From 73eb11fedd02f936cdfdfe12b3c050c42fcaf334 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Mon, 12 Mar 2018 10:44:57 +0100 Subject: [PATCH 1/5] update Mirage Threat actor --- clusters/threat-actor.json | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index c91c51c..ae1554e 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -523,14 +523,17 @@ "GREF", "Playful Dragon", "APT 15", + "APT15", "Metushy", "Lurid", - "Social Network Team" + "Social Network Team", + "Royal APT" ], "country": "CN", "refs": [ "https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backdoor-now-on-os-x.html", - "http://arstechnica.com/security/2015/04/elite-cyber-crime-group-strikes-back-after-attack-by-rival-apt-gang/" + "http://arstechnica.com/security/2015/04/elite-cyber-crime-group-strikes-back-after-attack-by-rival-apt-gang/", + "https://github.com/nccgroup/Royal_APT" ] }, "value": "Mirage", From 4aa73942e7b97e24ca7ecc2770eb7ce91f6ec8c5 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Mon, 12 Mar 2018 11:46:04 +0100 Subject: [PATCH 2/5] add ref for BS2005 --- clusters/tool.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/clusters/tool.json b/clusters/tool.json index 5cea33b..f5dc606 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -10,7 +10,7 @@ ], "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", - "version": 55, + "version": 56, "values": [ { "meta": { @@ -1138,6 +1138,9 @@ "Hoarde", "Phindolp", "BS2005" + ], + "refs":[ + "https://github.com/nccgroup/Royal_APT" ] }, "value": "Hoardy", From e3c6e7e23875223778820fe0ce79b90a78d65ad6 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Mon, 12 Mar 2018 11:52:51 +0100 Subject: [PATCH 3/5] add missing uuid --- clusters/tool.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/clusters/tool.json b/clusters/tool.json index f5dc606..54fbad3 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -3842,7 +3842,8 @@ "refs": [ "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20group%20using%20Neuron%20and%20Nautilus%20tools%20alongside%20Snake%20malware_0.pdf" ] - } + }, + "uuid": "5c2eeaec-25e3-11e8-9d28-7f64aba5b173" }, { "value": "Nautilus", @@ -3851,7 +3852,8 @@ "refs": [ "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20group%20using%20Neuron%20and%20Nautilus%20tools%20alongside%20Snake%20malware_0.pdf" ] - } + }, + "uuid": "73cb7ecc-25e3-11e8-a97b-c35ec4e7dcf8" } ] } From e6a703e359bd3b4934e8455ec6da23511d00e36e Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Mon, 12 Mar 2018 11:53:06 +0100 Subject: [PATCH 4/5] jq --- clusters/tool.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/tool.json b/clusters/tool.json index 54fbad3..ee6d68a 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -1139,7 +1139,7 @@ "Phindolp", "BS2005" ], - "refs":[ + "refs": [ "https://github.com/nccgroup/Royal_APT" ] }, From 5fa09c0962bcf50a243e5712f76b3e98b9b9a1aa Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Mon, 12 Mar 2018 11:54:29 +0100 Subject: [PATCH 5/5] update version --- clusters/threat-actor.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index ae1554e..39ffe8e 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -2491,5 +2491,5 @@ ], "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "uuid": "7cdff317-a673-4474-84ec-4f1754947823", - "version": 34 + "version": 35 }