From b77b9d374c3c089c0bdf42de9447aac79769e039 Mon Sep 17 00:00:00 2001 From: Rony Date: Sun, 12 Jul 2020 11:19:13 +0530 Subject: [PATCH] Update threat-actor.json --- clusters/threat-actor.json | 62 +++++++------------------------------- 1 file changed, 11 insertions(+), 51 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index df7cb52..3a9c3c8 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -606,13 +606,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c", @@ -982,15 +975,11 @@ "http://www.crowdstrike.com/blog/cyber-deterrence-in-action-a-story-of-one-long-hurricane-panda-campaign/", "https://www.crowdstrike.com/blog/crowdstrike-discovers-use-64-bit-zero-day-privilege-escalation-exploit-cve-2014-4113-hurricane-panda/", "https://www.crowdstrike.com/blog/storm-chasing/", - "https://www.crowdstrike.com/blog/cyber-deterrence-in-action-a-story-of-one-long-hurricane-panda-campaign/", - "https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf" + "https://www.crowdstrike.com/blog/cyber-deterrence-in-action-a-story-of-one-long-hurricane-panda-campaign/" ], "synonyms": [ "Black Vine", - "TEMP.Avengers", - "Zirconium", - "APT 31", - "APT31" + "TEMP.Avengers" ] }, "related": [ @@ -1555,16 +1544,11 @@ "cfr-type-of-incident": "Espionage", "country": "CN", "refs": [ - "http://www.crowdstrike.com/blog/whois-samurai-panda/", - "https://www.cfr.org/interactive/cyber-operations/sykipot", - "https://www.secureworks.com/research/threat-profiles/bronze-edison" + "http://www.crowdstrike.com/blog/whois-samurai-panda/" ], "synonyms": [ "PLA Navy", - "APT4", - "APT 4", - "Wisp Team", - "BRONZE EDISON" + "Wisp Team" ] }, "related": [ @@ -1581,13 +1565,6 @@ "estimative-language:likelihood-probability=\"likely\"" ], "type": "similar" - }, - { - "dest-uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" } ], "uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7", @@ -5150,36 +5127,17 @@ "https://www.alienvault.com/open-threat-exchange/blog/new-sykipot-developments", "http://blog.trendmicro.com/trendlabs-security-intelligence/sykipot-now-targeting-us-civil-aviation-sector-information/", "https://www.sans.org/reading-room/whitepapers/malicious/detailed-analysis-sykipot-smartcard-proxy-variant-33919", - "https://www.cfr.org/interactive/cyber-operations/sykipot" + "https://www.cfr.org/interactive/cyber-operations/sykipot", + "https://www.secureworks.com/research/threat-profiles/bronze-edison" ], "synonyms": [ "PLA Navy", + "APT4", + "APT 4", + "BRONZE EDISON", "Sykipot" ] }, - "related": [ - { - "dest-uuid": "38fd6a28-3353-4f2b-bb2b-459fecd5c648", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "9a683d9c-8f7d-43df-bba2-ad0ca71e277c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - }, - { - "dest-uuid": "2fb07fa4-0d7f-43c7-8ff4-b28404313fe7", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ], "uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b", "value": "Maverick Panda" }, @@ -7427,6 +7385,7 @@ "refs": [ "https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/", "https://duo.com/decipher/apt-groups-moving-down-the-supply-chain", + "https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf", "https://redalert.nshc.net/2019/12/03/threat-actor-targeting-hong-kong-activists", "https://twitter.com/bkMSFT/status/1201876664667582466", "https://www.secureworks.com/research/bronz-vinewood-uses-hanaloader-to-target-government-supply-chain", @@ -7436,6 +7395,7 @@ "synonyms": [ "APT 31", "ZIRCONIUM", + "JUDGMENT PANDA", "BRONZE VINEWOOD" ] },