From 0cec882cc56f52cfb9b209a27c56b96768686fd4 Mon Sep 17 00:00:00 2001
From: Rony <rony_123@protonmail.ch>
Date: Wed, 17 Aug 2022 07:06:51 +0000
Subject: [PATCH] merge microcin/sixlittlemonkeys to vicious panda

---
 clusters/threat-actor.json | 28 ++++++++++------------------
 1 file changed, 10 insertions(+), 18 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index a665a51..d8d1850 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -5657,23 +5657,6 @@
       "uuid": "7d78ec00-dfdc-4a80-a4da-63f1ae63bd7f",
       "value": "MoneyTaker"
     },
-    {
-      "description": "We’re already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago – we named it ‘Microcin’ after microini, one of the malicious components used in it.",
-      "meta": {
-        "refs": [
-          "https://securelist.com/a-simple-example-of-a-complex-cyberattack/82636/",
-          "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170759/Microcin_Technical_4PDF_eng_final_s.pdf",
-          "https://securelist.com/apt-trends-report-q2-2019/91897/",
-          "https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia/",
-          "https://decoded.avast.io/luigicamastra/apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia/"
-        ],
-        "synonyms": [
-          "SixLittleMonkeys"
-        ]
-      },
-      "uuid": "0a6b31cd-54cd-4f82-9b87-aab780604632",
-      "value": "Microcin"
-    },
     {
       "description": "Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor, who at the time of writing is believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut. At present, we have knowledge of hundreds of gigabytes of exfiltrated data, in 21+ countries, across thousands of victims. Stolen data includes enterprise intellectual property and personally identifiable information.",
       "meta": {
@@ -9768,11 +9751,20 @@
         "country": "CN",
         "refs": [
           "https://securelist.com/microcin-is-here/97353",
+          "https://securelist.com/a-simple-example-of-a-complex-cyberattack/82636",
           "https://decoded.avast.io/luigicamastra/apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia",
           "https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia",
           "https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign",
           "https://unit42.paloaltonetworks.com/unit42-threat-actors-target-government-belarus-using-cmstar-trojan",
-          "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170759/Microcin_Technical_4PDF_eng_final_s.pdf"
+          "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170759/Microcin_Technical_4PDF_eng_final_s.pdf",
+          "https://securelist.com/a-simple-example-of-a-complex-cyberattack/82636",
+          "https://securelist.com/apt-trends-report-q2-2019/91897",
+          "https://securelist.com/apt-trends-report-q2-2020/97937",
+          "https://securelist.com/it-threat-evolution-q2-2020/98230",
+          "https://securelist.com/apt-trends-report-q3-2021/104708"
+        ],
+        "synonyms": [
+          "SixLittleMonkeys"
         ]
       },
       "uuid": "68d8c25b-8595-4c20-a5c7-a11a2a34b717",