From 8d024a52b1b08bffdfb840c90b33847bfcf28666 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Thu, 1 Feb 2024 11:01:58 -0800 Subject: [PATCH] [threat-actors] Add BRONZE STARLIGHT aliases --- clusters/threat-actor.json | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 583bb37..59565d4 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -10735,11 +10735,17 @@ "https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself", "https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation", "https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility", - "https://twitter.com/cglyer/status/1480734487000453121" + "https://twitter.com/cglyer/status/1480734487000453121", + "https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group", + "https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/", + "https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/", + "https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader" ], "synonyms": [ "SLIME34", - "DEV-0401" + "DEV-0401", + "Cinnamon Tempest", + "Emperor Dragonfly" ] }, "related": [