From 2e8a577b0ce8aa9ccc656ee9bf7238c544249b25 Mon Sep 17 00:00:00 2001 From: Rony Date: Wed, 20 Jul 2022 09:45:21 +0530 Subject: [PATCH] add PwC naming to CN actors --- clusters/threat-actor.json | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 81ffca6..0570929 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -651,9 +651,7 @@ "Winnti Group", "Suckfly", "APT41", - "APT 41", "Group72", - "Group 72", "Blackfly", "LEAD", "WICKED SPIDER", @@ -897,7 +895,8 @@ "DRAGONFISH", "BRONZE ELGIN", "ATK1", - "G0030" + "G0030", + "Red Salamander" ] }, "related": [ @@ -1409,7 +1408,9 @@ "synonyms": [ "IceFog", "Dagger Panda", - "Trident" + "Trident", + "RedFoxtrot", + "Red Wendigo" ] }, "uuid": "32c534b9-abec-4823-b223-a810f897b47b", @@ -6327,8 +6328,12 @@ "description": "Recorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. The campaigns, which we are collectively naming RedAlpha, combine light reconnaissance, selective targeting, and diverse malicious tooling. We discovered this activity as the result of pivoting off of a new malware sample observed targeting the Tibetan community based in India.", "meta": { "refs": [ - "https://www.recordedfuture.com/redalpha-cyber-campaigns/", + "https://www.recordedfuture.com/chinese-cyberespionage-operations", "https://go.recordedfuture.com/hubfs/reports/cta-2018-0626.pdf" + ], + "synonyms": [ + "DeepCliff", + "Red Dev 3" ] }, "uuid": "71a3b962-9a36-11e8-88f8-b31d20c6fa2a", @@ -7425,7 +7430,8 @@ "synonyms": [ "ZIRCONIUM", "JUDGMENT PANDA", - "BRONZE VINEWOOD" + "BRONZE VINEWOOD", + "Red keres" ] }, "uuid": "6bf7e6b6-5917-45a6-9567-f0baba79768c", @@ -7483,7 +7489,8 @@ "Palmerworm", "G0098", "T-APT-03", - "Manga Taurus" + "Manga Taurus", + "Red Djinn" ] }, "uuid": "320c42f7-eab7-4ef9-b09a-74396caa6c3e", @@ -7821,10 +7828,6 @@ "country": "CN", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology" - ], - "synonyms": [ - "Temp.Hex", - "Vicious Panda" ] }, "uuid": "5533d062-18ab-4c70-9472-0eac03f95a1d", @@ -8667,7 +8670,8 @@ "synonyms": [ "ATK233", "G0125", - "Operation Exchange Marauder" + "Operation Exchange Marauder", + "Red Dev 13" ] }, "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5", @@ -9722,13 +9726,15 @@ "https://www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan", "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi", "https://media-exp1.licdn.com/dms/document/C561FAQHhWFRcWmdCPw/feedshare-document-pdf-analyzed/0/1639591145314?e=1658966400&v=beta&t=_uCcyEVg6b_VDiBTvWQIXtBOdQ1GQAAydqGyq62KA3E", - "https://www.sentinelone.com/wp-content/uploads/2021/08/SentinelOne_-SentinelLabs_ShadowPad_WP_V2.pdf" + "https://www.sentinelone.com/wp-content/uploads/2021/08/SentinelOne_-SentinelLabs_ShadowPad_WP_V2.pdf", + "https://www.pwc.co.uk/issues/cyber-security-services/research/chasing-shadows.html" ], "synonyms": [ "CHROMIUM", "ControlX", "TAG-22", - "FISHMONGER" + "FISHMONGER", + "Red Dev 10" ] }, "uuid": "39150b30-61af-4d9c-9682-1595e145f3c1",