diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index bdcd282..2fd6f6f 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -170,7 +170,7 @@ "https://blogs.technet.microsoft.com/mmpc/2016/06/09/reverse-engineering-dubnium-2" ] }, - "value": "darkhotel" + "value": "DarkHotel" }, { "meta": { @@ -470,7 +470,10 @@ "PittyTiger", "MANGANESE" ], - "country": "CN" + "country": "CN", + "refs": [ + "http://blog.airbuscybersecurity.com/post/2014/07/The-Eye-of-the-Tiger2" + ] }, "value": "Pitty Panda", "description": "The Pitty Tiger group has been active since at least 2011. They have been seen using HeartBleed vulnerability in order to directly get valid credentials" @@ -545,6 +548,9 @@ { "meta": { "country": "CN", + "refs": [ + "http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/" + ], "synonyms": [ "APT20", "APT 20", @@ -583,6 +589,9 @@ { "meta": { "country": "CN", + "refs": [ + "https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india" + ], "synonyms": [ "APT23", "KeyBoy" @@ -599,6 +608,9 @@ "AjaxSecurityTeam", "Ajax Security Team", "Group 26" + ], + "refs": [ + "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf" ] }, "value": "Flying Kitten", @@ -628,6 +640,9 @@ "Parastoo", "Group 83", "Newsbeef" + ], + "refs": [ + "https://en.wikipedia.org/wiki/Operation_Newscaster" ] }, "value": "Charming Kitten", @@ -831,6 +846,9 @@ "Carbon Spider" ], "country": "RU", + "refs": [ + "https://en.wikipedia.org/wiki/Carbanak" + ], "motive": "Cybercrime" }, "description": "Groups targeting financial organizations or people with significant financial assets.", @@ -931,7 +949,10 @@ "Appin", "OperationHangover" ], - "country": "IN" + "country": "IN", + "refs": [ + "http://enterprise-manage.norman.c.bitbit.net/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf" + ] }, "value": "Viceroy Tiger" }, @@ -958,6 +979,9 @@ "value": "SNOWGLOBE", "meta": { "country": "FR", + "refs": [ + "https://securelist.com/blog/research/69114/animals-in-the-apt-farm/" + ], "synonyms": [ "Animal Farm" ] @@ -1135,12 +1159,12 @@ "https://attack.mitre.org/wiki/Group/G0013" ], "synonyms": [ - "APT 30" + "APT30" ], "country": "CN" }, - "value": "APT30", - "description": "APT30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches." + "value": "APT 30", + "description": "APT 30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches." }, { "meta": { @@ -1398,5 +1422,5 @@ ], "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "uuid": "7cdff317-a673-4474-84ec-4f1754947823", - "version": 16 -} + "version": 17 +} \ No newline at end of file