diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index f00cdc8..714a65a 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -181,7 +181,7 @@ "attribution-confidence": "50", "country": "CN", "refs": [ - "http://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf" + "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf" ] }, "uuid": "06e659ff-ece8-4e6c-a110-d9692ac6d8ee", @@ -386,7 +386,7 @@ "https://blogs.technet.microsoft.com/mmpc/2016/06/09/reverse-engineering-dubnium-2", "https://securelist.com/blog/research/66779/the-darkhotel-apt/", "https://securelist.com/the-darkhotel-apt/66779/", - "http://drops.wooyun.org/tips/11726", + "https://web.archive.org/web/20160104165148/http://drops.wooyun.org/tips/11726", "https://labs.bitdefender.com/wp-content/uploads/downloads/inexsmar-an-unusual-darkhotel-campaign/", "https://www.cfr.org/interactive/cyber-operations/darkhotel", "https://www.securityweek.com/darkhotel-apt-uses-new-methods-target-politicians", @@ -511,7 +511,7 @@ "cfr-type-of-incident": "Espionage", "country": "CN", "refs": [ - "http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html", + "https://web.archive.org/web/20130924130243/https://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html", "https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/hidden_lynx.pdf", "https://www.cfr.org/interactive/cyber-operations/apt-17", "https://www.carbonblack.com/2013/02/08/bit9-and-our-customers-security/", @@ -649,7 +649,6 @@ "https://www.microsoft.com/security/blog/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/", "https://www.cfr.org/interactive/cyber-operations/axiom", "https://securelist.com/games-are-over/70991/", - "https://vsec.com.vn/en/blogen/initial-winnti-analysis-against-vietnam-game-company.html", "https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a", "https://www.dw.com/en/thyssenkrupp-victim-of-cyber-attack/a-36695341", "https://www.bleepingcomputer.com/news/security/teamviewer-confirms-undisclosed-breach-from-2016/", @@ -736,7 +735,7 @@ "country": "CN", "refs": [ "http://cybercampaigns.net/wp-content/uploads/2013/06/Deep-Panda.pdf", - "http://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf", + "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf", "https://www.cfr.org/interactive/cyber-operations/deep-panda", "https://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/", "https://eromang.zataz.com/2013/01/02/capstone-turbine-corporation-also-targeted-in-the-cfr-watering-hole-attack-and-more/", @@ -1047,7 +1046,7 @@ "country": "CN", "refs": [ "http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/", - "http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/", + "https://web.archive.org/web/20140129192702/https://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/", "https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/", "https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/", "https://www.cfr.org/interactive/cyber-operations/iron-tiger" @@ -1633,7 +1632,7 @@ "attribution-confidence": "50", "country": "CN", "refs": [ - "http://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf" + "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf" ] }, "uuid": "1514546d-f6ea-4af3-bbea-24d6fd9e6761", @@ -3008,7 +3007,7 @@ "attribution-confidence": "50", "country": "RU", "refs": [ - "http://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf" + "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf" ] }, "uuid": "db774b7d-a0ee-4375-b24e-fd278f5ab2fd", @@ -3019,7 +3018,7 @@ "attribution-confidence": "50", "country": "KP", "refs": [ - "http://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf" + "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf" ], "synonyms": [ "OperationTroy", @@ -3184,7 +3183,7 @@ "attribution-confidence": "50", "country": "IN", "refs": [ - "http://enterprise-manage.norman.c.bitbit.net/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf" + "https://kung_foo.keybase.pub/papers_and_presentations/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf" ], "synonyms": [ "Appin", @@ -3251,8 +3250,8 @@ "refs": [ "https://securelist.com/blog/research/69114/animals-in-the-apt-farm/", "https://motherboard.vice.com/read/meet-babar-a-new-malware-almost-certainly-created-by-france", - "http://www.cyphort.com/evilbunny-malware-instrumented-lua/", - "http://www.cyphort.com/babar-suspected-nation-state-spyware-spotlight/", + "https://web.archive.org/web/20150311013500/http://www.cyphort.com/evilbunny-malware-instrumented-lua/", + "https://web.archive.org/web/20150218192803/http://www.cyphort.com/babar-suspected-nation-state-spyware-spotlight/", "https://www.gdatasoftware.com/blog/2015/02/24270-babar-espionage-software-finally-found-and-put-under-the-microscope", "https://www.cfr.org/interactive/cyber-operations/snowglobe", "https://resources.infosecinstitute.com/animal-farm-apt-and-the-shadow-of-france-intelligence/" @@ -4029,7 +4028,6 @@ "meta": { "refs": [ "https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html", - "http://blog.vectranetworks.com/blog/moonlight-middle-east-targeted-attacks", "https://ti.360.net/blog/articles/suspected-molerats-new-attack-in-the-middle-east/", "https://ti.360.net/blog/articles/suspected-molerats-new-attack-in-the-middle-east-en/", "https://middle-east-online.com/en/cyber-war-gaza-hackers-deface-israel-fire-service-website", @@ -4682,7 +4680,7 @@ "https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html", "https://www2.fireeye.com/WBNR-Know-Your-Enemy-UNC622-Spear-Phishing.html", "https://www.root9b.com/sites/default/files/whitepapers/PoS%20Malware%20ShellTea%20PoSlurp.pdf", - "http://files.shareholder.com/downloads/AMDA-254Q5F/0x0x938351/665BA6A3-9573-486C-B96F-80FA35759E8C/FEYE_rpt-mtrends-2017_FINAL2.pdf", + "https://afyonluoglu.org/PublicWebFiles/Reports-TR/2017%20FireEye%20M-Trends%20Report.pdf", "https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html", "https://attack.mitre.org/groups/G0061" ] @@ -4963,7 +4961,7 @@ "attribution-confidence": "50", "country": "CN", "refs": [ - "http://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Detecting-and-Responding-to-Pandas-and-Bears-Christopher-Scott-CrowdStrike-and-Wendi-Whitmore-IBM.pdf" + "https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1492182276.pdf" ] }, "uuid": "5bc7382d-ddc6-46d3-96f5-1dbdadbd601c", @@ -5451,7 +5449,7 @@ { "meta": { "refs": [ - "https://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf" + "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf" ] }, "uuid": "769bf551-ff39-4f84-b7f2-654a28df1e50", @@ -5514,7 +5512,7 @@ { "meta": { "refs": [ - "https://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf" + "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf" ] }, "uuid": "445c7b62-028b-455e-9d65-74899b7006a4", @@ -5592,7 +5590,7 @@ "attribution-confidence": "50", "country": "CN", "refs": [ - "http://en.hackdig.com/02/39538.htm" + "http://webcache.googleusercontent.com/search?q=cache:TWoHHzH9gU0J:en.hackdig.com/02/39538.htm" ] }, "uuid": "110792e8-38d2-4df2-9ea3-08b60321e994", @@ -7989,7 +7987,7 @@ "meta": { "refs": [ "https://ti.360.net/blog/articles/analysis-of-apt-c-27/", - "http://csecybsec.com/download/zlab/20180723_CSE_APT27_Syria_v1.pdf" + "https://www.pbwcz.cz/Reporty/20180723_CSE_APT27_Syria_v1.pdf" ], "since": "2014", "synonyms": [ @@ -8341,5 +8339,5 @@ "value": "COBALT KATANA" } ], - "version": 160 + "version": 161 }