diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index a42411e..1c873d3 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -1158,13 +1158,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "8dda51ef-9a30-48f7-b0fd-5b6f0a62262d", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "suspected-link" } ], "uuid": "56b37b05-72e7-4a89-ba8a-61ce45269a8c", @@ -7916,16 +7909,9 @@ }, "related": [ { - "dest-uuid": "56b37b05-72e7-4a89-ba8a-61ce45269a8c", + "dest-uuid": "e400b6c5-77cf-453d-ba0f-44575583ac6c", "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "suspected-link" - }, - { - "dest-uuid": "6085aad0-1d95-11ea-a140-078d42aced40", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" + "estimative-language:likelihood-probability=\"almost-certain\"" ], "type": "similar" } @@ -8340,7 +8326,27 @@ }, "uuid": "d1c25b0e-e4c5-4b7c-b790-2e185cb2f07e", "value": "COBALT KATANA" + }, + { + "description": "GALLIUM, is a threat actor believed to be targeting telecommunication providers over the world, mostly South-East Asia, Europe and Africa. To compromise targeted networks, GALLIUM target unpatched internet-facing services using publicly available exploits and have been known to target vulnerabilities in WildFly/JBoss.", + "meta": { + "refs": [ + "https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/", + "https://www.youtube.com/watch?v=fBFm2fiEPTg" + ] + }, + "related": [ + { + "dest-uuid": "8dda51ef-9a30-48f7-b0fd-5b6f0a62262d", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type":"similar" + } + ], + "uuid": "e400b6c5-77cf-453d-ba0f-44575583ac6c", + "value": "GALLIUM" } ], - "version": 163 + "version": 164 }