Merge pull request #167 from Delta-Sierra/master

update some clusters
2024-11-26 16:57:18 +00:00 · 2018-03-12 11:57:35 +01:00 · 2018-03-12 11:57:35 +01:00 · f0655587a5
commit f0655587a5
parent 41ee336099 5fa09c0962
2 changed files with 14 additions and 6 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -523,14 +523,17 @@
          "GREF",
          "Playful Dragon",
          "APT 15",
+          "APT15",
          "Metushy",
          "Lurid",
-          "Social Network Team"
+          "Social Network Team",
+          "Royal APT"
        ],
        "country": "CN",
        "refs": [
          "https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backdoor-now-on-os-x.html",
-          "http://arstechnica.com/security/2015/04/elite-cyber-crime-group-strikes-back-after-attack-by-rival-apt-gang/"
+          "http://arstechnica.com/security/2015/04/elite-cyber-crime-group-strikes-back-after-attack-by-rival-apt-gang/",
+          "https://github.com/nccgroup/Royal_APT"
        ]
      },
      "value": "Mirage",
@ -2488,5 +2491,5 @@
  ],
  "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
  "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 34
+  "version": 35
 }
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -10,7 +10,7 @@
  ],
  "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
  "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
-  "version": 55,
+  "version": 56,
  "values": [
    {
      "meta": {
@ -1138,6 +1138,9 @@
          "Hoarde",
          "Phindolp",
          "BS2005"
+        ],
+        "refs": [
+          "https://github.com/nccgroup/Royal_APT"
        ]
      },
      "value": "Hoardy",
@ -3839,7 +3842,8 @@
        "refs": [
          "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20group%20using%20Neuron%20and%20Nautilus%20tools%20alongside%20Snake%20malware_0.pdf"
        ]
-      }
+      },
+      "uuid": "5c2eeaec-25e3-11e8-9d28-7f64aba5b173"
    },
    {
      "value": "Nautilus",
@ -3848,7 +3852,8 @@
        "refs": [
          "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20group%20using%20Neuron%20and%20Nautilus%20tools%20alongside%20Snake%20malware_0.pdf"
        ]
-      }
+      },
+      "uuid": "73cb7ecc-25e3-11e8-a97b-c35ec4e7dcf8"
    }
  ]
 }