Update threat-actor.json

Merge aquatic panda & earth lusca
This commit is contained in:
Rony 2022-07-25 17:15:23 +05:30 committed by GitHub
parent 6b6398bf2d
commit 8ce0df6eb4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -9198,17 +9198,6 @@
"uuid": "f6d02ac3-3447-4892-b844-1ef31839e04f", "uuid": "f6d02ac3-3447-4892-b844-1ef31839e04f",
"value": "SideCopy" "value": "SideCopy"
}, },
{
"description": "AQUATIC PANDA is a China-based targeted intrusion adversary with a dual mission of intelligence collection and industrial espionage. It has likely operated since at least May 2020. AQUATIC PANDA operations have primarily focused on entities in the telecommunications, technology and government sectors. AQUATIC PANDA relies heavily on Cobalt Strike, and its toolset includes the unique Cobalt Strike downloader tracked as FishMaster. AQUATIC PANDA has also been observed delivering njRAT payloads to targets.",
"meta": {
"country": "CN",
"refs": [
"https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/"
]
},
"uuid": "676c1129-5664-4698-92ee-031f81baefce",
"value": "AQUATIC PANDA"
},
{ {
"description": "Antlion is a Chinese state-backed advanced persistent threat (APT) group, who has been targeting financial institutions in Taiwan. This persistent campaign has lasted over the course of at least 18 months.", "description": "Antlion is a Chinese state-backed advanced persistent threat (APT) group, who has been targeting financial institutions in Taiwan. This persistent campaign has lasted over the course of at least 18 months.",
"meta": { "meta": {
@ -9789,7 +9778,9 @@
"https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi", "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi",
"https://media-exp1.licdn.com/dms/document/C561FAQHhWFRcWmdCPw/feedshare-document-pdf-analyzed/0/1639591145314?e=1658966400&v=beta&t=_uCcyEVg6b_VDiBTvWQIXtBOdQ1GQAAydqGyq62KA3E", "https://media-exp1.licdn.com/dms/document/C561FAQHhWFRcWmdCPw/feedshare-document-pdf-analyzed/0/1639591145314?e=1658966400&v=beta&t=_uCcyEVg6b_VDiBTvWQIXtBOdQ1GQAAydqGyq62KA3E",
"https://www.sentinelone.com/wp-content/uploads/2021/08/SentinelOne_-SentinelLabs_ShadowPad_WP_V2.pdf", "https://www.sentinelone.com/wp-content/uploads/2021/08/SentinelOne_-SentinelLabs_ShadowPad_WP_V2.pdf",
"https://www.pwc.co.uk/issues/cyber-security-services/research/chasing-shadows.html" "https://www.pwc.co.uk/issues/cyber-security-services/research/chasing-shadows.html",
"https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools,
"https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass"
], ],
"synonyms": [ "synonyms": [
"CHROMIUM", "CHROMIUM",
@ -9797,6 +9788,7 @@
"TAG-22", "TAG-22",
"FISHMONGER", "FISHMONGER",
"BRONZE UNIVERSITY", "BRONZE UNIVERSITY",
"AQUATIC PANDA",
"Red Dev 10" "Red Dev 10"
] ]
}, },