From aeab78b95eada597f609ee9521bcff681634939c Mon Sep 17 00:00:00 2001 From: Rony <49360849+r0ny123@users.noreply.github.com> Date: Thu, 26 Sep 2024 17:12:54 +0000 Subject: [PATCH 1/2] chg: [threat-actor] `GhostEmperor` updated --- clusters/threat-actor.json | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 3cce334..d51bb9c 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -15233,8 +15233,18 @@ "meta": { "country": "CN", "refs": [ - "https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation", - "https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/" + "https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/", + "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/30094337/GhostEmperor_technical-details_PDF_eng.pdf", + "https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/", + "https://www.ncsc.gov.uk/files/NCSC-MAR-SparrowDoor.pdf", + "https://cloud.google.com/blog/topics/threat-intelligence/unc4841-post-barracuda-zero-day-remediation", + "https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/", + "https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835" + ], + "synonyms": [ + "FamousSparrow", + "UNC2286", + "Salt Typhoon" ] }, "uuid": "3c3ca8f3-c6ab-4c5d-9bd0-be6677d6cdeb", From e6db8c579a4ae9623dea49674869b206b7e9841d Mon Sep 17 00:00:00 2001 From: Rony <49360849+r0ny123@users.noreply.github.com> Date: Thu, 26 Sep 2024 18:21:38 +0000 Subject: [PATCH 2/2] chg: [threat-actor] added a relationship between `Earth Estries` and `GhostEmperor` --- clusters/threat-actor.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index d51bb9c..6561381 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -12795,6 +12795,15 @@ "https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/" ] }, + "related": [ + { + "dest-uuid": "3c3ca8f3-c6ab-4c5d-9bd0-be6677d6cdeb", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "1f7f4a51-c4a8-4365-ade3-83b222e7cb67", "value": "Earth Estries" }, @@ -15247,6 +15256,15 @@ "Salt Typhoon" ] }, + "related": [ + { + "dest-uuid": "1f7f4a51-c4a8-4365-ade3-83b222e7cb67", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "3c3ca8f3-c6ab-4c5d-9bd0-be6677d6cdeb", "value": "GhostEmperor" },