From 89a193d315b2c5132419cbcb03d33778f6cb5bb5 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 4 Oct 2023 10:48:44 +0200 Subject: [PATCH] fix: [threat-actor] version updated + jq all the things --- clusters/threat-actor.json | 52 +++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 9caddb0..b202344 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -7074,6 +7074,31 @@ { "description": "TA505, the name given by Proofpoint, has been in the cybercrime business for at least four years. This is the group behind the infamous Dridex banking trojan and Locky ransomware, delivered through malicious email campaigns via Necurs botnet. Other malware associated with TA505 include Philadelphia and GlobeImposter ransomware families.", "meta": { + "cfr-suspected-victims": [ + "Australia", + "Canada", + "Czech Republic", + "Germany", + "Hungary", + "India", + "Japan", + "Romania", + "Serbia", + "Singapore", + "South Korea", + "Spain", + "Thailand", + "Turkey", + "United Kingdom", + "United States" + ], + "cfr-target-category": [ + "Education", + "Finance", + "Health", + "Retail", + "Hospitality" + ], "country": "RU", "refs": [ "https://www.bleepingcomputer.com/news/security/ta505-group-adopts-new-servhelper-backdoor-and-flawedgrace-rat/", @@ -7106,31 +7131,6 @@ "ATK103", "Hive0065", "CHIMBORAZO" - ], - "cfr-target-category": [ - "Education", - "Finance", - "Health", - "Retail", - "Hospitality" - ], - "cfr-suspected-victims": [ - "Australia", - "Canada", - "Czech Republic", - "Germany", - "Hungary", - "India", - "Japan", - "Romania", - "Serbia", - "Singapore", - "South Korea", - "Spain", - "Thailand", - "Turkey", - "United Kingdom", - "United States" ] }, "related": [ @@ -11824,5 +11824,5 @@ "value": "Scattered Spider" } ], - "version": 283 + "version": 284 }