diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 8e0af57..4ce3a2b 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -50,7 +50,7 @@ "https://www.fireeye.com/blog/threat-research/2014/03/a-detailed-examination-of-the-siesta-campaign.html", "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-oceansalt-delivers-wave-after-wave/", "https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf", - "https://www.symantec.com/connect/blogs/apt1-qa-attacks-comment-crew", + "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=f1265df5-6e5e-4fcc-9828-d4ddbbafd3d7&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://attack.mitre.org/groups/G0006/", "https://www.nytimes.com/2014/05/20/us/us-to-charge-chinese-workers-with-cyberspying.html" ], @@ -100,7 +100,7 @@ "attribution-confidence": "50", "country": "CN", "refs": [ - "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_nitro_attacks.pdf", + "https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2011/the_nitro_attacks.pdf", "https://unit42.paloaltonetworks.com/new-indicators-compromise-apt-group-nitro-uncovered/", "https://blog.trendmicro.com/trendlabs-security-intelligence/the-significance-of-the-nitro-attacks/" ], @@ -159,7 +159,7 @@ "meta": { "refs": [ "https://www.cylance.com/content/dam/cylance/pdfs/reports/Op_Dust_Storm_Report.pdf", - "https://www.symantec.com/connect/blogs/inside-back-door-attack", + "https://web.archive.org/web/20140816135909/https://www.symantec.com/connect/blogs/inside-back-door-attack", "https://attack.mitre.org/groups/G0031/" ] }, @@ -335,7 +335,7 @@ "country": "CN", "refs": [ "https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html", - "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong", + "https://web.archive.org/web/20160910124439/http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong", "https://www.cfr.org/interactive/cyber-operations/apt-3" ], "synonyms": [ @@ -503,11 +503,11 @@ "country": "CN", "refs": [ "http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html", - "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf", + "https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/hidden_lynx.pdf", "https://www.cfr.org/interactive/cyber-operations/apt-17", "https://www.carbonblack.com/2013/02/08/bit9-and-our-customers-security/", - "https://www.symantec.com/connect/blogs/security-vendors-take-action-against-hidden-lynx-malware", - "https://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire", + "https://web.archive.org/web/20141016080249/http://www.symantec.com/connect/blogs/security-vendors-take-action-against-hidden-lynx-malware", + "https://web.archive.org/web/20130920000343/https://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire", "https://www.recordedfuture.com/hidden-lynx-analysis/" ], "synonyms": [ @@ -739,7 +739,7 @@ "https://www.bleepingcomputer.com/news/security/us-arrests-chinese-man-involved-with-sakula-malware-used-in-opm-and-anthem-hacks/", "https://gizmodo.com/u-s-indicts-chinese-hacker-spies-in-conspiracy-to-stea-1830111695", "https://www.cyberscoop.com/anthem-breach-indictment-chinese-national/", - "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf", + "https://www-west.symantec.com/content/dam/symantec/docs/security-center/white-papers/black-vine-cyberespionage-group-15-en.pdf", "https://attack.mitre.org/groups/G0009/" ], "synonyms": [ @@ -1469,7 +1469,7 @@ "country": "CN", "refs": [ "https://www.cfr.org/interactive/cyber-operations/sneaky-panda", - "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf", + "https://www-west.symantec.com/content/dam/symantec/docs/security-center/white-papers/elderwood-project-12-en.pdf", "https://attack.mitre.org/groups/G0066/" ], "synonyms": [ @@ -1982,7 +1982,7 @@ "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html", "https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/", "https://www.brighttalk.com/webcast/10703/275683", - "https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage" + "https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage" ], "synonyms": [ "APT 33", @@ -2060,7 +2060,7 @@ "http://www.clearskysec.com/thamar-reservoir/", "https://citizenlab.ca/2015/08/iran_two_factor_phishing/", "https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf", - "https://www.symantec.com/connect/blogs/shamoon-multi-staged-destructive-attacks-limited-specific-targets", + "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=5758557d-6e3a-4174-90f3-fa92a712ecd9&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/", "https://en.wikipedia.org/wiki/Rocket_Kitten", "https://www.cfr.org/interactive/cyber-operations/rocket-kitten" @@ -2365,7 +2365,7 @@ "https://aptnotes.malwareconfig.com/web/viewer.html?file=../APTnotes/2014/apt28.pdf", "https://www.accenture.com/us-en/blogs/blogs-snakemackerel-delivers-zekapab-malware", "https://www.wired.com/story/russian-fancy-bears-hackers-release-apparent-ioc-emails/", - "https://www.symantec.com/blogs/election-security/apt28-espionage-military-government", + "https://symantec-blogs.broadcom.com/blogs/election-security/apt28-espionage-military-government", "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/", "https://unit42.paloaltonetworks.com/unit42-sofacy-attacks-multiple-government-entities/", "https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/", @@ -2552,7 +2552,7 @@ "https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/", "https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/", "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/", - "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf", + "https://www-west.symantec.com/content/dam/symantec/docs/security-center/white-papers/waterbug-attack-group-16-en.pdf", "https://www.theguardian.com/technology/2014/aug/07/turla-hackers-spying-governments-researcher-kaspersky-symantec", "https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/", "http://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf", @@ -2629,7 +2629,7 @@ "country": "RU", "refs": [ "http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/", - "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf", + "https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf", "http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans", "https://threatpost.com/energy-watering-hole-attack-used-lightsout-exploit-kit/104772/", "https://www.cfr.org/interactive/cyber-operations/crouching-yeti", @@ -2637,7 +2637,7 @@ "https://dragos.com/wp-content/uploads/CrashOverride-01.pdf", "https://www.independent.ie/irish-news/statesponsored-hackers-targeted-eirgrid-electricity-network-in-devious-attack-36005921.html", "https://www.riskiq.com/blog/labs/energetic-bear/", - "https://www.symantec.