Merge pull request #1021 from r0ny123/🧂🌀

Updates regarding Salt Typhoon

clusters/threat-actor.json

@@ -12795,6 +12795,15 @@
           "https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/"
         ]
       },
+      "related": [
+        {
+          "dest-uuid": "3c3ca8f3-c6ab-4c5d-9bd0-be6677d6cdeb",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "similar"
+        }
+      ],
       "uuid": "1f7f4a51-c4a8-4365-ade3-83b222e7cb67",
       "value": "Earth Estries"
     },
@@ -15233,10 +15242,29 @@
       "meta": {
         "country": "CN",
         "refs": [
-          "https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation",
-          "https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/"
+          "https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/",
+          "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/30094337/GhostEmperor_technical-details_PDF_eng.pdf",
+          "https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/",
+          "https://www.ncsc.gov.uk/files/NCSC-MAR-SparrowDoor.pdf",
+          "https://cloud.google.com/blog/topics/threat-intelligence/unc4841-post-barracuda-zero-day-remediation",
+          "https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/",
+          "https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835"
+        ],
+        "synonyms": [
+          "FamousSparrow",
+          "UNC2286",
+          "Salt Typhoon"
         ]
       },
+      "related": [
+        {
+          "dest-uuid": "1f7f4a51-c4a8-4365-ade3-83b222e7cb67",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "similar"
+        }
+      ],
       "uuid": "3c3ca8f3-c6ab-4c5d-9bd0-be6677d6cdeb",
       "value": "GhostEmperor"
     },