From 8d2b9537f1c415adbd04161a67fd8456b3155367 Mon Sep 17 00:00:00 2001 From: Tobias Mainka Date: Wed, 19 Apr 2023 12:38:37 +0200 Subject: [PATCH] replace "sector" tag with "country" for matching data. this allows to be confirm with existing clusters. --- clusters/microsoft-activity-group.json | 88 +++++++++++++------------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/clusters/microsoft-activity-group.json b/clusters/microsoft-activity-group.json index 1cf8757..9a46090 100644 --- a/clusters/microsoft-activity-group.json +++ b/clusters/microsoft-activity-group.json @@ -325,7 +325,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "China", + "country": "CN", "synonyms": [ "APT41", "BARIUM" @@ -339,7 +339,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "China", + "country": "CN", "synonyms": [ "CHROMIUM", "ControlX" @@ -353,7 +353,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "China", + "country": "CN", "synonyms": [ "DEV-0322" ] @@ -366,7 +366,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "China", + "country": "CN", "synonyms": [ "APT40", "GADOLINIUM", @@ -383,7 +383,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "China", + "country": "CN", "synonyms": [ "GALLIUM" ] @@ -396,7 +396,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "China", + "country": "CN", "synonyms": [ "DEV-0234" ] @@ -409,7 +409,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "China", + "country": "CN", "synonyms": [ "APT5", "Keyhole Panda", @@ -425,7 +425,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "China", + "country": "CN", "synonyms": [ "APT15", "NICKEL", @@ -441,7 +441,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "China", + "country": "CN", "synonyms": [ "APT30", "LotusBlossom", @@ -456,7 +456,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "China", + "country": "CN", "synonyms": [ "HAFNIUM" ] @@ -469,7 +469,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "China", + "country": "CN", "synonyms": [ "APT31", "ZIRCONIUM" @@ -669,7 +669,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Iran", + "country": "IR", "synonyms": [ "NEPTUNIUM", "Vice Leaker" @@ -683,7 +683,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Iran", + "country": "IR", "synonyms": [ "CURIUM", "TA456", @@ -698,7 +698,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Iran", + "country": "IR", "synonyms": [ "DEV-0228" ] @@ -711,7 +711,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Iran", + "country": "IR", "synonyms": [ "DEV-0343" ] @@ -724,7 +724,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Iran", + "country": "IR", "synonyms": [ "APT34", "Cobalt Gypsy", @@ -740,7 +740,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Iran", + "country": "IR", "synonyms": [ "Fox Kitten", "PioneerKitten", @@ -756,7 +756,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Iran", + "country": "IR", "synonyms": [ "MERCURY", "MuddyWater", @@ -773,7 +773,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Iran", + "country": "IR", "synonyms": [ "DEV-0500", "Moses Staff" @@ -787,7 +787,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Iran", + "country": "IR", "synonyms": [ "APT35", "Charming Kitten", @@ -802,7 +802,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Iran", + "country": "IR", "synonyms": [ "APT33", "HOLMIUM", @@ -817,7 +817,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Iran", + "country": "IR", "synonyms": [ "AMERICIUM", "Agrius", @@ -834,7 +834,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Iran", + "country": "IR", "synonyms": [ "DEV-0146", "ZeroCleare" @@ -848,7 +848,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Iran", + "country": "IR", "synonyms": [ "BOHRIUM" ] @@ -861,7 +861,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Lebanon", + "country": "LB", "synonyms": [ "POLONIUM" ] @@ -874,7 +874,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "North Korea", + "country": "KP", "synonyms": [ "Labyrinth Chollima", "Lazarus", @@ -889,7 +889,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "North Korea", + "country": "KP", "synonyms": [ "Kimsuky", "THALLIUM", @@ -904,7 +904,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "North Korea", + "country": "KP", "synonyms": [ "Konni", "OSMIUM" @@ -918,7 +918,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "North Korea", + "country": "KP", "synonyms": [ "LAWRENCIUM" ] @@ -931,7 +931,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "North Korea", + "country": "KP", "synonyms": [ "CERIUM" ] @@ -944,7 +944,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "North Korea", + "country": "KP", "synonyms": [ "BlueNoroff", "COPERNICIUM", @@ -959,7 +959,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "North Korea", + "country": "KP", "synonyms": [ "DEV-0530", "H0lyGh0st" @@ -1029,7 +1029,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Russia", + "country": "RU", "synonyms": [ "ACTINIUM", "Gamaredon", @@ -1045,7 +1045,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Russia", + "country": "RU", "synonyms": [ "DEV-0586" ] @@ -1058,7 +1058,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Russia", + "country": "RU", "synonyms": [ "APT28", "Fancy Bear", @@ -1073,7 +1073,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Russia", + "country": "RU", "synonyms": [ "BROMINE", "Crouching Yeti", @@ -1088,7 +1088,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Russia", + "country": "RU", "synonyms": [ "APT29", "Cozy Bear", @@ -1103,7 +1103,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Russia", + "country": "RU", "synonyms": [ "IRIDIUM", "Sandworm" @@ -1117,7 +1117,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Russia", + "country": "RU", "synonyms": [ "Callisto", "Reuse Team", @@ -1132,7 +1132,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Russia", + "country": "RU", "synonyms": [ "DEV-0665" ] @@ -1145,7 +1145,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "South Korea", + "country": "KR", "synonyms": [ "DUBNIUM", "Dark Hotel", @@ -1160,7 +1160,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Turkey", + "country": "TR", "synonyms": [ "SILICON", "Sea Turtle" @@ -1174,7 +1174,7 @@ "refs": [ "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" ], - "sector": "Vietnam", + "country": "VN", "synonyms": [ "APT32", "BISMUTH", @@ -1185,5 +1185,5 @@ "value": "Canvas Cyclone" } ], - "version": 12 + "version": 13 }