jq

clusters/threat-actor.json

@@ -671,12 +671,12 @@
           "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-july-wicked-spider/"
         ],
         "synonyms": [
-          "Winnti Umbrella"
+          "Winnti Umbrella",
           "Winnti Group",
           "Tailgater Team",
-          "Suckfly"
+          "Suckfly",
+          "APT41",
           "APT 41",
-          "APT 41"
           "Group 72",
           "Group72",
           "Tailgater",

clusters/tool.json

@@ -665,7 +665,8 @@
           "SUQ",
           "Agent.ALQHI",
           "RbDoor",
-          "RibDoor","HIGHNOON"
+          "RibDoor",
+          "HIGHNOON"
         ],
         "type": [
           "Backdoor"
@@ -5355,7 +5356,10 @@
         "refs": [
           "https://cdn.securelist.com/files/2017/08/ShadowPad_technical_description_PDF.pdf"
         ],
-        "synonyms":[ "POISONPLUG", "Barlaiy"]
+        "synonyms": [
+          "POISONPLUG",
+          "Barlaiy"
+        ]
       },
       "related": [
         {
@@ -7864,11 +7868,14 @@
       "value": "Netscan"
     },
     {
-      "value":"ShadowHammer",
       "description": "Malware embedded in Asus Live Update in 2018. ShadowHammer triggers its malicious behavior only if the computer it is running on has a network adapter with the MAC address whitelisted by the attacker.",
       "meta": {
-        "refs": ["https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Winnti.pdf"]
+        "refs": [
-      }
+          "https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Winnti.pdf"
+        ]
+      },
+      "uuid": "c1815516-aa2a-43d2-9136-78a8feb054b6",
+      "value": "ShadowHammer"
     }
   ],
   "version": 127