From c16108017526a40c50eb1e67d4280177cfb5169e Mon Sep 17 00:00:00 2001 From: Rony Date: Wed, 15 Apr 2020 21:36:48 +0530 Subject: [PATCH] Update threat-actor.json --- clusters/threat-actor.json | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 4469057..41e4a55 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -5770,7 +5770,14 @@ "https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html", "https://www.recordedfuture.com/chinese-threat-actor-tempperiscope/", "https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html", - "https://attack.mitre.org/groups/G0065/" + "https://attack.mitre.org/groups/G0065/", + "https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/", + "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf", + "https://intrusiontruth.wordpress.com/2020/01/09/what-is-the-hainan-xiandun-technology-development-company", + "https://intrusiontruth.wordpress.com/2020/01/10/who-is-mr-gu", + "https://intrusiontruth.wordpress.com/2020/01/13/who-else-works-for-this-cover-company-network", + "https://intrusiontruth.wordpress.com/2020/01/14/who-is-mr-ding", + "https://intrusiontruth.wordpress.com/2020/01/15/hainan-xiandun-technology-company-is-apt40" ], "synonyms": [ "TEMP.Periscope", @@ -5778,7 +5785,8 @@ "APT 40", "APT40", "BRONZE MOHAWK", - "GADOLINIUM" + "GADOLINIUM", + "Kryptonite Panda" ] }, "related": [ @@ -7134,17 +7142,6 @@ "uuid": "d7a41ada-6687-4a6b-8b5c-396808cdd758", "value": "Judgment Panda" }, - { - "description": "One of the first observed adopters of the 8.t exploit document builder in late 2017, further KRYPTONITE PANDA activity was limited in 2018. Last known activity for this adversary occurred in June 2018 and involved suspected targeting of Cambodia.", - "meta": { - "refs": [ - "https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/", - "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf" - ] - }, - "uuid": "393ebaad-4f05-4b35-bd31-45ac4ae7472d", - "value": "Kryptonite Panda" - }, { "description": "In the first quarter of 2018, CrowdStrike Intelligence identified NOMAD PANDA activity targeting Central Asian nations with exploit documents built with the 8.t tool.", "meta": { @@ -7395,10 +7392,13 @@ "https://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/", "https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/", "https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/", - "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf" + "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf", + "https://www.slideshare.net/codeblue_jp/cb19-cyber-threat-landscape-in-japan-revealing-threat-in-the-shadow-by-chi-en-shen-ashley-oleg-bondarenko" ], "synonyms": [ - "CIRCUIT PANDA" + "CIRCUIT PANDA", + "Temp.Overboard", + "HUAPI" ] }, "uuid": "320c42f7-eab7-4ef9-b09a-74396caa6c3e",