removing and fixing deadlinks in the best possible way

Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
This commit is contained in:
Daniel Plohmann 2020-01-23 11:14:20 +01:00 committed by GitHub
parent 2116eb36a5
commit ccfe5ee130
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -216,7 +216,7 @@
"attribution-confidence": "50", "attribution-confidence": "50",
"country": "CN", "country": "CN",
"refs": [ "refs": [
"https://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Detecting-and-Responding-to-Pandas-and-Bears-Christopher-Scott-CrowdStrike-and-Wendi-Whitmore-IBM.pdf" "https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1492182276.pdf"
] ]
}, },
"uuid": "41c15f08-a646-49f7-a644-1bebbf7a4dcd", "uuid": "41c15f08-a646-49f7-a644-1bebbf7a4dcd",
@ -506,7 +506,7 @@
"http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html", "http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html",
"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf", "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf",
"https://www.cfr.org/interactive/cyber-operations/apt-17", "https://www.cfr.org/interactive/cyber-operations/apt-17",
"https://blog.bit9.com/2013/02/08/bit9-and-our-customers-security/", "https://www.carbonblack.com/2013/02/08/bit9-and-our-customers-security/",
"https://www.symantec.com/connect/blogs/security-vendors-take-action-against-hidden-lynx-malware", "https://www.symantec.com/connect/blogs/security-vendors-take-action-against-hidden-lynx-malware",
"https://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire", "https://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire",
"https://www.recordedfuture.com/hidden-lynx-analysis/" "https://www.recordedfuture.com/hidden-lynx-analysis/"
@ -659,7 +659,7 @@
"https://www.microsoft.com/security/blog/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/", "https://www.microsoft.com/security/blog/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/",
"https://www.cfr.org/interactive/cyber-operations/axiom", "https://www.cfr.org/interactive/cyber-operations/axiom",
"https://securelist.com/games-are-over/70991/", "https://securelist.com/games-are-over/70991/",
"https://blog.vsec.com.vn/apt/initial-winnti-analysis-against-vietnam-game-company.html", "https://vsec.com.vn/en/blogen/initial-winnti-analysis-against-vietnam-game-company.html",
"https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a", "https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a",
"https://www.dw.com/en/thyssenkrupp-victim-of-cyber-attack/a-36695341", "https://www.dw.com/en/thyssenkrupp-victim-of-cyber-attack/a-36695341",
"https://www.bleepingcomputer.com/news/security/teamviewer-confirms-undisclosed-breach-from-2016/", "https://www.bleepingcomputer.com/news/security/teamviewer-confirms-undisclosed-breach-from-2016/",
@ -834,7 +834,7 @@
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf", "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf",
"https://blog.trendmicro.com/trendlabs-security-intelligence/bkdr_rarstone-new-rat-to-watch-out-for/", "https://blog.trendmicro.com/trendlabs-security-intelligence/bkdr_rarstone-new-rat-to-watch-out-for/",
"https://securelist.com/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/69567/", "https://securelist.com/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/69567/",
"https://threatconnect.com/tag/naikon/", "https://threatconnect.com/blog/tag/naikon/",
"https://attack.mitre.org/groups/G0019/" "https://attack.mitre.org/groups/G0019/"
], ],
"synonyms": [ "synonyms": [
@ -2070,7 +2070,7 @@
"https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing", "https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing",
"https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf", "https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf",
"http://www.clearskysec.com/thamar-reservoir/", "http://www.clearskysec.com/thamar-reservoir/",
"https://citizenlab.org/2015/08/iran_two_factor_phishing/", "https://citizenlab.ca/2015/08/iran_two_factor_phishing/",
"https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf", "https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf",
"https://www.symantec.com/connect/blogs/shamoon-multi-staged-destructive-attacks-limited-specific-targets", "https://www.symantec.com/connect/blogs/shamoon-multi-staged-destructive-attacks-limited-specific-targets",
"https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/", "https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/",
@ -2380,10 +2380,9 @@
