [
"https://www.computerweekly.com/news/252471769/New-threat-group-behind-Airbus-cyber-attacks-claim-researchers",
"https://www.contextis.com/en/news/context-identifies-new-avivore-threat-group",
"https://www.contextis.com/en/blog/avivore"
"https://web.archive.org/web/20191208223958/https://www.contextis.com/en/blog/avivore"
]
},
"uuid": "8045fc09-13d6-4f90-b239-ed5060b9297b",
Expand Down Expand Up @@ -10167,7 +10167,7 @@
"https://www.secureworks.com/blog/supernova-web-shell-deployment-linked-to-spiral-threat-group",
"https://www.sentinelone.com/labs/solarwinds-understanding-detecting-the-supernova-webshell-trojan",
"https://us-cert.cisa.gov/ncas/analysis-reports/ar21-027a",
"https://us-cert.cisa.gov/ncas/analysis-reports/ar21-112"
"https://www.cisa.gov/news-events/analysis-reports/ar21-112a"
]
},
"uuid": "3f04dbbc-69bc-409b-82a1-6135f0b6a41c",
Expand Down Expand Up @@ -11487,5 +11487,5 @@
"value": "MoustachedBouncer"
}
],
"version": 277
"version": 278
}

0 comments on commit a32b5eb

Please sign in to comment.