diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index a3f87a8..52241f2 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -4325,11 +4325,24 @@ "https://www.helpnetsecurity.com/2016/11/22/cobalt-hackers-synchronized-atm-heists/", "https://www.bleepingcomputer.com/news/security/cobalt-hacking-group-tests-banks-in-russia-and-romania/", "https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish", - "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-september-cobalt-spider/" + "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-september-cobalt-spider/", + "https://www.group-ib.com/blog/cobalt", + "https://www.reuters.com/article/us-taiwan-cyber-atms/taiwan-atm-heist-linked-to-european-hacking-spree-security-firm-idUSKBN14P0CX", + "https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target", + "https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/", + "https://www.riskiq.com/blog/labs/cobalt-strike/", + "https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/", + "https://unit42.paloaltonetworks.com/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed/", + "https://www.europol.europa.eu/newsroom/news/mastermind-behind-eur-1-billion-cyber-bank-robbery-arrested-in-spain", + "https://www.computerweekly.com/news/252446153/Three-Carbanak-cyber-heist-gang-members-arrested", + "https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-2017-eng.pdf", + "https://attack.mitre.org/groups/G0080/" ], "synonyms": [ "Cobalt group", + "Cobalt Group", "Cobalt gang", + "Cobalt Gang", "GOLD KINGSWOOD", "Cobalt Spider" ]