"https://www.wired.com/story/russian-fancy-bears-hackers-release-apparent-ioc-emails/", "https://www.wired.com/story/russian-fancy-bears-hackers-release-apparent-ioc-emails/",
"https://www.symantec.com/blogs/election-security/apt28-espionage-military-government", "https://www.symantec.com/blogs/election-security/apt28-espionage-military-government",
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/", "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/",
"https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code/",
"https://unit42.paloaltonetworks.com/unit42-sofacy-attacks-multiple-government-entities/", "https://unit42.paloaltonetworks.com/unit42-sofacy-attacks-multiple-government-entities/",
"https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/", "https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/",
"https://www.msn.com/en-au/news/world/russia-tried-to-hack-mh17-inquiry-system/ar-BBmmuuT", "https://www.msn.com/en-nz/news/world/russian-hackers-accused-of-targeting-un-chemical-weapons-watchdog-mh17-files/ar-BBNV2ny",
"https://unit42.paloaltonetworks.com/unit42-new-sofacy-attacks-against-us-government-agency/", "https://unit42.paloaltonetworks.com/unit42-new-sofacy-attacks-against-us-government-agency/",
"https://unit42.paloaltonetworks.com/unit42-let-ride-sofacy-groups-dealerschoice-attacks-continue/", "https://unit42.paloaltonetworks.com/unit42-let-ride-sofacy-groups-dealerschoice-attacks-continue/",
"https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/", "https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/",
@ -2647,7 +2646,6 @@
"http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans", "http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans",
"https://threatpost.com/energy-watering-hole-attack-used-lightsout-exploit-kit/104772/", "https://threatpost.com/energy-watering-hole-attack-used-lightsout-exploit-kit/104772/",
"https://www.cfr.org/interactive/cyber-operations/crouching-yeti", "https://www.cfr.org/interactive/cyber-operations/crouching-yeti",
"https://ssu.gov.ua/sbu/control/uk/publish/article?art_id=170951&cat_i=39574",
"https://www.reuters.com/article/us-ukraine-cyber-attack-energy-idUSKBN1521BA", "https://www.reuters.com/article/us-ukraine-cyber-attack-energy-idUSKBN1521BA",
"https://dragos.com/wp-content/uploads/CrashOverride-01.pdf", "https://dragos.com/wp-content/uploads/CrashOverride-01.pdf",
"https://www.independent.ie/irish-news/statesponsored-hackers-targeted-eirgrid-electricity-network-in-devious-attack-36005921.html", "https://www.independent.ie/irish-news/statesponsored-hackers-targeted-eirgrid-electricity-network-in-devious-attack-36005921.html",
@ -2811,10 +2809,9 @@
"motive": "Cybercrime", "motive": "Cybercrime",
"refs": [ "refs": [
"https://en.wikipedia.org/wiki/Carbanak", "https://en.wikipedia.org/wiki/Carbanak",
"https://securelist.com/files/2015/02/Carbanak_APT_eng.pdf", "https://app.box.com/s/p7qzcury97tuwk26694uutujwqmwqyhe",
"http://2014.zeronights.ru/assets/files/slides/ivanovb-zeronights.pdf", "http://2014.zeronights.ru/assets/files/slides/ivanovb-zeronights.pdf",
"https://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks", "https://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks",
"https://blog.cyber4sight.com/2017/04/similarities-between-carbanak-and-fin7-malware-suggest-actors-are-closely-related/",
"https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor", "https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor",
"https://www.icebrg.io/blog/footprints-of-fin7-tracking-actor-patterns", "https://www.icebrg.io/blog/footprints-of-fin7-tracking-actor-patterns",
"https://www.crowdstrike.com/blog/arrests-put-new-focus-on-carbon-spider-adversary-group/", "https://www.crowdstrike.com/blog/arrests-put-new-focus-on-carbon-spider-adversary-group/",
@ -3181,7 +3178,7 @@
"attribution-confidence": "50", "attribution-confidence": "50",
"country": "TN", "country": "TN",
"refs": [ "refs": [
"https://www.crowdstrike.com/blog/regional-conflict-and-cyber-blowback/" "https://web.archive.org/web/20160315044507/https://www.crowdstrike.com/blog/regional-conflict-and-cyber-blowback/"
], ],
"synonyms": [ "synonyms": [
"TunisianCyberArmy" "TunisianCyberArmy"
@ -3270,7 +3267,6 @@
"https://unit42.paloaltonetworks.com/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe", "https://unit42.paloaltonetworks.com/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe",
"https://mkd-cirt.mk/wp-content/uploads/2018/08/20181009_3_1_M-Trends2018-May-2018-compressed.pdf", "https://mkd-cirt.mk/wp-content/uploads/2018/08/20181009_3_1_M-Trends2018-May-2018-compressed.pdf",
