Merge APT30 and Naikon

2024-11-22 14:57:18 +00:00 · 2022-08-18 11:36:45 -07:00 · 2022-08-18 11:36:45 -07:00 · a046e8094d
commit a046e8094d
parent 5e4a4c3453
3 changed files with 8 additions and 109 deletions
--- a/clusters/mitre-enterprise-attack-intrusion-set.json
+++ b/clusters/mitre-enterprise-attack-intrusion-set.json
@ -1215,13 +1215,6 @@
          ],
          "type": "similar"
        },
-        {
-          "dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "similar"
-        },
        {
          "dest-uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd",
          "tags": [
@ -1414,13 +1407,6 @@
          ],
          "type": "similar"
        },
-        {
-          "dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "similar"
-        },
        {
          "dest-uuid": "fb261c56-b80e-43a9-8351-c84081e7213d",
          "tags": [
--- a/clusters/mitre-intrusion-set.json
+++ b/clusters/mitre-intrusion-set.json
@ -9232,13 +9232,6 @@
          ],
          "type": "uses"
        },
-        {
-          "dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "similar"
-        },
        {
          "dest-uuid": "fb261c56-b80e-43a9-8351-c84081e7213d",
          "tags": [
@ -18420,13 +18413,6 @@
          ],
          "type": "uses"
        },
-        {
-          "dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "similar"
-        },
        {
          "dest-uuid": "ff6caf67-ea1f-4895-b80e-4bb0fc31c6db",
          "tags": [
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -812,7 +812,11 @@
          "https://attack.mitre.org/groups/G0019/",
          "https://www.secureworks.com/research/threat-profiles/bronze-geneva",
          "https://cyware.com/news/chinese-naikon-group-back-with-new-espionage-attack-66a8413d",
-          "https://cluster25.io/2022/04/29/lotus-panda-awake-last-strike/"
+          "https://cluster25.io/2022/04/29/lotus-panda-awake-last-strike/",
+          "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/eagle-eye-is-back-apt30/",
+          "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf",
+          "https://attack.mitre.org/wiki/Group/G0013",
+          "https://www.mandiant.com/sites/default/files/2021-09/rpt-apt30.pdf"
        ],
        "synonyms": [
          "PLA Unit 78020",
@ -820,7 +824,9 @@
          "Camerashy",
          "Lotus Panda",
          "BRONZE GENEVA",
-          "G0019"
+          "G0019",
+          "APT 30",
+          "G0013"
        ]
      },
      "related": [
@ -838,13 +844,6 @@
          ],
          "type": "similar"
        },
-        {
-          "dest-uuid": "f26144c5-8593-4e78-831a-11f6452d809b",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "similar"
-        },
        {
          "dest-uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd",
          "tags": [
@ -3486,78 +3485,6 @@
      "uuid": "f3179cfb-9c86-4980-bd6b-e4fa74adaaa7",
      "value": "ProjectSauron"
    },
-    {
-      "description": "APT 30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches.",
-      "meta": {
-        "attribution-confidence": "50",
-        "cfr-suspected-state-sponsor": "China",
-        "cfr-suspected-victims": [
-          "India",
-          "Saudi Arabia",
-          "Vietnam",
-          "Myanmar",
-          "Singapore",
-          "Thailand",
-          "Malaysia",
-          "Cambodia",
-          "China",
-          "Phillipines",
-          "South Korea",
-          "United States",
-          "Indonesia",
-          "Laos"
-        ],
-        "cfr-target-category": [
-          "Government",
-          "Private sector"
-        ],
-        "cfr-type-of-incident": "Espionage",
-        "country": "CN",
-        "refs": [
-          "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/eagle-eye-is-back-apt30/",
-          "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf",
-          "https://attack.mitre.org/wiki/Group/G0013",
-          "https://www.cfr.org/interactive/cyber-operations/apt-30",
-          "https://www.mandiant.com/sites/default/files/2021-09/rpt-apt30.pdf"
-        ],
-        "synonyms": [
-          "APT30",
-          "G0013"
-        ]
-      },
-      "related": [
-        {
-          "dest-uuid": "2a158b0a-7ef8-43cb-9985-bf34d1e12050",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "similar"
-        },
-        {
-          "dest-uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "similar"
-        },
-        {
-          "dest-uuid": "5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "similar"
-        },
-        {
-          "dest-uuid": "f047ee18-7985-4946-8bfb-4ed754d3a0dd",
-          "tags": [
-            "estimative-language:likelihood-probability=\"likely\""
-          ],
-          "type": "similar"
-        }
-      ],
-      "uuid": "f26144c5-8593-4e78-831a-11f6452d809b",
-      "value": "APT 30"
-    },
    {
      "description": "TA530, who we previously examined in relation to large-scale personalized phishing campaigns",
      "meta": {