From 8ce0df6eb4d4bd404f6570ff16d494f962ebdc90 Mon Sep 17 00:00:00 2001 From: Rony Date: Mon, 25 Jul 2022 17:15:23 +0530 Subject: [PATCH 1/2] Update threat-actor.json Merge aquatic panda & earth lusca --- clusters/threat-actor.json | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 8728466..9260d14 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -9198,17 +9198,6 @@ "uuid": "f6d02ac3-3447-4892-b844-1ef31839e04f", "value": "SideCopy" }, - { - "description": "AQUATIC PANDA is a China-based targeted intrusion adversary with a dual mission of intelligence collection and industrial espionage. It has likely operated since at least May 2020. AQUATIC PANDA operations have primarily focused on entities in the telecommunications, technology and government sectors. AQUATIC PANDA relies heavily on Cobalt Strike, and its toolset includes the unique Cobalt Strike downloader tracked as FishMaster. AQUATIC PANDA has also been observed delivering njRAT payloads to targets.", - "meta": { - "country": "CN", - "refs": [ - "https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/" - ] - }, - "uuid": "676c1129-5664-4698-92ee-031f81baefce", - "value": "AQUATIC PANDA" - }, { "description": "Antlion is a Chinese state-backed advanced persistent threat (APT) group, who has been targeting financial institutions in Taiwan. This persistent campaign has lasted over the course of at least 18 months.", "meta": { @@ -9789,7 +9778,9 @@ "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi", "https://media-exp1.licdn.com/dms/document/C561FAQHhWFRcWmdCPw/feedshare-document-pdf-analyzed/0/1639591145314?e=1658966400&v=beta&t=_uCcyEVg6b_VDiBTvWQIXtBOdQ1GQAAydqGyq62KA3E", "https://www.sentinelone.com/wp-content/uploads/2021/08/SentinelOne_-SentinelLabs_ShadowPad_WP_V2.pdf", - "https://www.pwc.co.uk/issues/cyber-security-services/research/chasing-shadows.html" + "https://www.pwc.co.uk/issues/cyber-security-services/research/chasing-shadows.html", + "https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools, + "https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass" ], "synonyms": [ "CHROMIUM", @@ -9797,6 +9788,7 @@ "TAG-22", "FISHMONGER", "BRONZE UNIVERSITY", + "AQUATIC PANDA", "Red Dev 10" ] }, From 5a7f3a72073f85b10974539b8428cf49ecb8c6f1 Mon Sep 17 00:00:00 2001 From: Rony Date: Mon, 25 Jul 2022 17:17:52 +0530 Subject: [PATCH 2/2] fix --- clusters/threat-actor.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 9260d14..e9d25bc 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -9779,7 +9779,7 @@ "https://media-exp1.licdn.com/dms/document/C561FAQHhWFRcWmdCPw/feedshare-document-pdf-analyzed/0/1639591145314?e=1658966400&v=beta&t=_uCcyEVg6b_VDiBTvWQIXtBOdQ1GQAAydqGyq62KA3E", "https://www.sentinelone.com/wp-content/uploads/2021/08/SentinelOne_-SentinelLabs_ShadowPad_WP_V2.pdf", "https://www.pwc.co.uk/issues/cyber-security-services/research/chasing-shadows.html", - "https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools, + "https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools", "https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass" ], "synonyms": [