Update threat-actor.json

new apt30 group
This commit is contained in:
Sebastien Larinier 2023-04-19 15:35:36 +02:00
parent 926035633f
commit a77dc82c0a

View file

@ -671,13 +671,12 @@
"https://www.fireeye.com/blog/threat-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html", "https://www.fireeye.com/blog/threat-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html",
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf",
"https://usa.kaspersky.com/resource-center/threats/naikon-targeted-attacks", "https://usa.kaspersky.com/resource-center/threats/naikon-targeted-attacks",
"https://blog.trendmicro.com/trendlabs-security-intelligence/bkdr_rarstone-new-rat-to-watch-out-for/", "https://web.archive.org/web/20210925164035/https://blog.trendmicro.com/trendlabs-security-intelligence/bkdr_rarstone-new-rat-to-watch-out-for/",
"https://threatconnect.com/blog/tag/naikon/", "https://threatconnect.com/blog/tag/naikon/",
"https://attack.mitre.org/groups/G0019/", "https://attack.mitre.org/groups/G0019/",
"https://www.secureworks.com/research/threat-profiles/bronze-geneva", "https://www.secureworks.com/research/threat-profiles/bronze-geneva",
"https://cyware.com/news/chinese-naikon-group-back-with-new-espionage-attack-66a8413d", "https://cyware.com/news/chinese-naikon-group-back-with-new-espionage-attack-66a8413d",
"https://cluster25.io/2022/04/29/lotus-panda-awake-last-strike/", "https://cluster25.io/2022/04/29/lotus-panda-awake-last-strike/",
"https://attack.mitre.org/wiki/Group/G0013",
"https://www.mandiant.com/resources/insights/apt-groups", "https://www.mandiant.com/resources/insights/apt-groups",
"https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf" "https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf"
], ],
@ -716,7 +715,40 @@
} }
], ],
"uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff", "uuid": "2f1fd017-9df6-4759-91fb-e7039609b5ff",
"value": "APT30" "value": "Naikon"
},
{
"description": "APT30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches",
"meta": {
"country": "CN",
"attribution-confidence": "50",
"cfr-suspected-state-sponsor": "China",
"refs":[
"https://attack.mitre.org/wiki/Group/G0013",
"https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf",
"https://www.mandiant.com/resources/insights/apt-groups"
],
"cfr-suspected-victims":[
"United States",
"South Korea",
"Saudi Arabia",
"Thailand",
"Vietnam",
"Malaysia",
"India"
],
"cfr-target-category":[
"Government"
],
"synonyms": [
"G0013"
]
},
"related": [],
"value":"APT30"
}, },
{ {
"description": "Lotus Blossom is a threat group that has targeted government and military organizations in Southeast Asia.", "description": "Lotus Blossom is a threat group that has targeted government and military organizations in Southeast Asia.",