Branch out Goblin Panda from Hellsing

2024-11-22 23:07:19 +00:00 · 2022-08-17 11:55:13 -07:00 · 2022-08-17 11:55:13 -07:00 · 53282255ce
commit 53282255ce
parent 3f50cf0175
1 changed files with 36 additions and 9 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -1139,15 +1139,7 @@
        "country": "CN",
        "refs": [
          "https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/",
-          "https://www.cfr.org/interactive/cyber-operations/hellsing",
-          "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-august-goblin-panda/",
-          "https://securelist.com/cycldek-bridging-the-air-gap/97157/",
-          "https://www.fortinet.com/blog/threat-research/cta-security-playbook--goblin-panda.html"
-        ],
-        "synonyms": [
-          "Goblin Panda",
-          "Conimes",
-          "Cycldek"
+          "https://www.cfr.org/interactive/cyber-operations/hellsing"
        ]
      },
      "uuid": "af482dde-9e47-48d5-9cb2-cf8f6d6303d3",
@ -9989,6 +9981,41 @@
      },
      "uuid": "d58030e2-5673-4836-9aff-ab6d55da0bc0",
      "value": "SLIME29"
+    },
+    {
+      "description": "Goblin Panda is one of a handful of elite Chinese advanced persistent threat (APT) groups. Most Chinese APTs target the United States and NATO, but Goblin Panda focuses primarily on Southeast Asia.",
+      "meta": {
+        "attribution-confidence": "75",
+        "cfr-suspected-state-sponsor": "China",
+        "cfr-suspected-victims": [
+          "Malaysia",
+          "India",
+          "Indonesia",
+          "Japan",
+          "Philippines",
+          "Southeast Asia",
+          "South Korea",
+          "Vietnam"
+        ],
+        "cfr-target-category": [
+          "Private Sector"
+        ],
+        "country": "CN",
+        "refs": [
+          "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-august-goblin-panda/",
+          "https://securelist.com/cycldek-bridging-the-air-gap/97157/",
+          "https://www.fortinet.com/blog/threat-research/cta-security-playbook--goblin-panda.html",
+          "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf",
+          "https://cyberthreat.thalesgroup.com/sites/default/files/2022-05/THALES%20THREAT%20HANDBOOK%202022%20Light%20Version_1.pdf"
+        ],
+        "synonyms": [
+          "Conimes",
+          "Cycldek",
+          "ATK78"
+        ]
+      },
+      "uuid": "8d73715a-8bbd-4eaa-ae24-2f1b1c84cf21",
+      "value": "Goblin Panda"
    }
  ],
  "version": 239