From f4b63d4514e4df3423987a1342eaa09cee4b1c6d Mon Sep 17 00:00:00 2001 From: Rony Date: Tue, 16 Aug 2022 10:30:33 +0530 Subject: [PATCH] updates to tianwu --- clusters/threat-actor.json | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index fd0711b..2b6a3fb 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -10013,12 +10013,29 @@ "meta": { "attribution-confidence": "75", "cfr-suspected-state-sponsor": "China", + "cfr-suspected-victims": [ + "China", + "Hong Kong", + "Kazakhstan", + "Taiwan", + "Philippines" + ], "cfr-target-category": [ - "Private Sector" + "Private Sector", + "Gambling companies", + "Gaming", + "Information technology", + "Telecommunications", + "Government", + "Transportation systems", + "Dissident" ], "country": "CN", "refs": [ - "https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf" + "https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf", + "https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-LeonSilvia-NextGenPlugXShadowPad.pdf", + "https://decoded.avast.io/luigicamastra/operation-dragon-castling-apt-group-targeting-betting-companies", + "https://github.com/avast/ioc/tree/master/OperationDragonCastling" ] }, "uuid": "a3831248-5e2f-492d-8bb6-5e82c2f6481d", @@ -10033,7 +10050,6 @@ ], "country": "CN", "refs": [ - "https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-LeonSilvia-NextGenPlugXShadowPad.pdf", "https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf" ] },