"https://nciipc.gov.in/documents/NCIIPC_Newsletter_July18.pdf", "https://nciipc.gov.in/documents/NCIIPC_Newsletter_July18.pdf",
"https://aisa.org.au//PDF/AISA%20Sydney%20-%20Dec2016.pdf",
"https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officials", "https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officials",
"https://s.tencent.com/research/report/669.html", "https://s.tencent.com/research/report/669.html",
"https://www.fireeye.com/blog/threat-research/2016/06/apt_group_sends_spea.html" "https://www.fireeye.com/blog/threat-research/2016/06/apt_group_sends_spea.html"
@ -3312,7 +3308,7 @@
"cfr-type-of-incident": "Espionage", "cfr-type-of-incident": "Espionage",
"country": "AE", "country": "AE",
"refs": [ "refs": [
"https://citizenlab.org/2016/05/stealth-falcon/", "https://citizenlab.ca/2016/05/stealth-falcon/",
"https://www.cfr.org/interactive/cyber-operations/stealth-falcon", "https://www.cfr.org/interactive/cyber-operations/stealth-falcon",
"https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/", "https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/",
"https://attack.mitre.org/groups/G0038/" "https://attack.mitre.org/groups/G0038/"
@ -3396,7 +3392,7 @@
"country": "IN", "country": "IN",
"refs": [ "refs": [
"http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries", "http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries",
"https://blogs.forcepoint.com/security-labs/monsoon-analysis-apt-campaign", "https://www.forcepoint.com/blog/x-labs/monsoon-analysis-apt-campaign",
"https://www.cymmetria.com/patchwork-targeted-attack/", "https://www.cymmetria.com/patchwork-targeted-attack/",
"https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf", "https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf",
"https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/", "https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/",
@ -3495,7 +3491,7 @@
"refs": [ "refs": [
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf", "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf",
"https://attack.mitre.org/wiki/Groups", "https://attack.mitre.org/wiki/Groups",
"https://blogs.forcepoint.com/security-labs/trojanized-adobe-installer-used-install-dragonok%E2%80%99s-new-custom-backdoor", "https://www.forcepoint.com/de/blog/x-labs/trojanized-adobe-installer-used-install-dragonok-s-new-custom-backdoor",
"http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoor", "http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoor",
"https://www.cfr.org/interactive/cyber-operations/moafee", "https://www.cfr.org/interactive/cyber-operations/moafee",
"https://unit42.paloaltonetworks.com/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/", "https://unit42.paloaltonetworks.com/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/",
@ -3836,7 +3832,7 @@
"https://pan-unit42.github.io/playbook_viewer/", "https://pan-unit42.github.io/playbook_viewer/",
"https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html", "https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html",
"https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html", "https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html",
"https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdf", "https://www.gov.il/BlobFolder/reports/attack_il/he/CERT-IL-ALERT-W-120.pdf",
"https://www.forbes.com/sites/thomasbrewster/2017/02/15/oilrig-iran-hackers-cyberespionage-us-turkey-saudi-arabia/#56749aa2468a", "https://www.forbes.com/sites/thomasbrewster/2017/02/15/oilrig-iran-hackers-cyberespionage-us-turkey-saudi-arabia/#56749aa2468a",
"https://raw.githubusercontent.com/pan-unit42/playbook_viewer/master/playbook_json/oilrig.json", "https://raw.githubusercontent.com/pan-unit42/playbook_viewer/master/playbook_json/oilrig.json",
"https://www.cfr.org/interactive/cyber-operations/oilrig", "https://www.cfr.org/interactive/cyber-operations/oilrig",
@ -3944,7 +3940,7 @@
"description": "Beginning in late 2012, a carefully orchestrated attack campaign we call Volatile Cedar has been targeting individuals, companies and institutions worldwide. This campaign, led by a persistent attacker group, has successfully penetrated a large number of targets using various attack techniques, and specifically, a custom-made malware implant codenamed Explosive .", "description": "Beginning in late 2012, a carefully orchestrated attack campaign we call Volatile Cedar has been targeting individuals, companies and institutions worldwide. This campaign, led by a persistent attacker group, has successfully penetrated a large number of targets using various attack techniques, and specifically, a custom-made malware implant codenamed Explosive .",