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks", + "https://symantec-blogs.broadcom.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks", "https://www.kaspersky.com/resource-center/threats/crouching-yeti-energetic-bear-malware-threat", "https://www.sans.org/reading-room/whitepapers/ICS/impact-dragonfly-malware-industrial-control-systems-36672", "https://attack.mitre.org/groups/G0035/", @@ -2694,7 +2694,7 @@ "https://www.us-cert.gov/ncas/alerts/TA17-163A", "https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid", "https://www.cfr.org/interactive/cyber-operations/black-energy", - "https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks", + "https://web.archive.org/web/20141016132823/https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks", "https://ics.sans.org/blog/2015/12/30/current-reporting-on-the-cyber-attack-in-ukraine-resulting-in-power-outage", "https://blog.trendmicro.com/trendlabs-security-intelligence/timeline-of-sandworm-attacks/", "https://attack.mitre.org/groups/G0034/" @@ -2796,7 +2796,7 @@ "https://en.wikipedia.org/wiki/Carbanak", "https://app.box.com/s/p7qzcury97tuwk26694uutujwqmwqyhe", "http://2014.zeronights.ru/assets/files/slides/ivanovb-zeronights.pdf", - "https://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks", + "https://web.archive.org/web/20161223002016/https://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks", "https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor", "https://www.icebrg.io/blog/footprints-of-fin7-tracking-actor-patterns", "https://www.crowdstrike.com/blog/arrests-put-new-focus-on-carbon-spider-adversary-group/", @@ -2894,7 +2894,7 @@ "refs": [ "https://www.welivesecurity.com/2015/11/11/operation-buhtrap-malware-distributed-via-ammyy-com/", "https://www.group-ib.com/brochures/gib-buhtrap-report.pdf", - "https://www.symantec.com/connect/blogs/russian-bank-employees-received-fake-job-offers-targeted-email-attack", + "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=8e498912-44f8-4ea0-ac50-4544f0fedd6c&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://www.forcepoint.com/blog/security-labs/highly-evasive-code-injection-awaits-user-interaction-delivering-malware", "https://www.kaspersky.com/blog/financial-trojans-2019/25690/", "https://www.welivesecurity.com/2015/04/09/operation-buhtrap/", @@ -3041,10 +3041,10 @@ "https://content.fireeye.com/apt/rpt-apt38", "https://blog.malwarebytes.com/threat-analysis/2019/03/the-advanced-persistent-threat-files-lazarus-group/", "https://www.theguardian.com/world/2009/jul/08/south-korea-cyber-attack", - "https://www.symantec.com/connect/blogs/trojankoredos-comes-unwelcomed-surprise", + "https://web.archive.org/web/20131123012339/https://www.symantec.com/connect/blogs/trojankoredos-comes-unwelcomed-surprise", "https://www.nytimes.com/2013/03/21/world/asia/south-korea-computer-network-crashes.html", - "https://www.symantec.com/connect/blogs/south-korean-financial-companies-targeted-castov", - "https://www.symantec.com/connect/blogs/four-years-darkseoul-cyberattacks-against-south-korea-continue-anniversary-korean-war", + "https://web.archive.org/web/20130607233212/https://www.symantec.com/connect/blogs/south-korean-financial-companies-targeted-castov", + "https://web.archive.org/web/20130701021735/https://www.symantec.com/connect/blogs/four-years-darkseoul-cyberattacks-against-south-korea-continue-anniversary-korean-war", "https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/the-hack-of-sony-pictures-what-you-need-to-know", "https://blog.trendmicro.com/trendlabs-security-intelligence/new-killdisk-variant-hits-financial-organizations-in-latin-america/", "https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/", @@ -3061,11 +3061,11 @@ "https://medium.com/threat-intel/lazarus-attacks-wannacry-5fdeddee476c", "https://attack.mitre.org/groups/G0032/", "https://threatpost.com/lazarus-apt-spinoff-linked-to-banking-hacks/124746/", - "https://www.symantec.com/connect/blogs/duuzer-back-door-trojan-targets-south-korea-take-over-computers", + "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=5b9850b9-0fdd-48a9-b595-9234207ae7df&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments", "https://www.bankinfosecurity.com/vietnamese-bank-blocks-1-million-online-heist-a-9105", "https://www.reuters.com/article/us-cyber-heist-swift-specialreport-idUSKCN0YB0DD", - "https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks", - "https://www.symantec.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware", + "https://web.archive.org/web/20160527050022/https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks", + "https://symantec-blogs.broadcom.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware", "https://blog.trendmicro.com/trendlabs-security-intelligence/what-we-can-learn-from-the-bangladesh-central-bank-cyber-heist/", "https://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-malware-0", "https://baesystemsai.blogspot.com/2017/10/taiwan-heist-lazarus-tools.html",