diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 3cce334..6561381 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -12795,6 +12795,15 @@ "https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/" ] }, + "related": [ + { + "dest-uuid": "3c3ca8f3-c6ab-4c5d-9bd0-be6677d6cdeb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "1f7f4a51-c4a8-4365-ade3-83b222e7cb67", "value": "Earth Estries" }, @@ -15233,10 +15242,29 @@ "meta": { "country": "CN", "refs": [ - "https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation", - "https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/" + "https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/", + "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/30094337/GhostEmperor_technical-details_PDF_eng.pdf", + "https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/", + "https://www.ncsc.gov.uk/files/NCSC-MAR-SparrowDoor.pdf", + "https://cloud.google.com/blog/topics/threat-intelligence/unc4841-post-barracuda-zero-day-remediation", + "https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/", + "https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835" + ], + "synonyms": [ + "FamousSparrow", + "UNC2286", + "Salt Typhoon" ] }, + "related": [ + { + "dest-uuid": "1f7f4a51-c4a8-4365-ade3-83b222e7cb67", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3c3ca8f3-c6ab-4c5d-9bd0-be6677d6cdeb", "value": "GhostEmperor" },