"meta": { "meta": {
"refs": [ "refs": [
"https://www.checkpoint.com/downloads/volatile-cedar-technical-report.pdf", "https://blog.checkpoint.com/2015/03/31/volatilecedar/",
"https://blog.checkpoint.com/2015/06/09/new-data-volatile-cedar/", "https://blog.checkpoint.com/2015/06/09/new-data-volatile-cedar/",
"https://securelist.com/sinkholing-volatile-cedar-dga-infrastructure/69421/" "https://securelist.com/sinkholing-volatile-cedar-dga-infrastructure/69421/"
], ],
@ -3998,11 +3994,10 @@
"https://middle-east-online.com/en/cyber-war-gaza-hackers-deface-israel-fire-service-website", "https://middle-east-online.com/en/cyber-war-gaza-hackers-deface-israel-fire-service-website",
"https://www.fireeye.com/blog/threat-research/2014/06/molerats-here-for-spring.html", "https://www.fireeye.com/blog/threat-research/2014/06/molerats-here-for-spring.html",
"https://pwc.blogs.com/cyber_security_updates/2015/04/attacks-against-israeli-palestinian-interests.html", "https://pwc.blogs.com/cyber_security_updates/2015/04/attacks-against-israeli-palestinian-interests.html",
"https://blog.vectra.ai/blog/moonlight-middle-east-targeted-attacks", "https://www.vectra.ai/blogpost/moonlight-middle-east-targeted-attacks",
"https://securelist.com/gaza-cybergang-wheres-your-ir-team/72283/", "https://securelist.com/gaza-cybergang-wheres-your-ir-team/72283/",
"https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf", "https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf",
"https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf", "https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf",
"https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26760/en_US/McAfee_Labs_Threat_Advisory_GazaCybergang.pdf",
"https://securelist.com/gaza-cybergang-updated-2017-activity/82765/", "https://securelist.com/gaza-cybergang-updated-2017-activity/82765/",
"https://www.kaspersky.com/blog/gaza-cybergang/26363/", "https://www.kaspersky.com/blog/gaza-cybergang/26363/",
"https://attack.mitre.org/groups/G0021/" "https://attack.mitre.org/groups/G0021/"
@ -4092,7 +4087,7 @@
"description": "A threat group that has been active for at least seven years has used malware, phishing and disinformation tactics to target activists, journalists, politicians and public figures in various Latin American countries. The threat actor, dubbed Packrat based on its preference for remote access Trojans (RATs) and because it has used the same infrastructure for several years, has been analyzed by Citizen Lab researchers John Scott-Railton, Morgan Marquis-Boire, and Claudio Guarnieri, and Cyphort researcher Marion Marschalek, best known for her extensive analysis of state-sponsored threats.", "description": "A threat group that has been active for at least seven years has used malware, phishing and disinformation tactics to target activists, journalists, politicians and public figures in various Latin American countries. The threat actor, dubbed Packrat based on its preference for remote access Trojans (RATs) and because it has used the same infrastructure for several years, has been analyzed by Citizen Lab researchers John Scott-Railton, Morgan Marquis-Boire, and Claudio Guarnieri, and Cyphort researcher Marion Marschalek, best known for her extensive analysis of state-sponsored threats.",
"meta": { "meta": {
"refs": [ "refs": [
"https://citizenlab.org/2015/12/packrat-report/" "https://citizenlab.ca/2015/12/packrat-report/"
] ]
}, },
"uuid": "fe344665-d153-4d31-a32a-1509efde1ca7", "uuid": "fe344665-d153-4d31-a32a-1509efde1ca7",
@ -4937,7 +4932,7 @@
"attribution-confidence": "50", "attribution-confidence": "50",
"country": "KP", "country": "KP",
"refs": [ "refs": [
"https://www.isightpartners.com/2016/02/threatscape-media-highlights-update-week-of-february-17th/" "https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html"
] ]
}, },
"uuid": "73c636ae-e55c-4167-bf40-315789698adb", "uuid": "73c636ae-e55c-4167-bf40-315789698adb",
@ -4964,7 +4959,6 @@
"country": "CN", "country": "CN",
"refs": [ "refs": [
"https://blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-information-stealing-adversary/", "https://blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-information-stealing-adversary/",
"https://www.threatconnect.com/china-superman-apt/",
