add PwC naming to CN actors

2024-11-22 23:07:19 +00:00 · 2022-07-20 09:45:21 +05:30 · 2022-07-20 09:45:21 +05:30 · 2e8a577b0c
commit 2e8a577b0c
parent 3fabd58416
1 changed files with 20 additions and 14 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -651,9 +651,7 @@
          "Winnti Group",
          "Suckfly",
          "APT41",
-          "APT 41",
          "Group72",
-          "Group 72",
          "Blackfly",
          "LEAD",
          "WICKED SPIDER",
@ -897,7 +895,8 @@
          "DRAGONFISH",
          "BRONZE ELGIN",
          "ATK1",
-          "G0030"
+          "G0030",
+          "Red Salamander"
        ]
      },
      "related": [
@ -1409,7 +1408,9 @@
        "synonyms": [
          "IceFog",
          "Dagger Panda",
-          "Trident"
+          "Trident",
+          "RedFoxtrot",
+          "Red Wendigo"
        ]
      },
      "uuid": "32c534b9-abec-4823-b223-a810f897b47b",
@ -6327,8 +6328,12 @@
      "description": "Recorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. The campaigns, which we are collectively naming RedAlpha, combine light reconnaissance, selective targeting, and diverse malicious tooling. We discovered this activity as the result of pivoting off of a new malware sample observed targeting the Tibetan community based in India.",
      "meta": {
        "refs": [
-          "https://www.recordedfuture.com/redalpha-cyber-campaigns/",
+          "https://www.recordedfuture.com/chinese-cyberespionage-operations",
          "https://go.recordedfuture.com/hubfs/reports/cta-2018-0626.pdf"
+        ],
+        "synonyms": [
+          "DeepCliff",
+          "Red Dev 3"
        ]
      },
      "uuid": "71a3b962-9a36-11e8-88f8-b31d20c6fa2a",
@ -7425,7 +7430,8 @@
        "synonyms": [
          "ZIRCONIUM",
          "JUDGMENT PANDA",
-          "BRONZE VINEWOOD"
+          "BRONZE VINEWOOD",
+          "Red keres"
        ]
      },
      "uuid": "6bf7e6b6-5917-45a6-9567-f0baba79768c",
@ -7483,7 +7489,8 @@
          "Palmerworm",
          "G0098",
          "T-APT-03",
-          "Manga Taurus"
+          "Manga Taurus",
+          "Red Djinn"
        ]
      },
      "uuid": "320c42f7-eab7-4ef9-b09a-74396caa6c3e",
@ -7821,10 +7828,6 @@
        "country": "CN",
        "refs": [
          "https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology"
-        ],
-        "synonyms": [
-          "Temp.Hex",
-          "Vicious Panda"
        ]
      },
      "uuid": "5533d062-18ab-4c70-9472-0eac03f95a1d",
@ -8667,7 +8670,8 @@
        "synonyms": [
          "ATK233",
          "G0125",
-          "Operation Exchange Marauder"
+          "Operation Exchange Marauder",
+          "Red Dev 13"
        ]
      },
      "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",
@ -9722,13 +9726,15 @@
          "https://www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan",
          "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi",
          "https://media-exp1.licdn.com/dms/document/C561FAQHhWFRcWmdCPw/feedshare-document-pdf-analyzed/0/1639591145314?e=1658966400&v=beta&t=_uCcyEVg6b_VDiBTvWQIXtBOdQ1GQAAydqGyq62KA3E",
-          "https://www.sentinelone.com/wp-content/uploads/2021/08/SentinelOne_-SentinelLabs_ShadowPad_WP_V2.pdf"
+          "https://www.sentinelone.com/wp-content/uploads/2021/08/SentinelOne_-SentinelLabs_ShadowPad_WP_V2.pdf",
+          "https://www.pwc.co.uk/issues/cyber-security-services/research/chasing-shadows.html"
        ],
        "synonyms": [
          "CHROMIUM",
          "ControlX",
          "TAG-22",
-          "FISHMONGER"
+          "FISHMONGER",
+          "Red Dev 10"
        ]
      },
      "uuid": "39150b30-61af-4d9c-9682-1595e145f3c1",