diff --git a/clusters/microsoft-activity-group.json b/clusters/microsoft-activity-group.json index 51a3d7c..375a2bd 100644 --- a/clusters/microsoft-activity-group.json +++ b/clusters/microsoft-activity-group.json @@ -343,10 +343,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "APT41", "BARIUM" @@ -357,10 +357,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "CHROMIUM", "ControlX" @@ -371,10 +371,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "DEV-0322" ] @@ -384,10 +384,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "APT40", "GADOLINIUM", @@ -401,10 +401,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "GALLIUM" ] @@ -414,10 +414,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "DEV-0234" ] @@ -427,10 +427,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "APT5", "Keyhole Panda", @@ -443,10 +443,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "APT15", "NICKEL", @@ -459,10 +459,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "APT30", "LotusBlossom", @@ -474,10 +474,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "HAFNIUM" ] @@ -487,10 +487,10 @@ }, { "meta": { + "country": "CN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "CN", "synonyms": [ "APT31", "ZIRCONIUM" @@ -687,10 +687,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "NEPTUNIUM", "Vice Leaker" @@ -701,10 +701,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "CURIUM", "TA456", @@ -716,10 +716,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "DEV-0228" ] @@ -729,10 +729,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "DEV-0343" ] @@ -742,10 +742,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "APT34", "Cobalt Gypsy", @@ -758,10 +758,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "Fox Kitten", "PioneerKitten", @@ -774,10 +774,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "MERCURY", "MuddyWater", @@ -791,10 +791,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "DEV-0500", "Moses Staff" @@ -805,10 +805,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "APT35", "Charming Kitten", @@ -820,10 +820,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "APT33", "HOLMIUM", @@ -835,10 +835,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "AMERICIUM", "Agrius", @@ -852,10 +852,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "DEV-0146", "ZeroCleare" @@ -866,10 +866,10 @@ }, { "meta": { + "country": "IR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "IR", "synonyms": [ "BOHRIUM" ] @@ -879,10 +879,10 @@ }, { "meta": { + "country": "LB", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "LB", "synonyms": [ "POLONIUM" ] @@ -892,10 +892,10 @@ }, { "meta": { + "country": "KP", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KP", "synonyms": [ "Labyrinth Chollima", "Lazarus", @@ -907,10 +907,10 @@ }, { "meta": { + "country": "KP", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KP", "synonyms": [ "Kimsuky", "THALLIUM", @@ -922,10 +922,10 @@ }, { "meta": { + "country": "KP", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KP", "synonyms": [ "Konni", "OSMIUM" @@ -936,10 +936,10 @@ }, { "meta": { + "country": "KP", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KP", "synonyms": [ "LAWRENCIUM" ] @@ -949,10 +949,10 @@ }, { "meta": { + "country": "KP", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KP", "synonyms": [ "CERIUM" ] @@ -962,10 +962,10 @@ }, { "meta": { + "country": "KP", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KP", "synonyms": [ "BlueNoroff", "COPERNICIUM", @@ -977,10 +977,10 @@ }, { "meta": { + "country": "KP", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KP", "synonyms": [ "DEV-0530", "H0lyGh0st" @@ -1047,10 +1047,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "ACTINIUM", "Gamaredon", @@ -1063,10 +1063,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "DEV-0586" ] @@ -1076,10 +1076,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "APT28", "Fancy Bear", @@ -1091,10 +1091,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "BROMINE", "Crouching Yeti", @@ -1106,10 +1106,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "APT29", "Cozy Bear", @@ -1121,10 +1121,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "IRIDIUM", "Sandworm" @@ -1135,10 +1135,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "Callisto", "Reuse Team", @@ -1150,10 +1150,10 @@ }, { "meta": { + "country": "RU", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "RU", "synonyms": [ "DEV-0665" ] @@ -1163,10 +1163,10 @@ }, { "meta": { + "country": "KR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "KR", "synonyms": [ "DUBNIUM", "Dark Hotel", @@ -1178,10 +1178,10 @@ }, { "meta": { + "country": "TR", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "TR", "synonyms": [ "SILICON", "Sea Turtle" @@ -1192,10 +1192,10 @@ }, { "meta": { + "country": "VN", "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "country": "VN", "synonyms": [ "APT32", "BISMUTH",