"https://www.cfr.org/interactive/cyber-operations/mofang", "https://www.cfr.org/interactive/cyber-operations/mofang",
"https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf" "https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf"
], ],
@ -4995,7 +4989,7 @@
"country": "IR", "country": "IR",
"refs": [ "refs": [
"https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf", "https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf",
"https://blog.domaintools.com/2017/03/hunt-case-study-hunting-campaign-indicators-on-privacy-protected-attack-infrastructure/", "https://www.domaintools.com/resources/blog/case-study-hunting-campaign-indicators-on-privacy-protected-attack-infrastr",
"http://www.clearskysec.com/copykitten-jpost/", "http://www.clearskysec.com/copykitten-jpost/",
"http://www.clearskysec.com/tulip/", "http://www.clearskysec.com/tulip/",
"https://www.cfr.org/interactive/cyber-operations/copykittens", "https://www.cfr.org/interactive/cyber-operations/copykittens",
@ -5345,7 +5339,7 @@
{ {
"meta": { "meta": {
"refs": [ "refs": [
"https://www.rsaconference.com/writable/presentations/file_upload/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries_final.pdf" "https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf"
] ]
}, },
"uuid": "e85ab78c-5e86-403c-b444-9cdcc167fb77", "uuid": "e85ab78c-5e86-403c-b444-9cdcc167fb77",
@ -5385,7 +5379,7 @@
"attribution-confidence": "50", "attribution-confidence": "50",
"country": "CN", "country": "CN",
"refs": [ "refs": [
"https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-2015-08-Uncovering-the-Seven-Pointed-Dagger.pdf", "https://app.box.com/s/z1uanuv1vn3vw5iket1r6bqrmlra0gpn",
"https://news.softpedia.com/news/trochilus-rat-evades-antivirus-detection-used-for-cyber-espionage-in-south-east-asia-498776.shtml", "https://news.softpedia.com/news/trochilus-rat-evades-antivirus-detection-used-for-cyber-espionage-in-south-east-asia-498776.shtml",
"https://unit42.paloaltonetworks.com/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/" "https://unit42.paloaltonetworks.com/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/"
] ]
@ -5439,11 +5433,9 @@
"http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf", "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf",
"http://securityaffairs.co/wordpress/33785/cyber-crime/arid-viper-israel-sex-video.html", "http://securityaffairs.co/wordpress/33785/cyber-crime/arid-viper-israel-sex-video.html",
"https://securelist.com/blog/research/68817/the-desert-falcons-targeted-attacks/", "https://securelist.com/blog/research/68817/the-desert-falcons-targeted-attacks/",
"https://ti.360.com/upload/report/file/APTSWXLVJ8fnjoxck.pdf",
"https://blog.lookout.com/blog/2017/02/16/viperrat-mobile-apt/", "https://blog.lookout.com/blog/2017/02/16/viperrat-mobile-apt/",
"https://securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-strongest-chain/", "https://securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-strongest-chain/",
"https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-Back-Into-View", "https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-Back-Into-View",
"https://www.ci-project.org/blog/2017/3/4/arid-viper",
"http://blog.talosintelligence.com/2017/06/palestine-delphi.html", "http://blog.talosintelligence.com/2017/06/palestine-delphi.html",
"https://www.threatconnect.com/blog/kasperagent-malware-campaign/", "https://www.threatconnect.com/blog/kasperagent-malware-campaign/",
"https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/sexually-explicit-material-used-as-lures-in-cyber-attacks?linkId=12425812", "https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/sexually-explicit-material-used-as-lures-in-cyber-attacks?linkId=12425812",
@ -5514,7 +5506,7 @@
"country": "RU", "country": "RU",
"refs": [ "refs": [
"https://securelist.com/introducing-whitebear/81638/", "https://securelist.com/introducing-whitebear/81638/",
"https://www.cfr.org/interactive/cyber-operations/whitebears" "https://www.cfr.org/interactive/cyber-operations/whitebear"
], ],
"synonyms": [ "synonyms": [
"Skipper Turla" "Skipper Turla"
@ -5539,7 +5531,7 @@
"attribution-confidence": "50", "attribution-confidence": "50",
"country": "CN", "country": "CN",
"refs": [ "refs": [
"https://www.isightpartners.com/2016/02/threatscape-media-highlights-update-week-of-february-17th/" "http://en.hackdig.com/02/39538.htm"
] ]
}, },
"uuid": "110792e8-38d2-4df2-9ea3-08b60321e994", "uuid": "110792e8-38d2-4df2-9ea3-08b60321e994",
@ -5638,7 +5630,6 @@
"meta": { "meta": {
"refs": [ "refs": [
