From 57a31fd60c1f49fe8885c03b07a7eadc225c15ea Mon Sep 17 00:00:00 2001 From: StefanKelm Date: Thu, 3 Sep 2020 14:44:10 +0200 Subject: [PATCH] Update threat-actor.json Lazarus, FIN7 --- clusters/threat-actor.json | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 4cb129d..dd2d3ff 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2811,14 +2811,16 @@ "https://threatpost.com/fileless-malware-campaigns-tied-to-same-attacker/124369/", "https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html", "https://www.fireeye.com/blog/threat-research/2017/05/fin7-shim-databases-persistence.html", - "http://blog.morphisec.com/fin7-attacks-restaurant-industry", + "https://blog.morphisec.com/fin7-attacks-restaurant-industry", "https://www.flashpoint-intel.com/blog/fin7-revisited-inside-astra-panel-and-sqlrat-malware/", - "http://blog.morphisec.com/fin7-attack-modifications-revealed", - "http://blog.morphisec.com/fin7-not-finished-morphisec-spots-new-campaign", + "https://blog.morphisec.com/fin7-attack-modifications-revealed", + "https://blog.morphisec.com/fin7-not-finished-morphisec-spots-new-campaign", "https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/", "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html", "https://attack.mitre.org/groups/G0046/", "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf", + "https://threatintel.blog/OPBlueRaven-Part1/", + "https://threatintel.blog/OPBlueRaven-Part2/", "https://www.secureworks.com/research/threat-profiles/gold-niagara" ], "synonyms": [ @@ -3077,6 +3079,7 @@ "https://threatpost.com/banco-de-chile-wiper-attack-just-a-cover-for-10m-swift-heist/132796/", "https://www.darkreading.com/attacks-breaches/north-korean-hacking-group-steals-$135-million-from-indian-bank-/d/d-id/1332678", "https://www.zdnet.com/article/north-korean-hackers-infiltrate-chiles-atm-network-after-skype-job-interview/", + "https://blogs.jpcert.or.jp/en/2020/08/Lazarus-malware.html", "https://www.secureworks.com/research/threat-profiles/nickel-gladstone" ], "synonyms": [ @@ -8336,5 +8339,5 @@ "value": "GALLIUM" } ], - "version": 174 + "version": 175 }