replace "sector" tag with "country" for matching data. this allows to be confirm with existing clusters.

This commit is contained in:
Tobias Mainka 2023-04-19 12:38:37 +02:00 committed by GitHub
parent ccc8f0f801
commit 8d2b9537f1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -325,7 +325,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "China",
"country": "CN",
"synonyms": [
"APT41",
"BARIUM"
@ -339,7 +339,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "China",
"country": "CN",
"synonyms": [
"CHROMIUM",
"ControlX"
@ -353,7 +353,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "China",
"country": "CN",
"synonyms": [
"DEV-0322"
]
@ -366,7 +366,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "China",
"country": "CN",
"synonyms": [
"APT40",
"GADOLINIUM",
@ -383,7 +383,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "China",
"country": "CN",
"synonyms": [
"GALLIUM"
]
@ -396,7 +396,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "China",
"country": "CN",
"synonyms": [
"DEV-0234"
]
@ -409,7 +409,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "China",
"country": "CN",
"synonyms": [
"APT5",
"Keyhole Panda",
@ -425,7 +425,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "China",
"country": "CN",
"synonyms": [
"APT15",
"NICKEL",
@ -441,7 +441,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "China",
"country": "CN",
"synonyms": [
"APT30",
"LotusBlossom",
@ -456,7 +456,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "China",
"country": "CN",
"synonyms": [
"HAFNIUM"
]
@ -469,7 +469,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "China",
"country": "CN",
"synonyms": [
"APT31",
"ZIRCONIUM"
@ -669,7 +669,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Iran",
"country": "IR",
"synonyms": [
"NEPTUNIUM",
"Vice Leaker"
@ -683,7 +683,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Iran",
"country": "IR",
"synonyms": [
"CURIUM",
"TA456",
@ -698,7 +698,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Iran",
"country": "IR",
"synonyms": [
"DEV-0228"
]
@ -711,7 +711,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Iran",
"country": "IR",
"synonyms": [
"DEV-0343"
]
@ -724,7 +724,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Iran",
"country": "IR",
"synonyms": [
"APT34",
"Cobalt Gypsy",
@ -740,7 +740,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Iran",
"country": "IR",
"synonyms": [
"Fox Kitten",
"PioneerKitten",
@ -756,7 +756,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Iran",
"country": "IR",
"synonyms": [
"MERCURY",
"MuddyWater",
@ -773,7 +773,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Iran",
"country": "IR",
"synonyms": [
"DEV-0500",
"Moses Staff"
@ -787,7 +787,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Iran",
"country": "IR",
"synonyms": [
"APT35",
"Charming Kitten",
@ -802,7 +802,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Iran",
"country": "IR",
"synonyms": [
"APT33",
"HOLMIUM",
@ -817,7 +817,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Iran",
"country": "IR",
"synonyms": [
"AMERICIUM",
"Agrius",
@ -834,7 +834,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Iran",
"country": "IR",
"synonyms": [
"DEV-0146",
"ZeroCleare"
@ -848,7 +848,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Iran",
"country": "IR",
"synonyms": [
"BOHRIUM"
]
@ -861,7 +861,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Lebanon",
"country": "LB",
"synonyms": [
"POLONIUM"
]
@ -874,7 +874,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "North Korea",
"country": "KP",
"synonyms": [
"Labyrinth Chollima",
"Lazarus",
@ -889,7 +889,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "North Korea",
"country": "KP",
"synonyms": [
"Kimsuky",
"THALLIUM",
@ -904,7 +904,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "North Korea",
"country": "KP",
"synonyms": [
"Konni",
"OSMIUM"
@ -918,7 +918,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "North Korea",
"country": "KP",
"synonyms": [
"LAWRENCIUM"
]
@ -931,7 +931,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "North Korea",
"country": "KP",
"synonyms": [
"CERIUM"
]
@ -944,7 +944,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "North Korea",
"country": "KP",
"synonyms": [
"BlueNoroff",
"COPERNICIUM",
@ -959,7 +959,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "North Korea",
"country": "KP",
"synonyms": [
"DEV-0530",
"H0lyGh0st"
@ -1029,7 +1029,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Russia",
"country": "RU",
"synonyms": [
"ACTINIUM",
"Gamaredon",
@ -1045,7 +1045,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Russia",
"country": "RU",
"synonyms": [
"DEV-0586"
]
@ -1058,7 +1058,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Russia",
"country": "RU",
"synonyms": [
"APT28",
"Fancy Bear",
@ -1073,7 +1073,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Russia",
"country": "RU",
"synonyms": [
"BROMINE",
"Crouching Yeti",
@ -1088,7 +1088,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Russia",
"country": "RU",
"synonyms": [
"APT29",
"Cozy Bear",
@ -1103,7 +1103,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Russia",
"country": "RU",
"synonyms": [
"IRIDIUM",
"Sandworm"
@ -1117,7 +1117,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Russia",
"country": "RU",
"synonyms": [
"Callisto",
"Reuse Team",
@ -1132,7 +1132,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Russia",
"country": "RU",
"synonyms": [
"DEV-0665"
]
@ -1145,7 +1145,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "South Korea",
"country": "KR",
"synonyms": [
"DUBNIUM",
"Dark Hotel",
@ -1160,7 +1160,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Turkey",
"country": "TR",
"synonyms": [
"SILICON",
"Sea Turtle"
@ -1174,7 +1174,7 @@
"refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
],
"sector": "Vietnam",
"country": "VN",
"synonyms": [
"APT32",
"BISMUTH",
@ -1185,5 +1185,5 @@
"value": "Canvas Cyclone"
}
],
"version": 12
"version": 13
}