"https://www.bleepingcomputer.com/news/security/moneytaker-hacker-group-steals-millions-from-us-and-russian-banks/", "https://www.bleepingcomputer.com/news/security/moneytaker-hacker-group-steals-millions-from-us-and-russian-banks/",
"https://www.group-ib.com/resources/reports/money-taker.html",
"https://www.group-ib.com/blog/moneytaker" "https://www.group-ib.com/blog/moneytaker"
] ]
}, },
@ -5650,7 +5641,7 @@
"meta": { "meta": {
"refs": [ "refs": [
"https://securelist.com/a-simple-example-of-a-complex-cyberattack/82636/", "https://securelist.com/a-simple-example-of-a-complex-cyberattack/82636/",
"https://cdn.securelist.com/files/2017/09/Microcin_Technical_4PDF_eng_final_s.pdf" "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170759/Microcin_Technical_4PDF_eng_final_s.pdf"
] ]
}, },
"uuid": "0a6b31cd-54cd-4f82-9b87-aab780604632", "uuid": "0a6b31cd-54cd-4f82-9b87-aab780604632",
@ -5766,7 +5757,7 @@
"refs": [ "refs": [
"https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets", "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets",
"https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html", "https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html",
"https://www.cfr.org/interactive/cyber-operations/leviathan", "https://www.cfr.org/interactive/cyber-operations/apt-40",
"https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html", "https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html",
"https://www.recordedfuture.com/chinese-threat-actor-tempperiscope/", "https://www.recordedfuture.com/chinese-threat-actor-tempperiscope/",
"https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html", "https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html",
@ -6134,7 +6125,7 @@
"description": "ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind ZooPark infect Android devices using several generations of malware we label from v1-v4, with v4 being the most recent version deployed in 2017.", "description": "ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind ZooPark infect Android devices using several generations of malware we label from v1-v4, with v4 being the most recent version deployed in 2017.",
"meta": { "meta": {
"refs": [ "refs": [
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/05/03095519/ZooPark_for_public_final.pdf" "https://securelist.com/whos-who-in-the-zoo/85394/"
] ]
}, },
"uuid": "4defbf2e-4f73-11e8-807f-578d61da7568", "uuid": "4defbf2e-4f73-11e8-807f-578d61da7568",
@ -6420,7 +6411,7 @@
"refs": [ "refs": [
"https://www.cfr.org/interactive/cyber-operations/inception-framework", "https://www.cfr.org/interactive/cyber-operations/inception-framework",
"https://www.symantec.com/connect/blogs/blue-coat-exposes-inception-framework-very-sophisticated-layered-malware-attack-targeted-milit", "https://www.symantec.com/connect/blogs/blue-coat-exposes-inception-framework-very-sophisticated-layered-malware-attack-targeted-milit",
"https://securelist.com/red-october-diplomatic-cyber-attacks-investigation/36740/%238", "https://securelist.com/red-october-diplomatic-cyber-attacks-investigation/36740/",
"https://www.symantec.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies", "https://www.symantec.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies",
"https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/", "https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/",
"https://www.akamai.com/uk/en/multimedia/documents/white-paper/upnproxy-blackhat-proxies-via-nat-injections-white-paper.pdf" "https://www.akamai.com/uk/en/multimedia/documents/white-paper/upnproxy-blackhat-proxies-via-nat-injections-white-paper.pdf"
@ -7237,7 +7228,6 @@
"attribution-confidence": "10", "attribution-confidence": "10",
"country": "IR", "country": "IR",
"refs": [ "refs": [
"https://resecurity.com/blog/parliament_races/",
"https://www.nbcnews.com/politics/national-security/iranian-backed-hackers-stole-data-major-u-s-government-contractor-n980986", "https://www.nbcnews.com/politics/national-security/iranian-backed-hackers-stole-data-major-u-s-government-contractor-n980986",
"https://threatpost.com/ranian-apt-6tb-data-citrix/142688/", "https://threatpost.com/ranian-apt-6tb-data-citrix/142688/",
"https://hub.packtpub.com/resecurity-reports-iriduim-behind-citrix-data-breach-200-government-agencies-oil-and-gas-companies-and-technology-companies-also-targeted/" "https://hub.packtpub.com/resecurity-reports-iriduim-behind-citrix-data-breach-200-government-agencies-oil-and-gas-companies-and-technology-companies-also-targeted/"