Merge branch 'nyx0-main' into main

2025-01-19 02:56:16 +00:00 · 2022-08-11 17:50:43 +02:00 · 2022-08-11 17:50:43 +02:00 · 65c9490b77
commit 65c9490b77
parent 75221418b8 96d31aa8c7
1 changed files with 36 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -1026,6 +1026,7 @@
        "cfr-type-of-incident": "Espionage",
        "country": "CN",
        "refs": [
+          "https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf",
          "https://web.archive.org/web/20140129192702/https://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
          "https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/",
          "https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/",
@ -1045,6 +1046,7 @@
          "https://unit42.paloaltonetworks.com/atoms/iron-taurus/"
        ],
        "synonyms": [
+          "GreedyTaotie",
          "TG-3390",
          "APT 27",
          "APT27",
@ -9859,12 +9861,14 @@
      "meta": {
        "country": "CN",
        "refs": [
+          "https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf",
          "https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself",
          "https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation",
          "https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility",
          "https://twitter.com/cglyer/status/1480734487000453121"
        ],
        "synonyms": [
+          "SLIME34",
          "DEV-0401"
        ]
      },
@ -10004,7 +10008,38 @@
      },
      "uuid": "7831d56e-5913-44ca-8835-f42017aeb0cd",
      "value": "Returned Libra"
+    },
+    {
+      "meta": {
+        "attribution-confidence": "75",
+        "cfr-suspected-state-sponsor": "China",
+        "cfr-target-category": [
+          "Private Sector"
+        ],
+        "country": "CN",
+        "refs": [
+          "https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf"
+        ]
+      },
+      "uuid": "a3831248-5e2f-492d-8bb6-5e82c2f6481d",
+      "value": "TianWu"
+    },
+    {
+      "meta": {
+        "attribution-confidence": "75",
+        "cfr-suspected-state-sponsor": "China",
+        "cfr-target-category": [
+          "Private Sector"
+        ],
+        "country": "CN",
+        "refs": [
+          "https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-LeonSilvia-NextGenPlugXShadowPad.pdf",
+          "https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf"
+        ]
+      },
+      "uuid": "d58030e2-5673-4836-9aff-ab6d55da0bc0",
+      "value": "SLIME29"
    }
  ],
-  "version": 238
+  "version": 239
 }