From 416cd6706ae471ed8eab950c3d7769d032ff2c62 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 20 Oct 2023 12:00:48 +0200 Subject: [PATCH] fix: [threat-actor] JQ all the things + version updated --- clusters/threat-actor.json | 40 +++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index b1836dd..afb158a 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -213,11 +213,7 @@ "description": "Grayling activity was first observed in early 2023, when a number of victims were identified with distinctive malicious DLL side-loading activity. Grayling appears to target organisations in Asia, however one unknown organisation in the United States was also targeted. Industries targeted include Biomedical, Government and Information Technology. Grayling use a variety of tools during their attacks, including well known tools such as Cobalt Strike and Havoc and also some others.", "meta": { "attribution-confidence": "50", - "country": "CN", "cfr-suspected-state-sponsor": "China", - "refs": [ - "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks" - ], "cfr-suspected-victims": [ "Taiwan", "United States", @@ -228,6 +224,10 @@ "Biomedical", "Government", "Information technology" + ], + "country": "CN", + "refs": [ + "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks" ] }, "uuid": "6714de29-4dd8-463c-99a3-77c9e80fa47d", @@ -7554,6 +7554,21 @@ { "description": "Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.", "meta": { + "cfr-suspected-victims": [ + "Ecuador", + "Colombia", + "Spain", + "Panama", + "Chile" + ], + "cfr-target-category": [ + "Petroleum", + "Manufacturing", + "Financial", + "Private sector", + "Government" + ], + "cfr-type-of-incident": "Espionage", "refs": [ "https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/", "https://www.ecucert.gob.ec/wp-content/uploads/2022/03/alerta-APTs-2022-03-23.pdf", @@ -7563,21 +7578,6 @@ "https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/", "https://attack.mitre.org/groups/G0099/" ], - "cfr-suspected-victims": [ - "Ecuador", - "Colombia", - "Spain", - "Panama", - "Chile" - ], - "cfr-type-of-incident": "Espionage", - "cfr-target-category": [ - "Petroleum", - "Manufacturing", - "Financial", - "Private sector", - "Government" - ], "synonyms": [ "Blind Eagle" ] @@ -12049,5 +12049,5 @@ "value": "Void Rabisu" } ], - "version": 286 + "version": 287 }